Developer beta drafts โ under legal review. Last updated 11 June 2026.
Privacy Policy
What we process. BharatRouter is an AI inference gateway: we forward your
API requests to the model route you select and return the response.
- Prompts & responses: zero retention by default. Request and response
bodies are not stored, logged, or used for training by BharatRouter. They transit memory only.
- Usage metadata. We record per-request metadata for metering and abuse
prevention: masked API key, model id, route, token counts, latency, status, timestamp.
- Account data: name, email, profile photo (if your sign-in provider
shares one), and authentication identifiers from your sign-in provider. The photo is used
only to display your own profile, never sourced from anywhere else, and you can remove it
on your account page. Org owners may add a billing address โ shown on payment receipts and
used to determine GST treatment.
- Upstream providers. When a request routes to a provider (e.g. Sarvam,
Krutrim, OpenAI), that provider processes your prompt under its own terms. Use
data_policy: "india_only" to restrict routing to India-resident providers.
BYOK (upstream_key) keys are used in-flight only โ never stored or logged.
Terms of Service
- Beta service. Provided "as is", no SLA or warranty; capacity and models
may change or be withdrawn without notice. Not for production-critical or regulated workloads yet.
- Acceptable use. No unlawful content, no abuse/fraud, no attempts to
extract other tenants' data, no circumvention of rate or trial limits. Upstream providers'
acceptable-use policies also apply to traffic routed to them.
- Keys. You are responsible for safeguarding your
br-โฆ key;
usage under your key is attributed to you. Keys may be suspended for abuse. - Pricing. Beta pricing is indicative; billed plans, GST invoicing and
UPI payment land with general availability.
- Liability. To the maximum extent permitted by law, liability is limited
to amounts paid to BharatRouter in the preceding month.
- Governing law: India.
DPDP Declaration
We design for India's Digital Personal Data Protection Act, 2023:
- Data minimisation by architecture โ zero retention of prompt/response
bodies is the default, so the personal data we hold is limited to account and usage metadata.
- Residency as a control โ
data_policy: "india_only" keeps
inference traffic with India-resident providers; requests fail closed (no_route)
rather than silently leaving India. - Purpose limitation โ usage metadata is processed for metering, billing
and abuse prevention only.
- Grievance redressal โ write to
privacy@bharatrouter.com; a designated
grievance officer will be published at general availability.
Your data rights
Whether you're covered by DPDP, GDPR, or neither, we extend the same rights to all users:
| Right | How |
|---|
| Access / portability โ copy of your account data and usage records | privacy@bharatrouter.com โ
acknowledged within 72h, fulfilled within 30 days. A self-serve deletion API ships with
the residency milestone. |
| Correction โ fix inaccurate account data |
| Erasure ("right to be forgotten") โ delete your account, keys, and
usage records (retaining only what tax/legal obligations require) |
Because prompt/response bodies are never stored, there is nothing to erase
from inference content by default.