Back to security
Legal overview

Privacy and Data Handling Overview

OneAI is designed to make model routing, usage, and operational ownership visible for production AI customers.

Account data

OneAI may store user email, organization membership, API key metadata, billing state, and usage events to provide the console and API service.

Request data

OneAI may process request payloads, outputs, model metadata, token usage, latency, errors, and Agent OS execution records for service delivery and support.

Secrets

Customer API keys are stored as hashes. Upstream provider keys are server-side infrastructure secrets and are not returned to customers.

Operational logs

Logs support abuse prevention, billing, debugging, reliability, and customer support.

Customer requests

Customers may request support for account review, billing records, data export, or deletion according to plan and legal requirements.

Customer controls

How customers reduce data risk

Minimize payloads

Send only the content needed for the selected task or model call.

Choose providers

Use explicit provider/model selection or allowlists when your data policy requires a specific routing path.

Separate environments

Use different API keys for production, staging, and testing.

Review usage

Monitor request history, cost, failed requests, Agent OS proof, and audit events from the console.

Request support

Ask for export, deletion, contract, DPA, invoice, or enterprise data handling review when needed.