Privacy Policy

How the platform collects, uses, shares, and protects personal data, including account data, billing records, workload data, cookies, and support requests.

Terms Privacy Refunds Support

Last updated May 7, 2026. For negotiated contracts, the signed agreement controls.

Controller and scope

Controller: Autonomous Computing AB is the controller for BatchRouter account, billing, website, and support data unless a signed agreement says otherwise.
Contact: support@batchrouter.com
Workload role: For customer-submitted workload content, BatchRouter generally acts as a processor or service provider under the customer's instructions and selected route policy.

Personal data we process

Account and access: Workspace name, user email, password verifier, session records, role assignments, API key metadata, and verification or reset events.
Billing and credits: Billing email, Stripe customer and checkout identifiers, credit ledger entries, reservations, pack purchases, and webhook reconciliation records.
Workload and routing: Batch manifests, item inputs, routing decisions, provider execution metadata, output artifacts, route receipts, feedback, and delivery configuration.
Operations and support: Security logs, API events, provider health signals, error references, rate-limit records, support messages, and diagnostic telemetry needed to run and protect the service.
Cookies and local storage: Essential cookies and browser storage support login, security, billing, fraud prevention, saved preferences, and consent records. Optional analytics only runs after consent.

Legal bases and purposes

Contract: Quote work, reserve credits, route items, dispatch to providers, assemble artifacts, deliver webhooks, and show batch status in the console.
Legitimate interests: Secure the service, prevent abuse, debug incidents, detect provider stalls, improve routing quality, and maintain reliable operations.
Consent: Use optional analytics and similar non-essential storage only after consent. You can reject optional analytics or change your choice from Cookie settings.
Legal obligations: Maintain payment, tax, accounting, fraud-prevention, and dispute records where required by law or necessary to establish or defend claims.

Cookies and choices

Essential: Essential cookies and storage are required for authentication, security, account preferences, billing flows, and remembering your cookie choice.
Analytics: Optional activation telemetry helps BatchRouter understand aggregate public-page usage and product interest. It is not required to use the service.
Withdraw consent: Use the Cookie settings link in the footer to change or withdraw optional analytics consent at any time.

Subprocessors and providers

Infrastructure: Cloudflare Workers, D1, Queues, R2, Durable Objects, Analytics Engine, and related edge security services.
AI providers: OpenAI, Anthropic, OpenRouter, and any provider explicitly selected or allowed by the route policy.
Payments and email: Stripe processes card payments and payment receipts. Resend delivers account and workspace emails when configured.
International transfers: Providers and subprocessors may process data outside your country. BatchRouter relies on provider commitments, contractual safeguards, and transfer mechanisms where required.

Retention and security

Retention: Operational, billing, workload, and security records are retained as needed for service delivery, legal obligations, dispute handling, audit, and abuse prevention.
Safeguards: BatchRouter uses Cloudflare security controls, scoped API keys, signed artifact delivery, access controls, audit events, rate limits, and operational monitoring.
Deletion: Deletion requests are handled subject to active batches, payment records, security logs, legal obligations, and backups that expire on their normal lifecycle.

Your rights

Rights: Depending on your location, you may request access, correction, deletion, export, restriction, objection, or withdrawal of optional analytics consent.
How to request: Email BatchRouter support with your workspace name, account email, requested action, and enough detail to verify the account.
Authority: You may also lodge a complaint with your local data protection authority if you believe your personal data has been handled unlawfully.