Privacy & security

What we collect, how requests flow, how to reach us on security.

What Dynoyard handles on your behalf when you send traffic through your /v1 endpoint.

Full Privacy Policy: /privacy Full Terms of Service: /terms

What we collect

We do not retain prompt or completion bodies for training or analytics. Request bodies and streamed responses pass through and are dropped after forwarding, with two narrow exceptions:

How requests flow

  1. Your client hits https://<your-org>.dynoyard.app/v1/....
  2. Traffic terminates at the nearest CDN PoP and authenticates against your API key.
  3. The request is forwarded to the inference partner serving the model you chose.
  4. The partner’s response streams back to you. Token counts and cost are recorded for billing; the content is not retained (save the two exceptions noted above).

The endpoint, API key, and OpenAI-compatible response shape stay identical regardless of which partner serves a given model.

Inference partners

Models in the catalog are served by upstream inference providers selected for cost, latency, and capability. Partner identities are treated as a commercial detail and may change without notice; your client code stays the same. Enterprise customers can request a written list under NDA.

Isolation

Authentication is per-org, enforced per-key. Prompts from different orgs never share a model’s attention cache or context window, and the opt-in response cache is keyed and scoped per-org — no cross-org leakage. Each request is isolated end-to-end.

Data Processing Agreement

We can sign a DPA. Email hello@dynoyard.app for the latest template.

Security disclosures

Security issues: security@dynoyard.app. Coordinated disclosure appreciated; we respond within 48h.