Legal

Privacy Policy

Last updated — July 4, 2026

This Privacy Policy explains how Jetnight ("we", "us") collects, uses, stores, and protects your personal data when you use our API platform, dashboard, and related services (the "Service"). By using the Service you agree to the practices described here.

We operate in compliance with applicable data protection laws, including Russia's Federal Law No. 152-FZ "On Personal Data" and the GDPR where relevant to users in the European Economic Area.

1. What we collect

Account data

  • Email address — used for login, receipts, and critical service notices.
  • Account password — stored as a salted bcrypt hash; never readable by us or anyone.
  • Display name (optional) — shown in your dashboard only.

Payment data

  • We never store full card numbers, CVV, or SBP credentials on our servers.
  • Card and SBP transactions are processed by licensed payment providers. We keep only the last 4 digits, brand, and a transaction reference.
  • Crypto payments are settled on-chain; we record only the transaction hash, amount, and confirmation status.
  • Cryptobot and xRocket payments retain a Telegram transaction ID and the purchased bundle.

Usage & API data

  • API requests — model, token count, latency, and status code. Kept for 30 days, then aggregated and purged.
  • Request and response bodies are never logged. Only metadata required for billing and debugging is retained.
  • Per-key usage stats and spending limits are stored to enforce your configured quotas.

Technical data

  • IP address, user agent, and timestamps — used for security, rate limiting, and abuse prevention.
  • Cookies and local storage — authentication session, theme preference, and CSRF protection.

2. How we use your data

  • To authenticate you and secure your account.
  • To deliver purchased token bundles and issue API keys.
  • To track usage, enforce per-key limits, and bill accurately.
  • To detect fraud, abuse, and violations of our Terms.
  • To send essential service notifications (outages, security incidents, key expiry).
  • To improve the Service through aggregated, anonymized analytics.

We do not sell your personal data to third parties. We do not use your API request content to train, fine-tune, or evaluate any model.

  • Contract — processing necessary to deliver the Service you purchased.
  • Legal obligation — tax records, financial reporting, and lawful requests.
  • Legitimate interest — security, fraud prevention, and service stability.
  • Consent — optional marketing emails; withdrawable at any time.

4. Data retention

  • Account data — kept while your account is active; deleted within 30 days of closure.
  • API request metadata — 30 days, then aggregated.
  • Payment records — 5 years as required by financial regulations.
  • Security logs — 90 days.
  • Marketing consent records — until you unsubscribe.

5. Data sharing

We share data only with the following categories of processors, under data processing agreements:

  • Payment providers (SBP, card processors, crypto gateways, Cryptobot, xRocket).
  • LLM providers whose models you route to (OpenAI, Anthropic, Google, Z.AI, DeepSeek, Moonshot, MiniMax) — only the request payload and your API identifier, never your account credentials.
  • Cloud infrastructure providers hosting the Service.
  • Public authorities — only where required by law and after legal review.

6. Your rights

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion (subject to legal retention duties).
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdrawal — revoke marketing consent at any time.

To exercise any right, email privacy@jet-night.com. We respond within 30 days.

7. Security

We apply industry-standard measures: TLS 1.3 in transit, AES-256 at rest, salted bcrypt for passwords, scoped API keys, least-privilege infrastructure access, and continuous monitoring. See our Security page for details.

8. International transfers

Your data may be processed by LLM providers and infrastructure partners outside your country of residence. We rely on Standard Contractual Clauses and equivalent safeguards for such transfers.

9. Children

The Service is not directed at individuals under 16. We do not knowingly collect data from minors. If you believe we have, contact us and we will delete it promptly.

10. Changes to this policy

We may update this policy as the Service evolves. Material changes will be announced by email at least 14 days before taking effect. Continued use after the effective date constitutes acceptance.

11. Contact

Questions or requests? Email privacy@jet-night.com. For GDPR matters, our representative is available at the same address.