Privacy and data policy
This page describes what Pylo collects when you send a request, how long we keep it, and what we do with it. Pylo is an OpenAI-compatible inference provider. We route your request to an upstream model backend and stream the response back to you.
Read this alongside our Acceptable Use Policy and Terms. If anything here conflicts with a signed agreement, the signed agreement controls.
Pylo retains request metadata for abuse and legal compliance. We do not train on that data and we do not sell it. Pylo is not zero-data-retention.
What we collect
We collect request metadata and audit trace identifiers. We do not store the content of your prompts. We do not store the content of model responses.
Trace identifiers include the X-Request-Id we assign to every inbound request. That value is the idempotency key for the request and lets us trace a single request end to end across a failover retry.
The audit log
Every request through Pylo writes one append-only line to an audit log. The log records metadata only. It never records prompts or responses.
Each line stores exactly the following fields:
| Field | What it holds |
|---|---|
| internal user identifier | the account the request was authenticated under |
| timestamp | when the request was received |
| endpoint | the API endpoint the request hit, for example /v1/chat/completions |
| method | the HTTP method, for example POST |
| model | the model the request targeted |
| http_status | the response status code |
| X-Request-Id | the trace identifier for the request |
| error | populated on failures, null otherwise |
| timings | latency markers such as time to first token and end to end duration |
| token counts | prompt and output token counts for the request |
The log is append-only. Lines are not edited after they are written.
Why we retain it
We retain audit metadata to detect and investigate abuse and to meet our legal and compliance obligations. We keep that data while it serves those purposes. Pylo is not a zero-data-retention provider.
What we do not do
- We do not train models on your requests or responses.
- We do not sell your data.
- We do not store prompt content in the audit log.
- We do not store response content in the audit log.
Upstream backends
Pylo routes each request to an upstream inference backend to fulfill it. To serve your request, the request data is sent to that backend. Those backends are sub-processors and apply their own data policies to the request they receive. Pylo selects the backend and streams the response back to you over the same connection.
Making a data request
To make a data request or ask what data we hold about you, email support@pylo.sh. Include the internal user identifier or the X-Request-Id values relevant to your request so we can locate the matching audit lines.
Governing terms
- Operated from
- United States
- Governing law
- State of Delaware, USA
- Privacy contact
- support@pylo.sh
- Abuse reports
- abuse@pylo.sh
- Effective
- 2026
We may update this policy. Material changes will be reflected in the effective date above.