This Privacy Policy explains how Minima AI, Inc. (“Minima,” “we,” “us,” or “our”) collects, uses, discloses and retains personal information when you use our websites, hosted inference APIs, model optimization and deployment services, provider endpoints, documentation and related services (collectively, the “Services”).
This Policy does not govern a third-party service that has its own privacy policy. For example, when you access Minima through OpenRouter, OpenRouter's privacy policy applies to OpenRouter's collection and handling of information, while this Policy applies to information OpenRouter sends to Minima for inference and related provider operations.
1. Our role
For customer account, website, billing and service-security information, Minima generally acts as a business or controller. For Customer Content submitted to an API by or on behalf of a business customer, Minima generally acts as that customer's service provider or processor and follows the customer's documented instructions, the applicable agreement and law.
If a customer needs a data processing addendum (“DPA”), security materials or a current subprocessor list, contact privacy@mnma.ai.
2. Information we collect
Account and contact information
We may collect your name, business email, company, job title, account identifiers, authentication settings, support history and the content of business communications.
Customer Content
“Customer Content” means prompts, messages, system instructions, completions, tool calls and results, files, images, embeddings or other information submitted to or generated through the Services. We process Customer Content to perform the requested inference or related service. The data types present in Customer Content are determined by the customer.
Usage and operational metadata
We may collect request ID, model and backend revision, timestamps, serving region, token counts, latency, status code, finish reason, error category, rate-limit events, an account or API-key identifier, and security signals. On zero-data-retention endpoints, the account or API-key identifier in operational logs is hashed or otherwise pseudonymized, and the metadata does not include prompt or completion content.
Payment and transaction information
For direct paid Services, a payment processor may collect card, bank-account and billing details. Minima normally receives transaction identifiers, customer or account identifiers, payment status, amount, currency, billing address and limited payment-method descriptors, such as card brand and last four digits. Minima does not receive or store full card numbers or bank-login credentials. If a marketplace such as OpenRouter handles end-user payment, the marketplace's terms and privacy policy govern its payment collection.
Website and device information
When you visit our website, we may receive IP address, browser and device type, operating system, referring page, pages viewed, approximate location derived from IP, timestamps, cookie identifiers and similar diagnostic information. We use only the cookies and similar technologies needed to operate, secure, measure and improve the website, subject to any consent required by law.
Information you choose to provide
We collect information in sales inquiries, applications, surveys, support requests, security reports, benchmark submissions and other communications you initiate.
3. Sources of information
We collect information directly from you; automatically from your browser, application or API usage; from your organization; from an authorized marketplace, reseller or integration such as OpenRouter; from service providers that help us operate the Services; and from public sources when reasonably necessary for business verification, security or legal compliance.
4. How we use information
We use personal information to:
- provide, route, secure and support inference and related Services;
- authenticate accounts, enforce rate limits and protect API keys;
- measure tokens, availability, latency, capacity, quality and cost;
- bill direct customers and reconcile usage with marketplaces and providers;
- detect, investigate and prevent fraud, abuse, security incidents and violations of our Terms;
- respond to support, sales, privacy and legal requests;
- maintain and improve our infrastructure, models, documentation and user experience using non-content telemetry, aggregated information and data that is not personal information;
- comply with law, enforce agreements and protect rights, safety and property; and
- send service messages and, where permitted, business communications that you can opt out of.
Where applicable law requires a legal basis, we rely on performance of a contract, our legitimate interests in operating and securing the Services, compliance with legal obligations, and consent where consent is required. You may withdraw consent at any time, without affecting processing already performed.
5. Model-training policy
Minima does not use Customer Content to train, retrain, fine-tune or improve any model unless the customer separately and explicitly opts in in writing. Buying or using the Services, accepting our Terms, contacting support or enabling ordinary diagnostics does not constitute a training opt-in.
If Minima offers an opt-in data program, the customer will receive a separate description of the data, purpose, access controls, retention, withdrawal process and any applicable commercial terms before opting in.
