Privacy Policy

01 Overview

This Privacy Policy describes how GWMM LLC(“GWMM”, “we”, “us”) handles data when you access our AI inference API node, served to you through OpenRouter or via a GWMM direct connection. By using the GWMM endpoint you agree to the practices described here.

GWMM provides direct-route access to open-weight language models (Gemma 4). We are an infrastructure provider: our role is to execute your inference request as fast as possible and then forget it.

02 Zero Data Retention

Zero Data Retention is the core architectural guarantee of this service. It is not a setting you opt into — it is how the pipeline is built.

• In-memory only. Prompts and generated completions exist solely in GPU and system memory for the duration of a single request.
• Immediate destruction. The moment a response finishes streaming, the associated memory — including the paged KV cache — is released and overwritten.
• No training use. Your inputs and outputs are never collected, reviewed, or used to fine-tune or train any model.

03 What We Process

To fulfill an inference request, the following data passes transiently through the node and is discarded immediately after:

• The prompt and parameters you submit (messages, temperature, max tokens, etc.)
• The completion generated by the model in response
• The KV cache derived from your context, isolated at the page level from every other session

None of the above survives the request. There is no database, object store, or log file in which this content is persisted.

04 What We Never Retain

• Prompt or completion text — never written to disk or logs.
• Personal identifiers embedded in your prompts — we do not parse, extract, or store them.
• Cross-session context — page-level KV isolation makes context bleed between requests physically impossible.
• Training datasets — we build none from your traffic.

We process content only in-memory and never store it, except where law requires us to preserve and report child sexual abuse material (CSAM) to NCMEC. Contact legal@gwmmai.com for abuse reports.

05 Operational Metadata

We retain a minimal set of non-content metadata strictly to operate the service, ensure reliability, and reconcile billing for both the GWMM direct wallet and the OpenRouter route:

• Token counts (input / output) per request
• Timestamps and latency measurements (e.g. TTFT)
• Aggregate request volume and error rates

This metadata contains no part of your prompt or completion content and is retained for up to 90 days for billing reconciliation and capacity planning.

06 Third Parties

Requests reach our node through two infrastructure partners. Each has its own handling terms:

• OpenRouter — routing marketplace for OpenRouter-route requests.
• Stripe — payment processing for GWMM direct-wallet top-ups.
• Cloudflare — provides the encrypted tunnel (TLS/HTTPS) between clients and our gateway.

GWMM does not sell, rent, or share any data with advertisers, data brokers, or other third parties.

07 Security

• All traffic is encrypted in transit via TLS through the Cloudflare tunnel.
• The inference node is not directly exposed to the public internet; it is reachable only through the authenticated tunnel.
• Because content is never persisted, there is no data-at-rest attack surface for prompts or completions.

08 Your Rights

Because we do not retain your request content, there is generally no stored personal data for us to access, export, or delete on your behalf. For the operational metadata described in Section 05, you may request information or deletion (subject to legal billing-retention obligations) by contacting us.

09 Contact

Questions about this policy or our data practices? Reach the team directly — your message goes to an architect, not a ticket queue.

legal@gwmmai.com (privacy / compliance)
help@gwmmai.com (general inquiries)