Privacy Policy
Last updated: June 2026
1. Introduction
LLMBase, operated by Eyloo GmbH, provides AI chat, model comparison, inference APIs, and related AI tools. This Privacy Policy explains how we process personal data when you use our website, account area, applications, and services.
We process personal data in accordance with the GDPR and applicable German data protection law. For business customers, our Data Processing Agreement provides the processor terms, technical and organizational measures, subprocessor information, retention commitments, and professional secrecy protections.
2. Controller and Contact
The controller responsible for the processing described in this Privacy Policy is:
Eyloo GmbH
Im Hemchen 20
56410 Montabaur
Germany
Email: privacy@llmbase.ai
3. Data We Process
Depending on how you use LLMBase, we process the following categories of data:
- Account Data: name, email address, authentication data, workspace membership, plan, and account settings.
- Customer Content: prompts, files, messages, chat history, API inputs, generated outputs, and workspace content you submit or create.
- Operational Metadata: model selections, timestamps, request identifiers, token and usage counters, feature interactions, error events, rate-limit data, and security logs.
- Billing Data: subscription, invoice, payment, tax, and transaction information.
- Support Data: messages, diagnostics, attachments, and contact details you provide when requesting support.
- Website and Analytics Data: page activity, referrer and campaign parameters, cookie preferences, device information, browser information, and approximate location derived from technical request data.
4. AI Processing and Model Use
4.1 LLMBase-Hosted Model Paths
LLMBase operates selected model paths on infrastructure in European hosting locations, currently including Germany, Finland, Switzerland, and the Netherlands. For these paths, prompt and response processing occurs under LLMBase-controlled service infrastructure.
4.2 Optional External Model Paths
LLMBase may make optional external, lab, or proprietary model paths available in the product. We do not name those optional providers in this Privacy Policy. Customer Content is sent to those paths only where you select the path, activate the relevant provider or account setting, or give feature-specific approval.
For optional external, lab, or proprietary model paths, LLMBase sends only the content, model settings, and technical parameters needed to produce the selected response. LLMBase account identifiers, session tokens, billing data, and internal analytics identifiers are not included in the model prompt unless technically necessary for the specific feature.
4.3 No Model Training
We do not use Customer Content to train, fine-tune, evaluate, or improve AI models. This applies to prompts, uploaded files, chat messages, generated outputs, and API payloads.
We may use Operational Metadata to operate, secure, debug, bill, and improve the usability of the service, including capacity planning and product analytics. Operational Metadata is not used to train, fine-tune, evaluate, or improve AI models.
5. Purposes and Legal Bases
We process personal data for the following purposes and legal bases:
- Contract performance (Art. 6(1)(b) GDPR): to provide accounts, workspaces, AI features, API access, subscriptions, support, and requested product functionality.
- Legitimate interests (Art. 6(1)(f) GDPR): to secure the service, prevent misuse and fraud, maintain reliability, debug errors, understand product usage, and improve the usability of the service without using Customer Content for AI model training or evaluation.
- Legal obligations (Art. 6(1)(c) GDPR): to comply with tax, accounting, commercial, security, and legal requirements.
- Consent (Art. 6(1)(a) GDPR): for optional cookies, marketing communications, and optional features that require consent. You can withdraw consent at any time with effect for the future.
6. Processors, Subprocessors, and Transfers
We use carefully selected processors and subprocessors for hosting, authentication, database infrastructure, security, analytics, billing, support, and optional AI model paths. Business customers can review the current subprocessor list in the Data Processing Agreement.
Where processing outside the European Economic Area is necessary, we use appropriate safeguards such as adequacy decisions, Standard Contractual Clauses, transfer impact assessments, encryption, access controls, and data minimization. Optional external, lab, or proprietary model paths involving third-country processing require product selection, account activation, or feature-specific approval.
We configure analytics and security tools to reduce personal-data exposure where practical, including IP truncation or minimization, access controls, limited retention, and cookie controls where required.
7. Security and Confidentiality
We implement technical and organizational measures designed to protect personal data, including encrypted transport, access controls, role-based permissions, monitoring, logging, backup controls, vulnerability management, and confidentiality obligations for personnel with authorized access.
Access to Customer Content is limited to what is necessary for providing, securing, supporting, or legally administering the service.
8. Retention
We keep personal data only for as long as needed for the purposes described in this policy, unless a longer period is required by law:
- Account Data: retained while the account is active and deleted or anonymized within 30 days after account closure, unless legal retention duties apply.
- Customer Content: retained according to product settings and feature behavior, and deletable where supported in the product.
- LLMBase-hosted inference payloads: not retained after response generation unless needed for a selected product feature such as chat history, workspace storage, support, security, or legal compliance.
- Optional external model paths: LLMBase does not retain prompt content after routing unless needed for a selected product feature, support, security, or legal compliance.
- Operational Metadata: retained for limited periods needed for security, debugging, billing, analytics, and service reliability.
- Billing Data: retained for statutory tax and accounting periods, generally up to 10 years under German law.
- Support Data: generally retained for up to 3 years unless a longer period is needed for legal claims or compliance.
9. Professional Secrecy and Protected Content
Where customers process professional secrets or similarly protected information through LLMBase, we treat that content as confidential Customer Content. Our Data Processing Agreement includes additional professional secrecy obligations, confidentiality controls, access restrictions, breach notification duties, and deletion commitments.
10. Cookies and Analytics
We use essential cookies and similar technologies for authentication, session security, preferences, fraud prevention, and service operation. We may also use analytics and conversion technologies to understand website usage, acquisition performance, product usage, and billing conversion where permitted by law or consent.
You can manage cookie preferences through the cookie banner and your browser settings. Disabling essential cookies may affect service functionality.
11. Your GDPR Rights
Subject to the legal requirements, you have the right to access, rectify, erase, restrict, object to processing, receive data portability, and withdraw consent where processing is based on consent.
To exercise your rights, contact privacy@llmbase.ai. We will respond within the period required by GDPR.
12. Children's Privacy
LLMBase is not intended for children under 16 years of age or the applicable age of digital consent in your jurisdiction. We do not knowingly collect personal data from children.
13. Changes
We may update this Privacy Policy to reflect product, legal, technical, or operational changes. We will post the updated version with a new "Last updated" date and provide additional notice where legally required.
14. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe that our processing of personal data violates data protection law.
For Rheinland-Pfalz, the competent supervisory authority is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Website: www.datenschutz.rlp.de