LLM Gateway
GDPR Compliance
Data Handling
The privacy policy states data may be processed and stored on servers in the European Union or the United States. LLM Gateway routes API requests to selected third-party AI providers, and its site/docs describe access to many providers and automatic routing/fallback, so EU-only processing is not guaranteed from the public documentation.
Default retention is metadata only. If 'Retain All Data' is enabled, full request/response payloads are stored. Data is retained for 30 days for all users, with custom retention periods for Enterprise. Stored data is automatically deleted after the retention period or when the account is deleted, and users can request immediate deletion of specific records through support.
Privacy/terms say users can choose between 'Metadata Only' and 'Retain All Data' in Settings → Policies. The service shares request data with selected AI providers when routing requests.
Certifications & EU AI Act
No certifications disclosed.
Verification
- https://llmgateway.io/ ↗
- https://llmgateway.io/pricing ↗
- https://llmgateway.io/legal/privacy ↗
- https://llmgateway.io/legal/terms ↗
- https://llmgateway.io/features/multi-provider-support ↗
- https://docs.llmgateway.io/ ↗
- https://docs.llmgateway.io/features/data-retention ↗
- https://docs.llmgateway.io/features/caching ↗
- https://llmgateway.io/blog/introducing-llm-gateway ↗
- https://llmgateway.io/blog/custom-openai-compatible-providers ↗
Public primary-source documentation confirms a US legal nexus (Delaware governing law), processing/storage in the EU or US, configurable retention, and extensive routing to third-party AI providers, including custom providers. I could not find a public DPA/AVV, sub-processor list, SCC statement, training-on-customer-data statement, or security certification disclosure on the provider’s official site/docs, so those fields are null or false where appropriate.