Privacy Policy

Last updated: January 2026

Introduction

At Collab LLM, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our multi-model AI collaboration platform.

Collab LLM ("we", "us", or "our") is the data controller for personal data processed through our services. We are committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide you with our services (account management, AI conversations, subscription management)
  • Legitimate Interests: Improving our services, preventing fraud, and ensuring security, where these interests are not overridden by your rights
  • Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications)
  • Legal Obligation: Processing required to comply with applicable laws and regulations

Information We Collect

  • Account information (email, name, profile details)
  • Usage data and conversation history
  • Payment information (processed securely by Stripe)
  • Device and browser information
  • API keys (when using BYOK feature, stored encrypted)

How We Use Your Information

  • To provide and maintain our service
  • To process your transactions
  • To improve our platform and user experience
  • To communicate with you about updates and features
  • To ensure security and prevent fraud

Third-Party Service Providers

We share your data with the following categories of service providers who process data on our behalf:

  • Anthropic: AI model provider for Claude (USA)
  • OpenAI: AI model provider for GPT-4 (USA)
  • Google: AI model provider for Gemini (USA)
  • Groq: AI inference provider for accelerated model responses (USA)
  • Cloudflare: Infrastructure and edge computing (Global)

Each provider is bound by data processing agreements and maintains appropriate security measures.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we are committed to the following notification procedures:

  • Supervisory Authority Notification: In compliance with GDPR Article 33, we will notify the relevant supervisory authority within 72 hours of becoming aware of a qualifying data breach.
  • User Notification: Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay.
  • Documentation: We maintain a comprehensive breach register documenting all personal data breaches.

Contact for Security Concerns: If you believe you have discovered a security vulnerability or suspect unauthorized access to your data, please contact us immediately at security@collab-llm.com.

Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise your rights: Email us at privacy@collab-llm.com. We will respond within 30 days.

Data Retention

  • Account data: Until account deletion request
  • Conversation history: 90 days after account deletion (for abuse prevention)
  • Payment records: 7 years (legal/tax requirements)
  • Usage analytics: 2 years in anonymized form

Contact Us

If you have questions about this Privacy Policy, please contact us: