Privacy PolicyData CollectionProvider Logging

ModelStream Privacy Policy

Last Updated: 21 April 2026

This Privacy Policy explains how Metaking Studios OÜ, a private limited company incorporated in the Republic of Estonia and trading as ModelStream (“ModelStream,” “we,” or “us”), collects, uses, and shares personal data when you interact with our website, APIs, and related services (together, the “Service”).

1. Controller and Contact

For the purposes of the GDPR and the Estonian Personal Data Protection Act, the controller is Metaking Studios OÜ (trading as ModelStream), with registered office in Tallinn, Estonia. Our contact details for privacy matters are:

  • Privacy and Data Protection Officer contact: info@modelstream.ai
  • EU representative (Art. 27 GDPR): details at https://modelstream.ai

2. The No-Logging Default (for inference content)

ModelStream’s no-logging commitment applies specifically to the content of your inference requests and responses. Our architecture is designed so that the content of your Inputs and Outputs passes through our gateway to the selected AI Model and back, without being persisted in our systems. Specifically:

  • We do not store the content of your prompts or responses after a request completes, unless you have enabled a logging feature.
  • We do not train, fine-tune, or evaluate models using your Inputs or Outputs.
  • We do not sell your Inputs or Outputs, ever, to anyone, anonymised or otherwise.
  • We do not share the content of your Inputs or Outputs with any third party other than the AI Model provider you have selected, and we do not share them with that provider beyond what is necessary to fulfil your request.

Separately from the content of your requests, we collect operational and product-analytics data about how the Service is used. This is described in Sections 3, 4, 5, and 10.

For routing, billing, abuse prevention, operational observability, and first-party product analytics, we retain the following non-content metadata for each request: timestamp, account and workspace identifiers, AI Model invoked, input and output token counts, HTTP status, latency, routing region, IP address, user-agent, and API key identifier (not the key itself). This data is stored in our own infrastructure in the European Union and is linked to your account so that we can answer operational, billing, and usage-analysis questions about specific customers (for example, to investigate a support ticket, bill correctly, or understand how heavy usage is distributed across our customer base). It is retained for up to 13 months, then deleted or irreversibly aggregated. Organisations on Enterprise plans may configure shorter retention.

If you turn on Private Request History, Debug Logging, or the Improvement Opt-In described in the Terms, we process the content of the opted-in User Content only for the stated purpose and retention period, and only for the account that enabled the feature.

3. Data We Collect

3.1 Data you provide

  • Account data: email address, optional display name, and, for organisational accounts, company name and billing details.
  • Authentication data: hashed password and/or identifiers from a single-sign-on provider of your choice.
  • Payment data: billing address, tax identification (where applicable), transaction identifiers from our payment processors. We do not store full card numbers.
  • Support correspondence: the content of emails and support tickets you send us.
  • User Content: only where you have enabled a logging feature, as described in Section 2.

3.2 Data we collect automatically (product analytics)

When you use the Service, we collect information about how you interact with it. We use this to operate the Service, understand usage patterns, measure performance, prevent abuse, and decide what to build next. We collect this data through two channels: our own first-party analytics pipeline, and Google Analytics 4 on the Site.

First-party analytics (server-side, legitimate interests) We store and analyse the following categories of data in our own infrastructure, hosted by Alibaba Cloud International in the European Union:

  • Request metadata as described in Section 2 (account, model, token counts, latency, status, region).
  • Usage-volume and access-frequency data: number and size of requests, time of day, session length, features used, endpoints called.
  • Approximate location: the country and region derived from your IP address.
  • Device and connection data: IP address, user-agent, operating system, browser type and version, language preference, time-zone setting.
  • Account and workspace identifiers linking the above to your ModelStream account.

This data is linked to your account. We rely on our legitimate interests under Art. 6(1)(f) GDPR to process it: operating and securing the Service, billing correctly, understanding how the Service is used by our customer base, and making informed product decisions. We have balanced these interests against your rights and freedoms and consider them proportionate, but you can object to this processing under Art. 21 GDPR at any time by writing to info@modelstream.ai. Where the data is collected as part of serving your requests (for example your IP address on an incoming API call), it is necessary for us to deliver the Service you asked for, and does not require a cookie.

Google Analytics 4 (browser-side, consent) On the Site, we also use Google Analytics 4 to analyse how visitors interact with our pages. Google Analytics collects IP address, device and browser information, pages viewed, referring URL, session identifiers, and similar data through cookies and similar technologies. Google Analytics operates only after you have consented via our cookie banner, and is disabled entirely for visitors who decline. We configure Google Analytics with IP-anonymisation features enabled where technically available, Data Processing Amendment accepted, 14-month data retention, and Google Signals and advertising features turned off. Google LLC processes this data on our behalf under SCCs and, where applicable, the EU-US Data Privacy Framework; see Section 7. You can review Google’s practices at https://policies.google.com/privacy and opt out of Google Analytics on any site using the browser add-on at https://tools.google.com/dlpage/gaoptout.

