Privacy Policy

Last updated: 2 July 2026

TYO Prism is a service of TYO Lab, an Australian business. TYO Prism is an LLM routing API: it forwards your requests to AI model providers you've connected, and meters the results. This policy explains what information we collect when you use the TYO Prism dashboard and API, how we use it, and the choices you have. By using TYO Prism you agree to this policy.

Information we collect

  • Account details. When you sign in through TYO ID (id.tyo.com.au, backed by our Strapi identity service), we receive your name and email address to create and identify your account.
  • Upstream API keys (BYOK). When you connect a provider — DeepSeek, Qwen, Google, Kimi, GLM, OpenAI, Anthropic, a self-hosted Ollama endpoint, or any OpenAI-compatible URL — we store the API key you give us encrypted with AES-256-GCM. Once saved, no part of that key — not even a prefix — is ever displayed again, including to you. (Your Prism router API keys, which look like tyr-…, are different: we do show a short identifying prefix for those in the dashboard so you can tell them apart.)
  • Request metadata. For every request routed through your Prism API key, we record metadata: token counts (input/output), which upstream handled it, actual and would-be cost, latency, and status. We do not store the content of your prompts or the model's responses — routing and metering only need the metadata above, not the conversation itself.
  • Usage and plan data. We track your monthly request count against your plan's quota (1,000 requests/month on the free beta tier) so we can show usage in your dashboard and enforce the limit.
  • Technical data. Standard information such as your IP address and connection metadata may be processed by our hosting providers to operate and secure the service.

Your prompts and responses

TYO Prism's job is to route your request to the upstream model you've configured and return the result — it is not designed to retain the content of that exchange. We do not log prompt or completion text for our own purposes; we meter token counts, cost and latency only. Your prompts and responses are, however, sent to and processed by the upstream provider you selected (or that auto routing selected on your behalf) — that provider's own privacy policy governs how they handle that content. When you use model: "auto", Prism may also send a short excerpt of your prompt (as part of a tiny, ≤5-token classification call) to your cheapest tier-1 upstream to gauge request difficulty, regardless of which upstream ultimately serves the response.

How we use your information

  • To provide and maintain the service, including routing your requests and tracking usage against your plan's quota.
  • To operate the dashboard — usage, cost and savings reporting.
  • To communicate with you about your account and service-related matters.
  • To detect, prevent and address abuse, security issues and technical problems.
  • To meet our legal obligations.

Who we share it with

We do not sell your personal information. We share data only with the providers needed to run TYO Prism:

  • The upstream AI providers you configure — your request content is sent to whichever provider (or self-hosted endpoint) you've added as an upstream, using your own API key.
  • Google Cloud — hosting, storage and delivery of the service.
  • TYO ID / Strapi — sign-in and account identity.

These providers process your information on our behalf (or, for upstream providers, on your instruction), and we limit what they receive to what they need.

Cookies

We use a small number of essential cookies — for example, to keep you signed in. We don't use them for advertising.

Data retention

We keep your account, encrypted upstream keys, and usage metadata for as long as your account is active, and as long afterwards as needed to meet legal, accounting or security obligations. You can ask us to delete your account (see Delete your account); some records may be retained where the law requires.

Your rights

You can access, correct or delete your personal information, and ask questions about how it's handled. To make a request, contact us using the details below. We'll respond in line with Australian privacy law.

Changes to this policy

We may update this policy from time to time. We'll change the "last updated" date above, and significant changes will be made clear on this page.

Contact

Questions about your privacy? Get in touch with TYO Lab.