Last updated: June 14, 2026
AffordableAI is an AI inference service run from the Netherlands. We give you API access to open-weight language models. The data controller is the founder, reachable at hi@affordableai.eu.
We only collect what's actually necessary to run the thing:
Account data. Your email address, name if you provide one, and authentication credentials. Clerk handles this (EU region). We need this so you can log in.
Billing data. Subscription status, payment history, and the last 4 digits of your payment method. The full card number never touches our servers — Mollie B.V. handles all payment details.
API key hashes. SHA-256 hashed. We never store plaintext API keys after the initial generation step. If you lose your key, we can't recover it. You generate a new one.
Operational metrics. Aggregated request counts, error rates, and latency distributions. Per-request, not per-request content.
Server assignment. Which inference server is handling your requests. Purely for routing.
This is the part that actually matters:
Prompts. Never logged, never stored, never retained. They exist in GPU volatile memory during a single request and then they're gone. No disk. No logs. Nothing.
Completions. Same deal. Discarded immediately after the response is returned.
Chat history. We don't store conversation threads or message history. Each request is stateless as far as we're concerned.
Files, code, documents. Anything you send to the model gets processed in GPU memory and discarded. We don't see it, we don't save it.
IP addresses. Not logged. Our reverse proxy strips client IPs before they reach any application logic. We literally can't tie a request back to an IP after the fact.
Device fingerprints, browser metadata, or tracking identifiers. None. Zero. No analytics scripts, no tracking pixels, no fingerprinting.
Authentication — to verify who you are and authorize API access. Billing — to process your subscription and keep the tax records Dutch law requires. Routing — to send your requests to the right server. Abuse prevention — to spot patterns that might take down the service. And legal obligations — financial records stay around as long as the law says they have to.
No model training. No product improvement. No user profiling. No advertising. No analytics. No selling data to anyone.
Everything runs in the EU:
Inference: Finland (Verda B300 GPUs). The API gateway, auth, billing, and monitoring all live in Germany (Hetzner, Falkenstein). DNS is in the Netherlands (TransIP). No data leaves the European Union. No third-country transfers.
These are the companies we rely on. They're either based in the EU or enforce EU-only data residency:
Our Data Processing Agreement has the full sub-processor breakdown.
Account data sticks around while your account is active. If you delete your account, it's gone within 30 days.
Billing records we keep for 7 years because Dutch tax law requires it. Not our choice.
Prompts, completions, and conversation content: not retained at all. There's nothing to delete because there's nothing stored.
Operational metrics we keep indefinitely, but they're aggregated. We can't tie them back to individual users.
Under the GDPR you can ask us to:
Email hi@affordableai.eu and we'll respond within 30 days. Since prompts and completions are never stored, most access requests produce account and billing data only — there's no prompt content to hand over.
We don't use tracking cookies, advertising cookies, or any kind of third-party cookie. Clerk sets session cookies for authentication, and those are strictly necessary — they're exempt from consent requirements under the ePrivacy Directive (Article 5(3)). There's no cookie banner because there's nothing to consent to.
Here's the GDPR legal basis for each category of processing:
Contract performance (Article 6(1)(b)) covers account creation, authentication, and delivering the actual service.
Legal obligation (Article 6(1)(c)) covers keeping financial records.
Legitimate interests (Article 6(1)(f)) covers abuse prevention and keeping the service operational.
We don't log prompts, completions, or conversation content. So there's no content data to produce if law enforcement shows up with a request. If we get a legal request for your account data, we'll notify you where the law allows it.
If our data practices change, we'll update this policy and email you about material changes. Continuing to use the service after a change means you've accepted the new terms.
Privacy questions go to hi@affordableai.eu. Put "GDPR Request" in the subject line for formal requests. You also have the right to complain to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you think we're doing something wrong.