// legal
Privacy Policy
Last updated: June 15, 2026
1. Overview
BroCode Live ("the Service", "we", "us") is an API gateway providing managed access to Claude models. This policy explains what we collect, what we don’t, and how data passing through the Service is handled.
The short version: we don’t store your prompts, messages or AI responses. We keep only the minimum needed to run your account, process payment, and enforce usage limits.
2. What We Do NOT Store
- Prompt content - The text of your messages, instructions and system prompts is never stored - it passes through in transit and is discarded after forwarding.
- AI responses - Model outputs (text, code, analysis) are streamed to you and not retained.
- Images & files - Anything included in your requests is forwarded to the upstream model and not stored by us.
- Conversation history - We keep no record of your conversations or threads.
- Card details - Payment card/UPI details are handled entirely by Razorpay - we never see or store them.
3. What We DO Collect
The minimum needed to run accounts and enforce limits:
- Account email (+ optional name) - To create your login, deliver your API key, and send essential account emails.
- Order records - Plan purchased, amount, and a Razorpay payment/transaction reference - for billing and support.
- Usage metadata - Token counts, timestamps, model name, status code and latency - to enforce your 5-hour window and power your dashboard.
- API key data - A key prefix for display and a hashed key for authentication, plus its limits and usage counters.
This metadata is operational and cannot be used to reconstruct your conversations.
4. Account & Payment
You sign up with an email and password (passwords are stored hashed, never in plain text). Payments are processed by Razorpay over UPI, cards or net banking; we receive a transaction reference and status, not your financial credentials. Razorpay processes payment data under its own privacy policy.
5. How Data Flows
Your request arrives over HTTPS (encrypted in transit).
We validate your API key and check usage limits.
The request is forwarded to the upstream model over HTTPS.
The response is streamed back to you in real time.
We record only the metadata in Section 3 - content is discarded.
Request and response content is never written to disk, logged, or stored in a database.
6. Data Retention
| Request/response content | Not retained - zero retention. |
| Usage metadata | Until the API key is deleted. |
| Account & order records | While your account is active + as required for tax/legal compliance. |
| API key records | Until deleted by you or an administrator. |
7. Third-Party Services
We rely on Razorpay for payments and upstream AI model providers to generate responses. These services have their own privacy policies and data practices, which we do not control. We recommend reviewing them.
8. Security
- All communication is encrypted with HTTPS/TLS.
- Passwords are hashed; API keys are stored hashed and validated on every request.
- Rate limits and usage windows protect against abuse.
- No request or response content is written to persistent storage.
9. Your Rights
- Access - view your usage anytime on the Check Usage page or your dashboard.
- Deletion - email support@brocode.live to delete your account, keys and associated data.
- Correction - update your account details from your dashboard.
10. Changes
We may update this policy from time to time. Changes take effect when posted here; continued use constitutes acceptance.
11. Contact
Questions about privacy or your data? Email support@brocode.live.