Policy

Privacy Policy

Last updated: May 2026

Overview

LatentKit is a product operated by PremiumX FZ-LLC, a company registered in the United Arab Emirates (“we”, “us”). We run websites at latentkit.com and related subdomains, the LatentKit platform (including API and console experiences), and related offerings such as browser extensions. This policy describes what we collect, why, and your choices.

Information we process

  • Platform usage: When you use LatentKit APIs or the console, we process account data, configuration (such as routing policies, provider connections, and keys you store), request metadata, usage records, billing records, and operational logs needed to run the service and secure your account.
  • Provider credentials: If you use BYOK, we process provider credentials you submit so the gateway can route requests through your selected providers. Saved provider credentials are stored encrypted in Supabase Vault, are not logged, and are not displayed back in the product after saving.
  • API request content: Depending on the endpoint and your policy, requests may include prompts, messages, images, files, embeddings input, audio, or other content you choose to send through LatentKit. We process this content to route the request, apply controls, return responses, and create operational traces where enabled.
  • Extension usage (where applicable): For certain browser extensions, content you choose to send (for example quiz page text or confirmed screenshots) may be transmitted to our backend and forwarded to the AI providers you or we configure, consistent with the product’s in-app disclosures.
  • License & trials: We may store device or session signals to bind licenses and enforce trial or rate limits.
  • Payments: Payments are processed by Stripe. We receive payment status and customer email as needed to fulfill your purchase, not your full card details.
  • Website: Standard server and analytics logs may include IP address, user agent, and pages visited.

AI providers

We use third-party AI APIs (such as Anthropic, OpenAI, Google, Mistral, xAI, OpenRouter, or other providers, depending on configuration) to process allowed requests. Those providers process request content and metadata under their own terms. BYOK traffic uses your provider account. Platform Access traffic uses LatentKit-managed provider access where available.

Credential security

BYOK provider credentials are encrypted at rest in Supabase Vault. The console does not reveal saved provider credentials after creation; workspace users can rotate, disable, or delete provider connections. The gateway must resolve credentials server-side to fulfill authorized provider requests, so LatentKit is not a zero-knowledge credential manager. Decrypted access is restricted to production runtime and privileged operational access.

Retention

We retain account, license, billing, audit, and tax records as needed for legal and operational purposes. Request logs, traces, and usage records are retained according to workspace plan limits and operational settings. Security, abuse-prevention, and incident records may be kept longer where needed to protect platform integrity or comply with law.

Service providers

We use service providers to operate LatentKit, including hosting, database, payments, email, analytics, support, security, and AI-provider infrastructure. These providers process data only as needed to provide their services to us and are expected to protect data under their own applicable commitments.

Your rights

Depending on where you live, you may have rights to access, correct, or delete personal data. Email info@latentkit.com or support@latentkit.com.

Contact

Questions about this policy: info@latentkit.com · support@latentkit.com · Billing: billing@latentkit.com