Last updated: 2026-05-30
Virouter is an API gateway in front of OpenAI and Anthropic. We try to minimize what we store and to be specific about what we do.
Your account email, hashed password, OAuth provider id (GitHub/Google), API keys you create, token-wallet balance and ledger, and request metadata (timestamps, model name, token counts, status, latency).
We do not retain prompt or response bodies by default. Bodies pass through Virouter to the upstream provider in memory and are dropped after the request completes.
Requests are forwarded to OpenAI and Anthropic. Their privacy policies apply to the prompt content. Virouter does not log full bodies, but may log size, model, and status for billing and abuse defense.
We use a session cookie (HttpOnly, Secure, SameSite=Lax) and a CSRF cookie. We do not run third-party analytics that fingerprint you.
Email is used for verification, security alerts (new login, key rotation), and billing receipts. You can disable marketing email separately.
Email security@virouter.com from the address on the account. We delete the account, wallet history, and API keys within 14 days.
security@virouter.com for incidents. hi@virouter.com for everything else.