Our first-party analytics pipeline and Google Analytics are separate systems. Declining Google Analytics does not disable our first-party analytics, because that data is collected as part of serving your requests on legitimate-interests grounds. If you object to the first-party processing, contact us as described above.

3.3 Data from third parties

  • Identity and account details from SSO providers you use to sign in, limited to what is necessary to create and maintain your account.
  • Fraud, sanctions, and anti-money-laundering signals from specialist third-party providers where required by law in connection with payment processing.

4. Lawful Bases for Processing (Art. 6 GDPR)

We only process personal data where we have a lawful basis. The bases we rely on are:

  • Performance of a contract (Art. 6(1)(b)): to create and maintain your account, process requests, bill you, and provide support.
  • Legal obligation (Art. 6(1)(c)): to meet tax, accounting, anti-money-laundering, sanctions, and other statutory obligations.
  • Legitimate interests (Art. 6(1)(f)): to secure the Service against abuse; to analyse usage patterns through our first-party analytics pipeline in order to operate, measure, and improve the Service, including per-customer and per-workspace analysis for billing, support, and product decisions; to defend legal claims; and to communicate with our customers about their accounts. We have balanced these interests against your rights and freedoms and you retain the right to object under Art. 21 GDPR.
  • Consent (Art. 6(1)(a)): for non-essential cookies and analytics, for marketing communications, for the Improvement Opt-In, and for certain enriched data-sharing features. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

5. How We Use Your Data

  • To operate the Service, route requests, apply your configured settings, and bill correctly.
  • To secure the Service, including detecting fraud, abuse, and attacks on our infrastructure or on AI Model providers.
  • To analyse how the Service is used, including region, usage volume, and access frequency, so we can measure performance, understand demand, improve reliability, plan capacity, and decide what to build next. Where this analysis relies on cookies or similar identifiers, we set them only with your consent.
  • To respond to your support requests and account communications.
  • To comply with legal obligations and to respond to lawful requests from competent authorities.
  • Where you have opted in, to improve our routing and product quality, as described in the Terms.
  • With your consent, to send you occasional product updates; every such email has an unsubscribe link.

6. Who We Share Data With

We share personal data only where necessary and under contractual safeguards:

  • AI Model providers: limited to the content of a single request, only for the AI Model you have selected, only for the duration needed to return a response. See each AI Model’s terms at https://modelstream.ai/models/terms for their own retention practices.
  • Infrastructure providers: that host our gateway and analytics in the EU/EEA, currently Alibaba Cloud International in its EU region, acting as processors under Art. 28 GDPR contracts.
  • Analytics providers: specifically Google LLC (Google Analytics 4), acting as processors to help us understand Site and Service usage in aggregate. See Section 3.2 for scope and Section 7 for transfer safeguards.
  • Payment processors: which act as independent controllers under their own policies linked at checkout.
  • Fraud-prevention, sanctions-screening, and identity-verification providers: where legally required.
  • Professional advisers (legal, accounting, audit): under duties of confidentiality.
  • Authorities: in response to valid legal requests, subject to challenge where appropriate.
  • Successors: in a merger, acquisition, or restructuring, subject to the acquirer respecting this Policy or giving you notice of any change.

A current list of our sub-processors is maintained at https://modelstream.ai/legal/subprocessors.

7. International Transfers

Personal data of EU/EEA/UK users is stored and processed in the EU/EEA for both inference and our first-party analytics. However, two aspects of our stack require specific transparency:

Alibaba Cloud International. Our infrastructure processor for gateway and analytics is Alibaba Cloud International, operating in its EU region. Although your data is stored and processed within the EU, Alibaba Cloud International is a subsidiary of a group headquartered in the People’s Republic of China, which creates a theoretical risk of access requests from Chinese authorities. We have assessed this risk in a transfer impact assessment and apply technical and organisational measures to mitigate it, including strong encryption, key management controlled by ModelStream and held within the EU, strict access controls limiting Alibaba personnel access to our tenant, contractual commitments from Alibaba Cloud International to challenge unlawful access requests, and a commitment from ModelStream to publish transparency reports on any such requests. A redacted copy of the transfer impact assessment is available on request to info@modelstream.ai.

Google LLC (Google Analytics 4). If you consent to Google Analytics, Google LLC processes data on our behalf and may transfer it to the United States. We rely on the EU-US Data Privacy Framework where Google is certified, together with the European Commission’s Standard Contractual Clauses under Art. 46 GDPR as a fallback, supplemented by IP anonymisation and the other configuration described in Section 3.2.

AI Models outside the EU/EEA. If you explicitly select an AI Model hosted outside the EU/EEA, the content of that specific request is transferred to the provider’s region. We make the hosting region of each AI Model visible in our documentation so you can make an informed choice.

For any transfer, we rely on one or more of the following mechanisms: (a) an adequacy decision under Art. 45 GDPR; (b) the European Commission’s Standard Contractual Clauses under Art. 46 GDPR, supplemented by a transfer impact assessment; (c) binding corporate rules; or (d) an explicit derogation under Art. 49 GDPR. Summaries of the safeguards in place for each transfer are available to you on request.

