Last updated: June 8, 2026
Data Security and Compliance
This page explains CodexZH data handling purposes, data flows, logging strategy, and high-risk data boundaries for AI model gateway scenarios.
Processing purposes
CodexZH processes customer data only as necessary to provide services, billing, troubleshooting, security audits, anomaly detection, abuse prevention, content safety, compliance retention, dispute resolution, and lawful cooperation.
Platform practices
- No active use of customer inputs, outputs, code, or business data for general model training, fine-tuning, or distillation.
- No selling, renting, or trading of customer data.
- No active use of customer data for advertising, profiling, or public case studies.
- Model identifiers, costs, and call status follow console usage records.
Data types and retention
| Data type | Purpose | Long-term by default | Notes |
|---|---|---|---|
| Account information | Login, authentication, notices, billing | Yes | Retained during account lifecycle and as legally required |
| API call metadata | Billing, audit, troubleshooting, security | Yes | Includes request_id, time, model, tokens, status code, cost |
| Complete input content | Model call, troubleshooting | No | Short-term processing only when necessary |
| Complete output content | Response delivery, troubleshooting | No | Short-term processing only when necessary |
| Payment records | Billing, invoices, disputes | Yes | Retained for tax and dispute handling |
| Security logs | Anti-abuse, security audit, risk response | Yes | Retained as needed for security and compliance |
| Third-party call records | Data flow, disputes, compliance evidence | Yes | Includes model, call time, status, and necessary metadata |
Third-party processing
To complete model calls, customer input, request parameters, necessary context, and response content may be transmitted to necessary partners such as model providers, cloud providers, network providers, or security providers. Their terms, privacy policies, regional restrictions, quotas, and data processing rules may apply, and updates to those rules may affect the service.
Regions and upstream availability
- CodexZH does not maintain a fixed public list of supported countries or regions. Actual availability depends on local law, payment availability, network conditions, and restrictions imposed by model providers and cloud providers.
- If a region, channel, model, or provider is unavailable, restricted, or presents compliance risk, CodexZH may limit, suspend, or adjust access.
- Users are responsible for confirming that their location, use case, data type, and end-user location may lawfully use the relevant third-party model service.
Overseas models and cross-border data
If a supported model, node, or service provider involves overseas processing, inputs, request parameters, necessary context, and responses may be transferred overseas or accessed by overseas entities. Confirm data legality, authorization, redaction, and any required personal information or cross-border compliance procedures before calling.
Third-party providers
CodexZH may use model providers, cloud providers, network and security providers, payment providers, and email providers only as necessary to deliver model calls, hosting, security, billing, notifications, and support.
Logging principles
- Call metadata is retained by default for billing, audit, usage analytics, troubleshooting, and security handling.
- Complete prompts and responses are not retained long-term by default; short-term processing may occur only as necessary for call completion, customer-authorized troubleshooting, or security review.
- Call metadata for billing, audit, and security (request_id, token counts, status codes, cost, etc.) is retained under a data minimization principle and is separated from complete inputs and outputs where feasible.
- CodexZH may apply rate limits, quotas, anomaly monitoring, or necessary blocking for security, billing, service stability, or third-party provider requirements.
Data security or compliance contact: support@codexzh.com.