A clear breakdown of what data Standard Compute collects, what it does not collect, how long it is kept, and your rights over it.
Standard Compute stores the minimum data necessary to operate the service. This includes your email address (used for authentication and account communications), encrypted API keys and their corresponding HMAC hashes, basic account metadata such as your plan type and subscription status, and usage counters that track request volume and token consumption at the account level.
We also store timestamps for account creation, last login, API key creation, and last API key usage. These timestamps support security auditing and fair-use enforcement.
We do not store, log, or retain the content of prompts you send to the API or the responses generated by upstream LLM providers. Prompt and response payloads pass through our routing layer in memory and are discarded as soon as the response is delivered to your client.
We do not store IP addresses beyond the duration of a single request. We do not build user profiles, track browsing behaviour across third-party sites, or maintain any form of advertising identifier. There are no analytics cookies or third-party tracking scripts on our website or dashboard.
Account data (email, encrypted keys, plan information) is retained for as long as your account is active. If you delete your account, all associated data is permanently removed from our primary database within 24 hours.
Automated database backups may retain deleted data for up to 30 days after account deletion. After that window, the data is purged from all backup systems.
Aggregated, anonymised usage statistics (for example, total platform request volume per day) are retained indefinitely for capacity planning. These statistics cannot be linked back to any individual account.
You can delete your account and all associated data at any time from the Dashboard under Settings > Account > Delete Account. This action is immediate and irreversible — all API keys are invalidated, all usage data is removed, and any active subscription is cancelled.
If you prefer a targeted deletion — for example, revoking a single API key without closing your account — you can do so from the API Keys section of the Dashboard. Revoked keys are cryptographically invalidated and their encrypted material is deleted within 24 hours.
If you need assistance with a data deletion request or want to verify that deletion has been completed, contact us at contact@standardcompute.com.
Standard Compute processes personal data (your email address and account metadata) as a data controller under the General Data Protection Regulation (GDPR). Our lawful basis for processing is contractual necessity — we need your email to create your account and deliver the service you signed up for.
You have the right to access your data, rectify inaccuracies, request erasure, restrict processing, and receive your data in a portable format. All of these rights can be exercised from the Dashboard or by emailing contact@standardcompute.com. We respond to data subject requests within 30 days.
We do not transfer personal data outside the European Economic Area except to sub-processors listed below, each of which maintains appropriate safeguards (Standard Contractual Clauses or equivalent mechanisms).
Supabase — provides authentication, database hosting, and row-level security enforcement. Supabase processes your email address and stores your encrypted API keys on our behalf. Supabase's infrastructure runs on AWS in the EU (eu-central-1) for our deployment.
Upstream LLM providers (OpenAI, Anthropic, Google) — receive prompt payloads and return model responses in real time. These providers process data only for the duration of the inference request and, under their current API terms, do not use API traffic for model training. We do not send your email address or account metadata to upstream providers.
Stripe — processes subscription payments. Stripe receives your email address and payment method details. Standard Compute does not store credit card numbers or bank account information.
If we add a new sub-processor, we will update this page and notify active accounts via email at least 14 days before the new sub-processor begins processing data.