Privacy Policy

Last Updated: May 23, 2026

This Privacy Policy explains how Zerith LLC, a Wyoming, United States limited liability company ("Zerith," "we," "us," or "our"), collects, uses, shares, and protects information in connection with the laobai.dev website, the API gateway at api.laobai.dev, the user console, and related services (collectively, the "Service").

This Policy is incorporated into our Terms of Service. By using the Service, you agree to the practices described here. If you do not agree, do not use the Service.

1. Who We Are

Zerith operates an AI API gateway that proxies your requests to third-party upstream AI model providers (such as OpenAI, Anthropic, Google, DeepSeek, Alibaba (Qwen), Mistral, Meta, and Cohere) and returns their responses through a unified interface. For the personal data we process to operate the Service, Zerith LLC is the data controller. The upstream providers and our payment processors are independent controllers for the data they receive.

2. Information We Collect

2.1 Information you provide.

Account information: your email address and username. Passwords are stored only as salted, hashed values; we never store them in plain text.
Profile and support information: any information you include when you contact us (for example at support@laobai.dev) or update in your console.
Payment information: when you purchase a balance, our third-party payment processor collects and processes your payment details. We receive order records (such as amount, currency, date, and status); we do not receive or store your full payment card number.

2.2 Information collected automatically when you use the Service.

API usage metadata: for every request, we log metadata such as the model used, prompt and completion token counts, quota/credits consumed, timestamps, request status, the API key used, and the upstream channel. This is essential to meter usage and bill accurately.
Technical and device data: IP address, user agent, and similar request headers, used for security, rate limiting, abuse prevention, and troubleshooting.
Cookies and local storage: we use strictly necessary cookies and local storage to keep you signed in and to operate the console. See Section 8.

2.3 Request and response content (prompts and completions).

Depending on the Service's configuration, the content of your API requests and responses — including the prompts you send and the completions returned — may be logged and retained for a limited period. Where enabled, we use this content to operate, debug, monitor, and secure the Service, to investigate and prevent abuse and fraud, to support you, and to comply with law and upstream provider requirements. We do not use this content to train our own models. Except under the optional Data Sharing Program described in Section 5 — which applies only to users who expressly opt in — we do not sell, or share with third parties for their own purposes, the content of your requests and responses. You should not submit data through the Service that you are not permitted to disclose.

3. How We Use Information

We use the information described above to:

provide, operate, route, and maintain the Service, and forward your requests to upstream providers;
meter usage and process billing, top-ups, and refunds;
authenticate you, secure accounts, and prevent fraud, abuse, and security incidents;
enforce rate limits, quotas, our Terms, and the Acceptable Use Policy;
debug, troubleshoot, analyze, and improve the reliability and performance of the Service;
communicate with you about your account, transactions, security, and service changes;
comply with legal obligations and respond to lawful requests.

Legal bases (where GDPR/UK GDPR applies): performance of our contract with you (providing the Service and billing); our legitimate interests (security, abuse prevention, operating and improving the Service); compliance with legal obligations; and, where required, your consent.

Other than through the optional Data Sharing Program described in Section 5 — which applies only if you affirmatively opt in — we do not sell your personal information. We share information as follows:

Recipient	Purpose	What is shared
Upstream AI providers (OpenAI, Anthropic, Google, DeepSeek, Alibaba, Mistral, Meta, Cohere, and others)	Fulfilling your API requests	The content of your requests (prompts, parameters) and related metadata, forwarded to the provider you target. Each provider processes this under its own terms and privacy policy.
Data-sharing partners (only if you opt in to the Data Sharing Program in Section 5)	Training, evaluating, and improving AI/ML models	The de-identified content of requests and responses you route through the discounted data-sharing model group while the Program is enabled. See Section 5.
Payment processors	Processing purchases and refunds	Payment and order information you provide to them directly; we receive only order records.
Hosting and infrastructure providers	Running the Service (servers, storage, databases, CDN)	Data necessary to host and operate the Service, processed on our behalf.
Legal and safety recipients	Compliance and protection	Information disclosed where required by valid legal process, or where reasonably necessary to enforce our Terms, protect rights, safety, or property, or detect and prevent fraud or abuse.
Successors	Corporate transactions	Information may transfer in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

Because the Service forwards your prompts to upstream providers, the data you submit will be processed by those providers under their own policies. You are responsible for reviewing and complying with the privacy and usage terms of the providers you use.

We offer an optional, opt-in Data Sharing Program (the "Program") that lets you receive discounted pricing in exchange for permitting us to share the content of your API requests and responses, in de-identified form, with third parties (such as AI developers and research organizations) for the purpose of training, evaluating, and improving machine-learning models.

Participation is entirely voluntary and off by default. You join the Program only by affirmatively opting in — either by checking the separate, unticked Data Sharing box during registration or by enabling the Program later in your console settings — and by then choosing our discounted "data-sharing" model group for a given request. If you do not opt in, none of your content is shared under the Program and you continue to use the Service at standard pricing. Opting into the Program is separate from, and not required for, accepting our Terms of Service or this Privacy Policy.

