We only collect what we need. We never sell your data. Your prompts stay yours.
This Privacy Policy describes how LLM Cost Tracker ("we," "us," "our") collects, uses, and protects information when you use our website and Service.
It does not cover how your end users' data is handled by your own application — that is your responsibility as the developer integrating the SDK.
When you sign up, we collect your name, email address, and company name.
Payment details are processed by Stripe. We store only the last four digits of your card and billing address for your records.
When you use the SDK, we receive and store per-call metadata:
| Field | Description |
|---|---|
| model | Model name and version (e.g. claude-sonnet-4-6) |
| input_tokens | Number of input tokens sent |
| output_tokens | Number of output tokens returned |
| cost_usd | Calculated cost in USD |
| latency_ms | Request latency in milliseconds |
| feature | Feature tag you define (e.g. "summarization") |
| user_id | Your app's user identifier, supplied by you |
| prompt_version | Version label you pass in to track prompt changes |
| created_at | Timestamp of the call |
We collect standard dashboard analytics (page views, feature usage) to improve the product. We use privacy-respecting analytics and do not sell this data.
If you contact us, we retain that correspondence.
We use the information we collect to:
The SDK allows you to pass a userId parameter so you can attribute LLM costs to specific users of your application. You control what value you pass.
We recommend using an internal identifier (e.g., a UUID) rather than an email address or real name. You are responsible for ensuring your use of user attribution complies with your own privacy policy and applicable law.
We share data only with:
We do not share your data with advertisers, data brokers, or AI providers.
If you use the self-hosted option, your event data is stored entirely in your own infrastructure. We have no access to it. Only your account registration data (email, plan) is held by us.
This is the recommended option for teams with compliance requirements in fintech, healthcare, or enterprise environments.
LLM event data is retained for as long as your account is active, plus 30 days after termination. You can request deletion of your data at any time by contacting us.
Account information (email, billing records) is retained as required by law for tax and compliance purposes.
We use Supabase Row Level Security (RLS) to ensure your project data is only accessible to your account. Data is encrypted in transit (TLS) and at rest. API keys used for SDK authentication are hashed before storage.
If you discover a security vulnerability, please contact us at security@llmcosttracker.com before disclosing publicly.
We use essential cookies for authentication (session management). We do not use third-party advertising cookies.
If we add analytics cookies, we'll update this policy and request consent where required by applicable law.
Depending on your location, you may have the right to:
To exercise any of these rights, contact us at privacy@llmcosttracker.com. We'll respond within 30 days.
The Service is intended for businesses and developers. We do not knowingly collect data from individuals under 16. If you believe we have inadvertently collected such data, contact us for immediate deletion.
If we make material changes, we'll notify you by email or in-app notice before the changes take effect. The "last updated" date at the top of this page always reflects the current version.