Privacy Policy

• Account data — name, email, organisation, and authentication details.
• Billing data — billing address and limited payment metadata. Card details are processed by our payment provider and are not stored by us.
• Usage metadata — timestamps, model names, token counts, status codes, and the API key used. We use this to meter usage and produce invoices.
• Technical data — IP address and request headers, used for security and abuse prevention.

Grokified operates as a transparent proxy. We do not store the bodies of your prompts or the model’s completions in the ordinary course of providing the Service, and we do not use them to train any model. Request and response payloads are forwarded to and from the upstream provider and are processed in memory only as needed to deliver the response.

We may temporarily retain limited content where strictly necessary to investigate abuse, security incidents, or a billing dispute, and only for as long as required for that purpose.

• To provide, maintain, and secure the Service.
• To meter usage, apply the introductory discount, and bill you.
• To detect, prevent, and investigate fraud and abuse.
• To communicate about your account, including service and policy changes.
• To comply with our legal obligations.

We rely on the following lawful bases under the UK GDPR: performance of a contract (to provide the Service and bill you); legitimate interests (security, abuse prevention, and improving the Service, balanced against your rights); legal obligation (tax and accounting); and consent where required (for example, non-essential marketing).

We share data only with processors that help us run the Service, under appropriate data-processing terms:

• xAI — the upstream model provider, which receives your request content to generate responses.
• Payment processor — to take payment and issue invoices.
• Cloud & infrastructure providers — to host and operate the proxy.

We do not sell personal data. We may disclose data where required by law or to protect our rights.

Some processors are located outside the UK and EEA. Where we transfer personal data internationally, we use appropriate safeguards such as the UK International Data Transfer Agreement or the EU Standard Contractual Clauses.

We keep account and usage metadata for as long as your account is active and thereafter as needed to meet legal, tax, and accounting obligations (typically up to seven years for financial records). Security logs are retained for a limited period. Request and response content is not retained beyond what Section 3 describes.

Subject to applicable law, you have the right to access, rectify, erase, restrict, or object to processing of your personal data, and to data portability. Where we rely on consent, you can withdraw it at any time. To exercise your rights, contact privacy@grokified.com. You also have the right to complain to the UK Information Commissioner’s Office (ICO) or your local supervisory authority.

Our marketing site uses strictly necessary cookies to operate, and optional analytics cookies only with your consent. The API itself does not use cookies. You can manage preferences in your browser and via our cookie banner.

We protect data with encryption in transit, access controls, and the principle of least privilege. API traffic is served over TLS. No system is perfectly secure, but we work to protect your data and to respond promptly to incidents.

The Service is not directed to children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us data, contact us and we will delete it.

We may update this policy from time to time and will post the new effective date here. For privacy questions or requests, contact privacy@grokified.com or write to DEEPORAX AI LTD, 932 Middleton Road, OL9 9SB, United Kingdom.