What is shared. Only the content of requests and responses that you route through the discounted data-sharing model group while the Program is enabled on your account. Before sharing, we apply de-identification measures intended to remove direct identifiers (such as your account identifiers and detectable emails, phone numbers, and similar contact details) from the content. De-identification is not infallible: free-form text may still contain information capable of identifying you or other people, so you should not submit content you are not permitted to disclose (see also our Terms of Service).

What is not shared. We do not share your account credentials, passwords, API keys, payment information, or request metadata under the Program. Content you send through standard (non-discounted) model groups is never shared under the Program.

Financial incentive (California). The Program is a "financial incentive" under the CCPA/CPRA: in exchange for your consent to share the de-identified content described above, you receive discounted pricing on the data-sharing model group. Any price difference is reasonably related to the value of the data to us, which we estimate based on the incremental revenue we expect to receive from licensing de-identified content, net of the costs of operating the Program. We will not deny you the Service, charge you a different price for the standard service, or provide you a different level of standard service because you decline to participate.

Withdrawal. You can leave the Program at any time by disabling it in your console settings or by ceasing to use the data-sharing model group; we will stop sharing content generated after you withdraw. Content already shared with third parties before you withdraw cannot be recalled, deleted, or unwound, because it may already have been used to train or improve models. Withdrawal is therefore prospective only.

Where the Program is offered. The Program is not available to, and may not be enabled by, users located in the European Economic Area, the United Kingdom, Switzerland, or Brazil. We do not share content under the Program in respect of users located in those jurisdictions.

Rollout. We are introducing the Program in stages. We may record your participation choice and apply discounted pricing before the underlying content-sharing functionality is fully live; actual sharing of content begins only once that functionality is enabled, and remains governed by this Section.

6. Data Retention

We retain account information for as long as your account is active and as needed to provide the Service. We retain usage metadata and order records as long as necessary for billing, accounting, security, dispute resolution, and legal compliance. Where request/response content is logged, we retain it only for the limited period needed for the operational, security, and compliance purposes described in Section 2.3, after which it is deleted or anonymized, unless a longer period is required by law or to resolve a dispute or investigate abuse.

7. Data Security

We use technical and organizational measures appropriate to the nature of the data, including encryption in transit (HTTPS/TLS), hashed password storage, scoped API keys, access controls, and rate limiting. Your upstream provider credentials configured in the gateway are used only to route your requests and are not exposed to you or other users. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for protecting your account credentials and API keys.

8. Cookies and Tracking

We use only the cookies and local storage needed to operate the Service — primarily to maintain your authenticated session and console preferences. We do not use third-party advertising or cross-site tracking cookies. Because these cookies are strictly necessary for the Service to function, disabling them may prevent you from signing in or using the console.

9. International Data Transfers

We are based in the United States, and we and our service providers may process and store information in the United States and other countries. These countries may have data-protection laws different from those in your jurisdiction. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for international transfers. By using the Service, you understand that your information may be transferred to and processed in these locations.

10. Your Rights

Depending on where you live, you may have rights regarding your personal information, including the right to access, correct, delete, or export it, to object to or restrict certain processing, and to withdraw consent.

EEA/UK (GDPR): you have the rights described above and may lodge a complaint with your local supervisory authority. We do not use your personal data for automated decision-making with legal effects, and the optional Data Sharing Program described in Section 5 is not offered to users located in the European Economic Area, the United Kingdom, or Switzerland.
California (CCPA/CPRA): you have the right to know what personal information we collect and how we use and disclose it, to request access and deletion, to correct inaccurate information, to opt out of the "sale" or "sharing" of personal information, and to not be discriminated against for exercising these rights. We do not "share" personal information for cross-context behavioral advertising. We do not "sell" personal information except through the optional Data Sharing Program described in Section 5, which is off unless you opt in and which you can leave at any time; that Program is offered as a financial incentive as described in Section 5.

You can access and update much of your information directly in your console. To make any other request, contact us at privacy@laobai.dev. We will verify your identity before acting on a request and will respond within the timeframes required by applicable law. You may use an authorized agent where the law permits.

11. Children's Privacy

The Service is not intended for and may not be used by anyone under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us information, contact us at privacy@laobai.dev and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will revise the "Last Updated" date above and, for material changes, provide additional notice (such as by email or an in-console notice). Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.

13. Contact

For privacy questions or requests, contact:

Zerith LLC (operator of laobai.dev) Email: privacy@laobai.dev

Privacy Policy ​

1. Who We Are ​

2. Information We Collect ​

3. How We Use Information ​

4. How We Share Information ​

5. Optional Data Sharing Program for Discounted Pricing ​

6. Data Retention ​

7. Data Security ​

8. Cookies and Tracking ​

9. International Data Transfers ​

10. Your Rights ​

11. Children's Privacy ​

12. Changes to This Policy ​

13. Contact ​