6. Retention and deletion
| Data category | Default treatment |
|---|---|
| OpenRouter production inference Customer Content | Processed in volatile memory only; not written to disk, object storage or persistent application logs; deleted from memory after the request completes or is cancelled. |
| Direct API Customer Content on a zero-data-retention endpoint | The same volatile-memory treatment as the OpenRouter production endpoint. |
| Optional content logging | Off by default. Available only if a direct customer deliberately enables it or agrees to it in a written order. The applicable setting or order states the retention period and access controls. |
| Non-content operational metadata | Retained for up to 30 days for reliability, capacity, abuse prevention and reconciliation, then deleted or aggregated. A record tied to a security incident, dispute or legal obligation may be isolated and retained for as long as reasonably necessary. |
| Account, contract and support records | Retained while the account or business relationship is active and for a reasonable period afterward for administration, disputes and legal compliance. |
| Billing, tax and payment records | Retained for the period required by accounting, tax and other applicable laws, commonly up to seven years. These records do not include prompt or completion content. |
| Website security logs | Normally retained for up to 30 days, unless needed for a security investigation or legal requirement. |
Deletion from an active system may not immediately remove information from a securely maintained backup. Backup copies are isolated from ordinary use and deleted according to the backup lifecycle. We may retain information longer when required by law, needed to establish or defend legal claims, or requested by the customer under a written agreement.
7. How we disclose information
We may disclose information to:
- service providers and subprocessors that provide cloud infrastructure, networking, security, observability, support, communications, analytics and payment processing under contractual restrictions;
- marketplaces, resellers and integrations such as OpenRouter when necessary to route requests, reconcile usage, investigate errors or administer the commercial relationship;
- your organization, including account administrators and authorized users;
- professional advisers, including auditors, insurers, attorneys and accountants, subject to appropriate duties of confidentiality;
- authorities or other parties when we reasonably believe disclosure is required by law or necessary to protect rights, safety, security or property; and
- a transaction counterparty in connection with a merger, financing, acquisition, reorganization, bankruptcy or sale of assets, subject to appropriate protections.
Minima does not sell Customer Content or personal information. Minima does not share personal information for cross-context behavioral advertising and does not use Customer Content for advertising.
We may disclose aggregated or de-identified information that cannot reasonably be used to identify a person. We will not attempt to re-identify information we maintain as de-identified except to test whether our de-identification controls work, as permitted by law.
8. International data transfers
Minima is a United States company, and information may be processed in the United States and other countries where Minima or its service providers operate. Those countries may have different data-protection laws from your country. Where required, we use an approved transfer mechanism, such as standard contractual clauses, and apply supplementary safeguards appropriate to the data and service.
The inference country codes for a particular provider endpoint may be listed in the applicable model or marketplace metadata. Enterprise customers may request contractual region commitments where available.
9. Security
We use administrative, technical and physical safeguards designed to protect information, including access controls, encryption in transit, secrets management, network controls, logging restrictions, vulnerability management and incident-response procedures. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
You are responsible for protecting API keys, credentials and systems under your control. Report a suspected security issue promptly to security@mnma.ai.
10. Your privacy rights
Depending on your location and applicable law, you may have the right to request access to, correction of, deletion of or a copy of personal information; object to or restrict processing; withdraw consent; opt out of certain disclosures; and appeal a decision concerning a request. You may also have the right to complain to a data-protection authority.
Submit a request to privacy@mnma.ai. Tell us the right you want to exercise and the account, organization or interaction involved. We may verify your identity and authority before acting. If Minima processes the relevant information solely for a business customer, we may direct you to that customer and assist it as required by contract and law. Authorized agents may submit requests where permitted, subject to verification.
We will not discriminate against you for exercising a privacy right. Some information may be exempt from a request, and we may retain information where permitted or required by law.
11. Regional disclosures
California and other U.S. states
The categories described in Section 2 correspond to identifiers, commercial information, internet or electronic-network activity, professional information, approximate location and inferences under some U.S. state laws. We collect and disclose them for the business purposes described in Sections 4 and 7. We do not sell these categories or share them for cross-context behavioral advertising. We do not knowingly use or disclose sensitive personal information for purposes that require a right to limit under California law.
Minima does not currently respond to browser “Do Not Track” signals because no uniform technical standard applies. Where required, we honor legally recognized opt-out preference signals for processing to which such signals apply.
European Economic Area, United Kingdom and Switzerland
You may contact us about the legal basis for processing, international-transfer safeguards or your rights of access, rectification, erasure, restriction, portability and objection. You may lodge a complaint with your local supervisory authority. Minima does not make decisions producing legal or similarly significant effects about individuals based solely on automated processing of account or website data.
12. Children
The Services are designed for businesses and developers and are not directed to children under 18. We do not knowingly collect personal information directly from children. If you believe a child has provided personal information to Minima, contact us so we can investigate and take appropriate action.
13. Changes to this Policy
We may update this Policy to reflect changes in the Services, law or our practices. We will post the updated version at this URL and change the effective date. If a change materially reduces a contractual data-protection commitment, we will provide additional notice where required by law or contract.
14. Contact us
Attn: Privacy
1111B S Governors Ave STE 26951
Dover, DE 19904, United States
Email: privacy@mnma.ai