Healthtech Capital LLC ("we", "us", "our"), doing business as LLM Consensus, is a Wyoming LLC registered at 30 N Gould St Ste R, Sheridan, WY 82801, USA (EIN: 93-4718594). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our API service at llmconsensus.io (the "Service").
1. Data We Collect
Account Data
- Email address — provided during registration, used for account management and communications.
- Name — if provided during registration or billing setup.
- Billing information — payment details are collected and processed by Stripe; we do not store full credit card numbers.
Usage Data
- API usage logs — timestamps, endpoints called, response codes, credit consumption, and request metadata.
- Prompts and inputs — the content you submit via the API for processing by LLM providers.
- IP addresses — recorded for security and abuse prevention purposes.
Technical Data
- Browser/client information — user agent strings when accessing our website or dashboard.
- Session data — minimal session cookies required for authentication (see Section 7).
2. How We Use Your Data
We use the data we collect for the following purposes:
- Service delivery — to process your API requests by routing prompts to third-party LLM providers and returning responses.
- Billing and accounting — to track credit usage, process payments, and manage subscriptions.
- Security and abuse prevention — to detect unauthorized access, prevent fraud, and enforce our Terms of Service.
- Service improvement — to analyze aggregate usage patterns, debug errors, and improve performance and reliability.
- Communication — to send transactional emails (billing receipts, usage alerts, security notifications) and, with your consent, product updates.
3. GDPR Compliance
LLM Consensus processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). The legal bases for our data processing activities are:
- Contract performance (Art. 6(1)(b)) — processing necessary to provide the Service as agreed in our Terms of Service.
- Legitimate interest (Art. 6(1)(f)) — processing for security, fraud prevention, and service improvement, where our interests do not override your fundamental rights.
- Consent (Art. 6(1)(a)) — where applicable, such as for optional marketing communications.
- Legal obligation (Art. 6(1)(c)) — processing required to comply with applicable laws (e.g., tax and accounting regulations).
4. Data Processors & Third-Party Sharing
We share data with the following categories of third-party processors, solely as necessary to operate the Service:
| Processor |
Purpose |
Data Shared |
| OpenAI |
LLM inference |
Prompts, request parameters |
| Anthropic |
LLM inference |
Prompts, request parameters |
| Google |
LLM inference |
Prompts, request parameters |
| Stripe |
Payment processing |
Billing details, email, transaction data |
Important: When you submit prompts via the API, they are transmitted to one or more third-party LLM providers for processing. Each provider handles data according to its own privacy policy and terms. We encourage you to review these policies if you have concerns about how your data is processed downstream.
We do not sell your personal data to third parties. We do not share your data for advertising purposes.
5. Data Retention
We retain your data for the following periods:
- API usage logs (including prompts, request metadata, and response data) — retained for 90 days from the date of the request, then automatically deleted.
- Account data (email, profile, billing records) — retained for as long as your account remains active. Upon account deletion, personal data is removed within 30 days, except where retention is required by law (e.g., financial records may be retained for up to 7 years for tax compliance).
- Security logs (IP addresses, authentication events) — retained for up to 12 months for security and abuse prevention purposes.
6. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure ("right to be forgotten") — request deletion of your personal data, subject to legal retention obligations.
- Right to data portability — request an export of your data in a structured, machine-readable format (JSON).
- Right to restrict processing — request that we limit how we process your data in certain circumstances.
- Right to object — object to data processing based on legitimate interest.
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.
To exercise any of these rights, contact us at privacy@llmconsensus.io. We will respond to your request within 30 days. If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.
7. Cookies
We use minimal cookies, limited to what is strictly necessary for the operation of the Service:
- Session cookies — used to maintain your authenticated session on the dashboard. These are temporary and are deleted when you close your browser or your session expires.
- Security cookies — used for CSRF protection and to prevent unauthorized access.
We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required as we only use strictly necessary cookies as defined under ePrivacy regulations.
8. Security Measures
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit — all data transmitted between your client and our servers is encrypted using TLS 1.2 or higher.
- Encryption at rest — stored data is encrypted using industry-standard encryption algorithms.
- Access controls — internal access to user data is restricted to authorized personnel on a need-to-know basis.
- API key security — API keys are hashed before storage; plaintext keys are only displayed once at creation time.
- Infrastructure security — our services run on secured cloud infrastructure with regular security updates and monitoring.
- Incident response — we maintain procedures for detecting, reporting, and responding to data breaches in accordance with GDPR requirements (notification within 72 hours where applicable).
9. International Data Transfers
Your data may be processed outside the European Economic Area (EEA) by our third-party LLM providers. Where such transfers occur, they are safeguarded by:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Adequacy decisions where applicable.
- The data processing agreements we maintain with each provider.
10. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete such data promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email or a prominent notice on our website at least 30 days before they take effect.
12. Contact for Data Requests
For any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact us: