Privacy Policy

Costly collects the minimum data necessary to provide cost monitoring and waste detection. This includes:

• Account information: email address and authentication details when you sign up
• API usage metadata: model name, token counts, latency, tags, and timestamps sent by the SDK — we never see your prompts or completions
• Aggregated analytics: daily cost summaries and waste scores computed from your usage data

We are a cost tool, not an observability platform. We deliberately do not collect:

• Prompt content or completion text
• Your API keys for third-party services
• End-user personal data from your application
• IP addresses or device fingerprints

Your data is used exclusively to:

• Display cost breakdowns and waste audit results in your dashboard
• Generate bill forecasts and savings estimates
• Improve our waste detection algorithms with anonymized, aggregated benchmarks
• Send you alerts and reports you've opted into

We do not sell your data. We do not share individual usage data with third parties.

All data is stored in Supabase (PostgreSQL) with row-level security enabled. Your project data is isolated and only accessible with your authenticated session. Data is encrypted in transit (TLS) and at rest.

Request-level logs are retained for 90 days, after which they are deleted. Aggregated daily summaries are retained for as long as your account is active. You can request deletion of all your data at any time by contacting us.

We use essential cookies only — session authentication and CSRF protection. We do not use advertising cookies, tracking pixels, or third-party analytics scripts.

We use the following third-party services to operate Costly:

• Supabase: database and authentication
• Vercel: hosting and edge functions
• GitHub: source code and issue tracking

Each provider has their own privacy policy. We choose providers that meet strong data protection standards.

You have the right to:

• Access all data we hold about you
• Request correction of inaccurate data
• Request deletion of your data and account
• Export your data in a machine-readable format

To exercise any of these rights, email support@getcostly.dev.

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

Questions about this policy? Reach out at support@getcostly.dev or visit our Contact page.