anyrouter Privacy Policy
anyrouter Privacy Policy: API request content is never stored or used for training. Learn what metadata is kept for billing, security, and compliance.
Last Updated: May 18, 2026
This Privacy Policy applies to the website, API relay, model routing, unified API access, account management, billing and settlement, and related enterprise-grade technical services (collectively, the "Services") provided by anyrouter (domain: anyrouter.win).
anyrouter is positioned as an API relay and model-call management service. We do not provide the Services for the purpose of storing, analyzing, training on, or reusing customers' business content. The Services are offered solely to enterprises, social organizations, research institutions, and other organizational customers, and are not offered to natural persons, consumers, or minors for personal use.
By registering, accessing, purchasing, topping up, calling the APIs, or otherwise using the Services, you and the organization you represent acknowledge and agree to this Privacy Policy. If you have not obtained authorization from an organization, or intend to use the Services for personal purposes, please stop using them immediately.
1. Core Commitment: We Do Not Store API Request Content
To avoid any misunderstanding, anyrouter states explicitly:
- We do not store the prompts, questions, instructions, system prompts, context, conversation history, code snippets, file bodies, business data, or other request body content that you submit through the API.
- We do not store the answers, code, analysis results, generated content, contextual results, or other response body content that models return to you.
- We do not use your API request content to train anyrouter's own models, nor do we proactively provide your API request content to any third party for model training.
- We do not save or reuse customers' API request content as a knowledge base, sample repository, case library, dataset, or operational analytics material.
- We do not proactively review your API request content manually, except where required in accordance with law by laws and regulations, regulatory authorities, or judicial authorities, or where you expressly request our assistance in troubleshooting a specific issue and separately provide the relevant content.
"API request content" as used in this Policy includes, without limitation: prompts, messages, context, user questions, system instructions, business bodies within tool-call parameters, code, file bodies, model output bodies, and any other data that may reflect your actual business content.
2. How API Request Content Is Handled
In the normal service flow, API request content is used solely to complete the individual request you initiate:
- Receiving your API request;
- Forwarding the request to the corresponding model or service provider in accordance with your selection or the system routing rules;
- Receiving the result returned by the model or service provider;
- Returning the result to you.
During this process, API request content may be transiently handled during network transmission, in-memory processing, request forwarding, and response return, but anyrouter does not persist it to business databases, logging systems, sample repositories, or training datasets.
Where a specific enterprise customer's private deployment, dedicated channel, customized troubleshooting, content auditing, compliance record-keeping, or other special requirements necessitate changes to the above handling, the parties shall separately execute a written agreement or expressly enable the corresponding feature on the platform.
3. Necessary Service Records We Retain
To provide API relay, billing, credit statistics, security risk control, troubleshooting, and compliant operations, anyrouter needs to retain necessary service records. As a rule, such records do not include API request content.
We may retain the following information:
- Account and organization information: account identifiers, login names, email addresses or phone numbers, organization names, account roles, permission configurations, verification status, and API key identifiers and their status. Raw API keys are protected with encryption, hashing, or other security measures.
- Order and billing information: order records, top-up records, balances, plans, credits, amounts consumed, invoice information, payment status, and information required for contracts or settlement.
- Call metadata logs: request time, request ID, account ID, organization ID, API key identifier, endpoint path, model name or model type, token usage, billed amounts, response status, error codes, latency, source IP, User-Agent, and rate-limit records.
- Security and risk-control logs: login records, abnormal logins, abnormal calls, key-related risks, rate anomalies, attack interceptions, abuse risks, permission changes, system alerts, and security incident handling records.
- Support tickets and service communication records: issues, screenshots, files, descriptions, and handling records that you proactively submit through platform support tickets, the account console, or other official channels.
The call metadata logs above are used to prove that calls occurred, calculate fees, troubleshoot API errors, prevent fraud and abuse, and secure the system; they are not used to reconstruct, analyze, store, or reuse your business content.
4. What the Logs Do Not Contain
Except for content you proactively submit through support tickets, or as otherwise agreed by the parties in writing, anyrouter's regular call logs do not record the following:
- Prompts, user questions, system prompts, context, or conversation history;
- Model output bodies, generated code, generated text, or answer content;
- Source code, configuration files, business documents, customer records, or file bodies you submit;
- The parsed body content of images, audio, video, or documents;
- Request body content that could directly reconstruct your business intent, business logic, customer data, or trade secrets.
