Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is OpenRouter, Inc.'s privacy policy, covering how the company collects and uses personal data from users of the openrouter.ai website and its AI model routing service. The policy authorizes collection of user Inputs sent through the Service, device identifiers, IP addresses, browsing history, location data, and transaction details, and states that OpenRouter does not control how third-party AI model providers use those Inputs, including for model training. The policy also reserves the right to share personal data with advertising and analytics partners, service providers, and in connection with business transfers such as mergers or acquisitions.
This document is OpenRouter, Inc.'s Privacy Policy, last updated April 15, 2025, governing the collection, use, and disclosure of personal data across the openrouter.ai website, its Service, and third-party applications that link to this policy; the stated legal basis for processing is user consent established by continued use of the Site or Service. The policy authorizes collection of name, email address, mailing address, telephone number, user Inputs to the Service, transaction and Credits purchase details, search queries, IP address, operating system and browser type, location data, browsing history, and cookie-derived behavioral data across third-party sites and over time; the terms also authorize sharing with service providers, business partners, advertising and analytics partners, and in connection with corporate transactions such as mergers or acquisitions. The policy expressly disclaims responsibility for how third-party AI model providers handle user Inputs or Outputs, including for model training purposes, and reserves the right to modify the policy at any time without prior notice for non-material changes, with material changes communicated by email to registered users only. The policy references CCPA rights for California residents, including disclosure, deletion, and opt-out rights, and engages GDPR-relevant concepts such as data subject rights and cross-border data transfers, though specific transfer mechanisms are not detailed; applicability of these frameworks depends on user jurisdiction and the company's classification under each regime. Compliance teams should evaluate the adequacy of consent mechanisms under GDPR given that the policy relies on continued use as a consent signal, and should assess the scope of third-party AI provider data flows given the explicit disclaimer of responsibility for downstream handling of user Inputs.
Institutional analysis available with Compliance
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.
Start Compliance free trial3 important changes detected
4 versions captured · Last updated: June 2026
OpenRouter's Privacy Policy header was updated on May 13, 2026 to change navigation labeling from 'Fusion Models' to 'Models'. This appears to be a navigation reorganization in the header section …
View change record →Monitoring
OpenRouter has updated this document before.
Monitor includes same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
Compliance Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Compliance includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Compliance free trialCross-platform context
See how other platforms handle Disclaimer of Responsibility for LLM Provider Handling of User Inputs and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.