8. Retention

We retain personal data only as long as necessary for the purposes set out in this Policy:

  • Account data: for the life of your account and for 6 months after closure, unless we must retain it longer to meet legal obligations.
  • Billing and tax records: 7 years, as required by Estonian accounting law.
  • Request metadata and first-party analytics data: up to 13 months, then deleted or aggregated.
  • Google Analytics data: up to 14 months, managed by Google LLC under our configuration, then deleted by Google.
  • Opt-in logged User Content: as configured by you, up to the ceilings set in the Terms, with a grace period of up to 90 days after you disable the feature.
  • Support correspondence: 24 months after resolution of the ticket.
  • Security logs: up to 18 months where needed to investigate incidents.
  • Data needed to defend or bring legal claims: until the applicable limitation period expires.

9. Your Rights

If you are in the EU, EEA, or UK, the GDPR gives you the following rights, which we honour regardless of where you are located:

  • Access (Art. 15): obtain a copy of the personal data we hold about you.
  • Rectification (Art. 16): correct inaccurate or incomplete data.
  • Erasure (Art. 17): have your personal data deleted in the circumstances set out in the GDPR.
  • Restriction (Art. 18): limit our processing in certain cases.
  • Portability (Art. 20): receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Objection (Art. 21): object to processing based on legitimate interests, including profiling.
  • Withdraw consent (Art. 7): where processing is based on consent, withdraw it at any time.
  • Not be subject to solely automated decisions (Art. 22): that produce legal or similarly significant effects. Our routing and abuse-detection systems are not used to make such decisions about you without human involvement.
  • Lodge a complaint with a supervisory authority (Art. 77): in particular the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, https://www.aki.ee) or the authority of your country of habitual residence.

To exercise these rights, write to info@modelstream.ai. We will respond within one month, which may be extended by up to two additional months for complex requests. We may ask you to verify your identity before we act on a request. Residents of California, Colorado, Virginia, and other US states with comprehensive privacy laws have equivalent rights under those laws; the same contact applies.

10. Cookies and Similar Technologies

We use cookies and similar technologies in three categories:

  • Strictly necessary: required for the Service to function, for example to keep you logged in, maintain security tokens, and remember your cookie choices. These are set on the basis of our legitimate interest in operating the Site and cannot be disabled.
  • Functional: remember your preferences such as language or theme. Set only with your consent.
  • Analytics: help us understand Site usage in aggregate. This category includes Google Analytics 4 cookies (such as _ga and ga*), which are set only after you consent via our cookie banner. We configure Google Analytics with IP-anonymisation features enabled where technically available, 14-month data retention, and no Google Signals or advertising features.

We do not use cookies for advertising and we do not allow third-party advertising networks on the Site. You can review and change your cookie choices at any time via the cookie-preferences link in the Site footer. Our cookie banner is designed so that refusing is as easy as accepting, consistent with the ePrivacy Directive and the guidance of the European Data Protection Board. You can also opt out of Google Analytics on any site using Google’s opt-out browser add-on at https://tools.google.com/dlpage/gaoptout.

Note: our first-party analytics pipeline described in Section 3.2 runs server-side and does not require cookies or browser-side identifiers, so it is not covered by the cookie banner. To exercise your right to object to that processing, see Sections 4 and 9.

11. Children

The Service is not directed to children under 16 and we do not knowingly collect personal data from children. If you believe a child has created an account, please write to info@modelstream.ai and we will delete the account.

12. Security

We maintain technical and organisational measures appropriate to the risk, including encryption in transit and at rest, strict access controls, least-privilege production access, penetration testing, secrets management, audit logging, vendor due diligence, and an incident-response programme. In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours where feasible, and affected individuals where the breach is likely to result in a high risk, in accordance with Arts. 33 and 34 GDPR.

13. Automated Decision-Making and the EU AI Act

We operate an AI gateway that provides access to third-party AI Models. We do not use AI to make solely automated decisions about you that produce legal or similarly significant effects. Where we deploy AI Models for internal operational purposes such as spam and abuse detection, we maintain human oversight. As a provider of a service that routes to and, where opted in, builds on AI systems, we align our practices with the transparency, data-governance, and risk-management provisions of Regulation (EU) 2024/1689 (the EU AI Act) applicable to our role. You interact with AI systems when you use the Service; Output is generated by models that may be inaccurate, outdated, or biased, and you should not treat Output as authoritative without independent verification.

14. Marketing Communications

We only send marketing communications where we have an appropriate legal basis, typically your consent or, in the case of existing customers and substantially similar services, our soft-opt-in right under Art. 13(2) of Directive 2002/58/EC as implemented locally. Every marketing message contains a one-click unsubscribe. You can also opt out at any time by writing to info@modelstream.ai.

15. Changes

We may update this Privacy Policy from time to time. Material changes will be notified by email and through an in-product banner at least 30 days in advance where practicable. The latest version is always available at https://modelstream.ai/legal/privacy, with the effective date shown at the top.

16. Contact

Questions, requests, and complaints about this Policy or our processing of your personal data:

You always retain the right to lodge a complaint with the Estonian Data Protection Inspectorate or your local supervisory authority.