Skip to content

Effective date: 2026-04-17

Privacy Policy

How AI Router processes personal data of enterprise customers and their end-users.

1. Data controller

The controller of personal data processed through AI Router is G1 Software Kazakhstan LLC (the "Company", "we"), registered in the Republic of Kazakhstan. You may reach our data protection officer at [email protected].

2. Categories of data we process

We process: (a) enterprise-contact identifiers (name, email, organization, role); (b) API usage metadata (request IDs, timestamps, tokens, cost, model metadata); (c) billing and invoice details; (d) technical metadata (IP, user-agent, session). Prompt and completion content is retained for up to 30 days for debugging and regulatory audit and is never used to train models.

3. Legal bases and purposes

Processing is based on: performance of the contract with the enterprise customer; compliance with the Kazakhstan Personal Data Law, Kazakhstan AI Law, GDPR, and PDPA; and our legitimate interest in security, billing integrity, and abuse prevention.

4. In-country data residency

All personal data, request logs, and backups are physically located in data centers within the Republic of Kazakhstan. Cross-border transfer occurs only when the customer explicitly selects a foreign model provider and is subject to appropriate contractual safeguards.

5. Retention

Billing records: 5 years (Kazakhstan tax law). Request content: 30 days. Access audit logs: 1 year. Account data: for the duration of the contract plus 90 days.

6. Data subject rights

You have the right to: access a copy of your data, request correction or deletion, restrict or object to processing, port your data, and withdraw consent. Requests are handled within 30 days. Contact [email protected].

7. Sub-processors

We share data with the following categories of sub-processors: LLM model providers (by explicit customer routing), in-country cloud infrastructure, payment processors, monitoring and logging. Current list available in our DPA on request.

8. Security

TLS 1.3 in transit and AES-256 at rest. ISO/IEC 27001:2022 and SOC 2 Type II certified. PII masking before any request leaves our infrastructure for a third-party provider. Full access audit with per-action logging.

9. Cookies and analytics

The site uses strictly necessary cookies for session and language preference. Public pages embed Google Analytics 4 for aggregate visit statistics — IP addresses are anonymized and no personal data is shared. The dashboard (app.airouter.kz) uses Sentry for error capture — technical data only, no persistent user identifiers.

10. Changes to this policy

We notify enterprise customers by email at least 30 days before changes take effect. A version archive is kept and available on request.

For legal inquiries, use the contact form