Privacy Policy

srooter is operated by WorkHub Platform Inc., c/o Raie & co, 1875 S. Bascom Ave, Suite 2400, Campbell, CA, United States. For any privacy question or request, contact us via workhub.ai/contact.

We collect only what we need to operate the service:

• Account & organization data — name, work email, role, and organization, supplied at sign-up, waitlist, or via your SSO provider.
• Gateway metadata — for each request routed through srooter we record the requested and served model, route reason, token counts, cost, latency, and status, scoped to your organization.
• Provider credentials — API keys and OAuth tokens you connect, stored encrypted at rest and used solely to reach the providers you configure.

srooter does not store the content of your prompts or model responses. For audit and deduplication we retain only a SHA-256 hash of prompt content — never the plaintext. This gives you a complete, verifiable record without holding sensitive code or data.

We use the data above to route and govern requests, enforce your organization's policies and budgets, produce audit and billing records, secure the service, and provide support. We do not sell your data and we do not use your prompts, responses, or code to train models.

When srooter is self-hosted inside your own infrastructure (Enterprise mode), all gateway data, credentials, and audit logs remain within your environment. WorkHub does not receive your request metadata or credentials in that configuration.

For the managed (cloud) service we rely on infrastructure sub-processors (e.g. hosting and database providers) under confidentiality obligations. Requests you route are sent to the AI providers you explicitly configure; their handling of that data is governed by their own terms.

Account and audit records are retained for the life of your account and any period required for legal, billing, or compliance purposes, after which they are deleted or anonymized. You can request export or deletion of your organization's data at any time.

Provider credentials are encrypted at rest, access is role-based, and all administrative access requires authentication. No method of transmission or storage is perfectly secure, but we take reasonable measures appropriate to the sensitivity of the data.

Depending on your jurisdiction you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, contact us at workhub.ai/contact.

We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above and, where appropriate, communicated to account administrators.