Privacy Policy
Last updated: 2 July 2026
TYO Prism is a service of TYO Lab, an Australian business. TYO Prism is an LLM routing API: it forwards your requests to AI model providers you've connected, and meters the results. This policy explains what information we collect when you use the TYO Prism dashboard and API, how we use it, and the choices you have. By using TYO Prism you agree to this policy.
Information we collect
- Account details. When you sign in through TYO ID (
id.tyo.com.au, backed by our Strapi identity service), we receive your name and email address to create and identify your account. - Upstream API keys (BYOK). When you connect a provider — DeepSeek,
Qwen, Google, Kimi, GLM, OpenAI, Anthropic, a self-hosted Ollama endpoint,
or any OpenAI-compatible URL — we store the API key you give us
encrypted with AES-256-GCM. Once saved, no part of that key — not
even a prefix — is ever displayed again, including to you. (Your Prism
router API keys, which look like
tyr-…, are different: we do show a short identifying prefix for those in the dashboard so you can tell them apart.) - Request metadata. For every request routed through your Prism API key, we record metadata: token counts (input/output), which upstream handled it, actual and would-be cost, latency, and status. We do not store the content of your prompts or the model's responses — routing and metering only need the metadata above, not the conversation itself.
- Usage and plan data. We track your monthly request count against your plan's quota (1,000 requests/month on the free beta tier) so we can show usage in your dashboard and enforce the limit.
- Technical data. Standard information such as your IP address and connection metadata may be processed by our hosting providers to operate and secure the service.
Your prompts and responses
TYO Prism's job is to route your request to the upstream model you've
configured and return the result — it is not designed to retain the
content of that exchange. We do not log prompt or completion text for our
own purposes; we meter token counts, cost and latency only. Your prompts
and responses are, however, sent to and processed by the upstream provider
you selected (or that auto routing selected on your behalf) — that
provider's own privacy policy governs how they handle that content. When
you use model: "auto", Prism may also send a short excerpt of your
prompt (as part of a tiny, ≤5-token classification call) to your cheapest
tier-1 upstream to gauge request difficulty, regardless of which upstream
ultimately serves the response.
How we use your information
- To provide and maintain the service, including routing your requests and tracking usage against your plan's quota.
- To operate the dashboard — usage, cost and savings reporting.
- To communicate with you about your account and service-related matters.
- To detect, prevent and address abuse, security issues and technical problems.
- To meet our legal obligations.
Who we share it with
We do not sell your personal information. We share data only with the providers needed to run TYO Prism:
- The upstream AI providers you configure — your request content is sent to whichever provider (or self-hosted endpoint) you've added as an upstream, using your own API key.
- Google Cloud — hosting, storage and delivery of the service.
- TYO ID / Strapi — sign-in and account identity.
These providers process your information on our behalf (or, for upstream providers, on your instruction), and we limit what they receive to what they need.
Cookies
We use a small number of essential cookies — for example, to keep you signed in. We don't use them for advertising.
Data retention
We keep your account, encrypted upstream keys, and usage metadata for as long as your account is active, and as long afterwards as needed to meet legal, accounting or security obligations. You can ask us to delete your account (see Delete your account); some records may be retained where the law requires.
Your rights
You can access, correct or delete your personal information, and ask questions about how it's handled. To make a request, contact us using the details below. We'll respond in line with Australian privacy law.
Changes to this policy
We may update this policy from time to time. We'll change the "last updated" date above, and significant changes will be made clear on this page.
Contact
Questions about your privacy? Get in touch with TYO Lab.