Legal
Privacy Policy
What latestmodel.id collects, what it stores, what it doesn't, and how to reach the operator. The short version: no accounts, no API keys, and we deliberately don't collect IPs or user agents on the API.
Effective: 2026-05-09 · Operator: Rahul Verma ( @RahulVerma989 on X )
1. The 30-second summary
- The API is unauthenticated and stores no personally identifying information per request — no IP, no user agent, no cookie, no body content.
- We keep aggregate counters: how many requests hit the API, and how often each tag, provider, model, or content type was resolved. These are integers in Redis, not request logs.
- The website does not set advertising or third-party analytics cookies.
- Outbound calls to the upstream LLM provider you choose are made by your code with your credentials. The provider sees your traffic; we do not.
2. Who we are
The Service is operated by Rahul Verma, an individual maintainer based in India. For privacy questions, the only contact channel is @RahulVerma989 on X. There is no support inbox.
3. What we collect
3.1 API requests
Every call to /v1/* is processed by an in-process counter (src/lib/analytics.ts) that increments aggregate totals in Redis on a 30-second flush window. The fields written to Redis are:
- a single lifetime request total;
- per-day counters by UTC date (auto-expired after 90 days);
- per-tag, per-provider, per-aggregator, per-type, and per-model counters — these are values you supplied in the URL (e.g.,
?tag=smartest), not anything derived from your identity.
We do not store the request URL, IP address, user agent, request id, response body, referer, geolocation, or any other per-request fingerprint. There is no audit log of who called what.
3.2 Server logs
The Next.js server emits operational logs (errors, Redis reconnects, request method/path for debugging) to its standard output. These logs are short-lived, used for debugging availability, and not stored long term. Hosting providers (e.g., the VPS or PaaS we deploy to) may retain their own infrastructure logs subject to their respective privacy policies.
3.3 Website
The marketing site stores a small, theme-related entry in your browser's localStorage (managed by next-themes) so your light/dark choice persists across visits. The resolver demo also persists your tag/provider selection in localStorage for convenience.
We do not set advertising cookies, tracking pixels, or third-party analytics scripts. There is no Google Analytics, no Facebook Pixel, no Hotjar, no LogRocket.
3.4 CDN & hosting
The Service sits behind a CDN (typically Cloudflare). The CDN may collect short-term operational data (IP address, edge cache hit/miss, request size) for security and routing, per the CDN provider's own privacy policy. We do not have access to a request-level log of this data.
4. What we explicitly don't do
- No accounts. The Service has no signup flow and no user database.
- No API keys. You don't send us credentials, and we don't issue any.
- No selling, sharing, or renting of aggregate counters or any other data to third parties for marketing or advertising.
- No interception of upstream traffic. When you take a resolved model id and call Anthropic, OpenAI, etc., that request goes directly from your code to that provider. We are not a proxy.
- No model output storage. The Service never sees the prompts you send to upstream models or the responses they return.
5. Why we collect what we do
Aggregate counters power the live analytics panel on the homepage and help the maintainer understand which tags, providers, and models are actually useful to users — so the dataset can be prioritized for those. Server logs exist to let the maintainer debug outages and security issues.
Lawful bases under the GDPR-equivalent framing: legitimate interest (running the Service and improving it). Consent is not required because the data we collect is not personal data — it is fully aggregated counts of API parameters.
6. Retention
- Lifetime counters: kept indefinitely. They are integers; they do not relate to individual users.
- Per-day counters: 90 days, then auto-expired by Redis TTL.
- Operational server logs: a few hours at most, by default.
- CDN logs: subject to the CDN provider's own retention policy (typically days, not weeks).
7. Sharing & sub-processors
We use a small number of sub-processors to run the Service. None receive personal data from us; the only data they handle is operational:
- Hosting — a VPS / container platform that runs the Next.js server. They see traffic at the network layer.
- Redis — managed Redis instance that holds aggregate counters and operational caches.
- CDN — typically Cloudflare, in front of the origin. Subject to their privacy policy.
- DNS & status page — domain DNS and the public status page at
https://status.latestmodel.id.
We do not sell or rent any data we collect. We may disclose data only when required by a valid legal process directed at the Operator in India, and only to the minimum extent compelled.
8. Cookies & local storage
The Service does not use cookies for tracking. Specifically:
- No advertising or third-party analytics cookies are set by the website.
- The website stores a small theme preference (
light/dark) and the resolver demo's last selection inlocalStorage. You can clear these via your browser's site-data controls without affecting any server-side state. - The CDN and the underlying browser may use a small number of operational cookies (e.g., for security challenges); those are governed by the CDN provider's policy.
9. Security
Operational best practices we apply:
- HTTPS everywhere (TLS terminated at the CDN, redirects from HTTP).
- Read-only API surface — no endpoints accept user-submitted writes.
- No persistent secrets transmitted from clients (the Service has no auth flow).
- Edge rate-limit rules at the CDN to absorb burst traffic.
- Minimal-by-default analytics: counters can't be re-identified to a user.
No system is perfectly secure. If you discover a vulnerability, please report it responsibly via the maintainer's X account before publishing.
10. Your rights
Because the Service does not collect personally identifying information at the application layer, the practical scope of subject-rights requests (access, rectification, deletion, portability) is limited — there is no per-user record on our side to act against.
That said, you may at any time:
- stop using the Service — there is nothing to delete on our side because there is no account;
- clear the website's
localStoragevia your browser to reset your theme/demo preferences; - contact the maintainer with privacy questions or requests via X (DM).
11. Children
The Service is a developer tool not directed at children under 13 (or under 16 in the EU / EEA). We do not knowingly collect data from children. If you believe a child has interacted with the Service in a way that requires action, contact the maintainer.
12. International data transfers
The Service is operated from India and uses sub-processors that may be located elsewhere. Because we do not collect personal data at the application layer, there is no personal data to transfer. CDN-level operational data may be processed across regions per the CDN provider's own policy.
13. Upstream LLM providers
The whole point of latestmodel.id is to point you at someone else's API. Once you take a resolved model id and call the upstream provider (Anthropic, OpenAI, Google, xAI, Groq, DeepSeek, Mistral, OpenRouter, AWS Bedrock, etc.), that provider's privacy policy applies to that traffic. Read theirs before sending data you care about.
14. Changes to this policy
We may update this Privacy Policy. The current version's effective date is at the top of this page. Material changes will be announced by bumping that date and, where appropriate, posting a note via the maintainer's X account. Your continued use of the Service after a change constitutes acceptance of the updated policy.
15. Contact
For privacy-related questions, contact the maintainer: @RahulVerma989 on X.
Questions about this document? Reach the maintainer on X (Twitter). Updates to this page are versioned by the “Effective” date above.