When an API error occurs, we typically record the metadata needed for troubleshooting — such as the error code, error type, request ID, model type, timestamp, latency, and token usage — rather than the request body or response body.
5. Third-Party Model and Service Providers
As an API relay and model routing service, anyrouter may forward requests to the corresponding model, computing, cloud, or technical service providers based on your selection, platform configuration, model availability, price, stability, or compliance requirements.
Please understand the following:
- The fact that anyrouter does not save API request content does not mean that third-party model or service providers do not process such content at all. In order to perform model inference and generate responses, third parties may process request content within their own service flows.
- Different model providers may differ in their data processing rules, logging rules, content safety rules, regional rules, and training rules. You should choose appropriate models based on your own business, data types, customer commitments, and regulatory requirements.
- For business, user, or data processing scenarios within mainland China, you shall ensure that the selected models, providers, calling regions, and usage methods comply with Chinese laws and regulations and the applicable requirements on industry regulation, data security, personal information protection, algorithm governance, generative artificial intelligence, and deep synthesis.
- If you require the use of mainland-China-only models, designated providers, the disabling of certain models, dedicated gateways, private deployment, log isolation, no-content-persistence commitments, or a separate data processing agreement, you should confirm such arrangements with anyrouter in writing before use.
6. Content You Should Not Submit
Even though anyrouter does not store API request content, you should still use the Services prudently and avoid submitting the following:
- State secrets, work secrets, important data, or data whose processing, transmission, or cross-border transfer is restricted by law;
- Unauthorized personal information, sensitive personal information, raw customer records, identity information, account passwords, keys, bank card information, medical and health information, or information about minors;
- Trade secrets, core code, undisclosed financial data, unreleased product materials, confidential contracts, source-code repository contents, or other highly sensitive business materials;
- Any content you are not entitled to upload, process, forward, or provide to third-party model services;
- Any content that may violate laws and regulations, regulatory requirements, contractual obligations, confidentiality obligations, or the rights and interests of third parties.
You and the organization you represent are responsible for the legality of API request content, the source of authorization, data anonymization, model selection, the use of outputs, and the downstream business consequences.
7. How We Use Necessary Service Records
anyrouter uses account information, billing information, call metadata, and security logs only to the extent necessary, for the following purposes:
- Creating, verifying, managing, and protecting accounts;
- Completing API relay, model routing, credit statistics, billing and settlement, order management, and invoice processing;
- Monitoring service availability, troubleshooting API failures, locating abnormal requests, and optimizing gateway performance;
- Preventing theft, fraud, abuse, malicious calls, attacks, unauthorized access, and account risks;
- Complying with requirements lawfully imposed by laws and regulations, regulators, or judicial and administrative authorities;
- Handling disputes, auditing bills, reconciling call volumes, and safeguarding the lawful rights and interests of anyrouter, its customers, and third parties.
8. Information Sharing and Disclosure
anyrouter does not sell your personal information, account information, call records, or business data.
We may share or disclose limited information only in the following necessary circumstances:
- As necessary to perform the Services: providing model providers, cloud service providers, network service providers, payment institutions, SMS or email service providers, risk-control service providers, ticketing systems, and the like with the limited information needed to complete the Services.
- Intra-organization management: displaying management information such as accounts, credits, orders, call volumes, fees, and security events to authorized administrators, in accordance with the administrator settings and permissions of the organization to which you belong.
- Legal compliance: disclosure in accordance with requirements lawfully imposed by laws and regulations, regulatory authorities, judicial authorities, administrative authorities, or other competent authorities.
- Protection of lawful rights and interests: disclosing risk information to relevant parties within the necessary scope in order to prevent fraud, attacks, theft, violations of law, system abuse, or security incidents.
- Business changes: in the event of a merger, division, acquisition, asset transfer, reorganization, or similar transaction, necessary information may be transferred in accordance with law, provided that the transferee remains bound by this Policy or by arrangements offering no less protection than this Policy.
