Last updated: April 18, 2026
Provara is an LLM gateway that routes requests to AI providers on your behalf. We take your privacy seriously. This policy explains what data we collect, how we use it, and your rights regarding that data.
The Provara managed service is operated by CoreLumen, LLC ("CoreLumen," "we," "us," "our"), which is the data controller for information collected through provara.xyz.
Self-hosted users: If you deploy Provara on your own infrastructure, your data never touches our servers. This policy applies only to users of the managed service at provara.xyz.
When you sign in with Google or GitHub, we receive and store your name, email address, and profile photo URL. We use this to identify your account and display your profile in the dashboard.
Provider API keys you add through the dashboard are encrypted at rest using AES-256-GCM. We decrypt them only at runtime to forward requests to the providers you configured. We cannot view your plaintext keys.
When you send requests through the gateway, we log metadata including: provider, model, token counts, latency, cost, task classification, and routing decisions. We also store the prompt and response content to power features like request replay and the LLM-as-judge quality scoring.
We track aggregate usage metrics (request counts, costs, latency) to power the analytics dashboard. This data is scoped to your tenant and not shared with other users.
Provara's adaptive router learns from quality scores — user ratings you submit and optional LLM-judge scores — to pick the best model for each task type. How those scores flow depends on your subscription tier.
The "pool" is a set of aggregate numeric quality scores, one per (task type, complexity, model) cell, maintained as an exponentially-weighted moving average of ratings. Pooling benefits small tenants: they get quality-based routing from day one instead of waiting weeks to accumulate enough ratings on their own traffic.
What IS pooled: numeric quality scores per (task type, complexity, model) cell, and regression-detection signals derived from those scores. Nothing else.
What is NOT pooled: your prompts, responses, API keys, tenant identity, feedback comments, or any personally identifiable information. Scores are aggregated as numbers, never as content.
Use pooled routing signal (read): when on, the router consults the shared pool as a fallback for cells where your tenant's matrix is empty or sparse. Pool data is consulted at decision time only and is never copied into your tenant's matrix. Turning the toggle off is instant — future routing decisions use only your own data.
Contribute ratings to pooled signal (write): when on, your ratings update the shared pool in addition to your tenant's matrix. Contributions to the pool merge into a statistical model and cannot be retroactively removed. Turning the toggle off stops future contributions; past contributions remain in the pool. If you need clean data lineage, leave this toggle off from day one.
Every change to your routing isolation toggles is logged with a timestamp and the actor who made the change. Enterprise customers can request toggle-history reports; see the addendum linked above.
The tier-based isolation described here is being rolled out in stages. The schema and routing engine support tenant-scoped data as of April 18, 2026; the per-tenant toggles and full isolation enforcement ship shortly after. Until the full rollout is complete, the Provara product team will apply the defaults above on your behalf for Team and Enterprise tenants.
When you send a request through Provara, we forward it to the AI provider you configured (OpenAI, Anthropic, Google, etc.). Your prompts and responses are subject to each provider's own privacy policy and terms of service. Provara does not control how providers handle your data.
Request logs and analytics data are retained for as long as your account is active. You can request deletion of your account and all associated data by contacting us. API tokens can be revoked at any time through the dashboard.
API keys are encrypted with AES-256-GCM. Authentication uses OAuth 2.0 via Google and GitHub. Sessions are stored server-side with secure, HTTP-only cookies. All traffic is encrypted in transit via TLS.
You can access, export, or delete your data at any time. To request data deletion or if you have questions about this policy, contact CoreLumen, LLC at [email protected].
We may update this policy as the product evolves. Significant changes will be communicated through the dashboard or via email. Continued use of the service after changes constitutes acceptance of the updated policy.