Privacy policy

1. Data controller

The data controller responsible for processing your personal data on this site is the operator listed in the Imprint. Contact: info@llmcloudhub.com.

2. What we collect

We try hard to collect as little as possible. The site is read-only for unauthenticated users and does not require an account.

• Server access logs — every request to llmcloudhub.com is logged by our hosting provider (Uberspace) for operational and security purposes. Logged fields include IP address, requested URL, HTTP method, response status, user agent, referrer, and timestamp. Retention: typically 14 days, after which logs are deleted by our host. Legal basis: legitimate interest in operating and securing the site (Art. 6(1)(f) GDPR).
• Session cookie (technical, necessary) — Symfony sets a cookie to maintain the request context for the duration of your visit. It contains no personal data, only an opaque session identifier. It is automatically deleted when you close the browser. Legal basis: necessary for the technical operation of the site (§ 25 Abs. 2 Nr. 2 TTDSG; Art. 6(1)(f) GDPR).
• Consent preference (localStorage, necessary) — when you make a choice in the cookie banner, we store your decision and a timestamp in your browser's localStorage so we don't ask again on every page. This stays on your device, never reaches our server.
• No fingerprinting. We do not run client-side scripts that read canvas, audio, or installed-fonts fingerprints.

3. Statistics — Google Tag Manager / Google Analytics 4 (only with consent)

We use Google Tag Manager (GTM) and, through it, Google Analytics 4 (GA4) to understand how visitors use the site and which pages do or don't help them. These services are only loaded after you explicitly grant statistics consent in the cookie banner. Until you do so (or if you reject), no GTM/GA4 script loads, no related cookies are set, and Google receives no data from your visit.

Specifically, before any tag has a chance to load, we set Google Consent Mode v2 to default-deny — analytics_storage, ad_storage, ad_user_data, and ad_personalization all start at denied. They flip to granted only for the categories you accept.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data may be transferred to and processed in the United States; Google relies on the EU-US Data Privacy Framework and standard contractual clauses for these transfers. See Google's privacy policy. Legal basis: your consent (Art. 6(1)(a) GDPR; § 25 Abs. 1 TTDSG).

How to withdraw: click the Cookie settings link in the footer at any time. Your decision applies immediately to the next page load.

4. What we explicitly do NOT do

• No advertising. We don't run ads or place advertising tags.
• No profiling across sites. We don't share data with ad networks.
• No session replay. We don't run Hotjar, FullStory, LogRocket, or similar.
• No customer chat / support widget that drops cookies on your visit.

5. Outbound requests we make

• Once per night the server fetches the public /api/v1/models endpoint of openrouter.ai with no authentication. No personal data leaves our server during this call.
• After each successful or failed sync, the server pings healthchecks.io with a hashed identifier. No personal data leaves our server.
• Outbound links to provider websites and HuggingFace repositories include rel="noopener nofollow" and are normal browser navigations — privacy on those destinations is governed by their own policies.

6. Third-party fonts

The site loads Inter and JetBrains Mono from Google Fonts. When your browser fetches those fonts, Google may receive your IP address and a Referer header. Legal basis: legitimate interest in consistent typography across browsers (Art. 6(1)(f) GDPR). If you would prefer self-hosted fonts, contact us — we are happy to switch.

7. Public API

The /api/v1/* endpoints are anonymous and rate-limited per IP. We log the same access fields described in §2 plus the User-Agent when one is supplied. We do not associate API requests with web sessions.

8. Your rights under GDPR

Where personal data of yours is processed, you have the rights in Articles 15–22 GDPR — access, rectification, erasure, restriction of processing, data portability, and objection. To exercise any of these, write to info@llmcloudhub.com. You also have the right to lodge a complaint with a supervisory authority — for users in Germany, this is the data protection authority of the state where you reside.

9. Changes

We update this policy when our processing changes. The date below tracks the last revision.