9. Data Security Measures
anyrouter adopts technical and organizational measures appropriate to the nature of an API relay service to protect information security, including without limitation:
- Protecting transmission security through TLS/SSL and similar mechanisms;
- Applying access controls to accounts, API keys, permissions, back-office access, and sensitive configuration;
- Avoiding the recording of request bodies and response bodies in regular logs;
- Applying encryption, anonymization, permission isolation, or data minimization to necessary logs and configuration;
- Monitoring abnormal logins, abnormal calls, attacks, abuse, and system risks;
- Maintaining necessary backup, auditing, emergency response, and security incident handling mechanisms.
You shall properly safeguard your accounts, passwords, API keys, access tokens, callback URLs, server environments, and third-party integration configurations. Any leakage, theft, loss, or dispute caused by improper management on the part of you or the organization you represent shall be borne by you and that organization.
10. Data Retention and Deletion
- API request content is not an object of anyrouter's regular storage and, under normal circumstances, is not persisted by anyrouter.
- Account information, order information, billing records, call metadata logs, security logs, and support ticket records are retained for the reasonable period necessary to fulfill the purposes described in this Policy, subject to the requirements of laws and regulations, accounting and audit, dispute resolution, security risk control, and contract performance.
- When the relevant information no longer needs to be retained, or when you lawfully request deletion and no statutory or legitimate grounds for retention exist, we will delete it, anonymize it, or take other reasonable measures.
- After account cancellation, service termination, or contract expiry, we may still retain necessary records for the periods required by laws and regulations, audits, dispute resolution, security record-keeping, and backup cleanup — but we will not retain your API request content on that basis.
11. Cookies and Website Technologies
anyrouter may use cookies, local storage, log identifiers, and similar technologies for maintaining login state, security verification, preference settings, traffic statistics, troubleshooting, and service optimization. You can manage or delete cookies through your browser settings, but disabling these technologies may affect website login, account security, or the use of certain features.
12. Enterprise Users and Individual Users
- The Services are offered only to enterprise and organizational customers, and are not offered to natural persons, consumers, or minors for personal use.
- If you register, top up, or call the Services in an individual capacity, you confirm that you do so solely on behalf of the organization to which you belong or which has authorized you, and that you have obtained that organization's lawful authorization.
- Individual use without organizational authorization, unlawful use, non-compliant calls, re-supplying the Services, or providing the Services to external parties constitutes a violation of this Policy and the Terms of Service. The resulting legal liability, regulatory liability, tort liability, contractual liability, data security liability, fees, and losses shall be borne by the actual user and the relevant responsible parties.
13. Your Rights
To the extent permitted by laws and regulations, you may, through the features or channels provided by the platform:
- Query, correct, or supplement account information and organization details;
- View orders, balances, credits, bills, and call statistics;
- Manage account permissions, API keys, applications, callback URLs, and security settings;
- Request the deletion, cancellation, or restriction of processing of relevant account information;
- Make inquiries, lodge complaints, or raise objections regarding personal information processing rules.
To protect the security of accounts and organizational data, we may require you to complete identity verification, organizational authorization verification, or administrator approval before we process the relevant requests.
14. Policy Updates
anyrouter may update this Privacy Policy in light of business changes, laws and regulations, regulatory requirements, model provider policies, or security needs. The updated Policy will be published on anyrouter.win or the relevant platform pages and takes effect on the date of publication, unless otherwise stated. Your continued use of the Services constitutes acceptance of the updated Policy.
15. Governing Law and Dispute Resolution
The formation, validity, interpretation, performance, amendment, and termination of this Privacy Policy, as well as the resolution of disputes hereunder, are governed by the laws and regulations of the People's Republic of China. Any dispute arising out of this Privacy Policy or the Services shall first be resolved through friendly negotiation between the parties; failing such resolution, either party may file a lawsuit with the people's court having jurisdiction over the place where anyrouter primarily conducts its business.
16. Contact Us
If you have any questions, complaints, suggestions, or requests regarding this Privacy Policy, personal information processing, or data security matters, please submit them through the support tickets, account console, or other official channels available on the anyrouter.win platform. To protect the security of accounts and organizational data, we may need to verify your identity, account permissions, and organizational authorization before processing the relevant requests.
Query Task Status
Query Wan video task status by task_id: poll progress and state, retrieve video_url on success, with response fields, cURL example, and polling tips.
anyrouter Terms of Service
anyrouter Terms of Service: API relay scope for enterprise customers, account and API key rules, model compliance, fees, refunds, and limits of liability.