Inferway
PlatformPlaygroundPricingStatusModelPrivacyConsoleOpenRouter
PlatformPlaygroundPricingStatusModelPrivacyConsoleOpenRouter →
Inferway/Legal/Data Processing Agreement
On this page
Definitions & scope
§Data Processing Agreement11. Definitions22. Scope and Purpose33. Processor Obligations
Security & subprocessors
44. Security Measures and Zero Data Retention55. Sub-processing
Rights & compliance
66. Data Subject Rights77. Data Breach Notification88. Audit Rights99. Data Retention and Deletion1010. International Transfers
Termination
1111. Term and Termination1212. Miscellaneous
Inferway · Legal

Data Processing Agreement

The data processing terms governing how GWMM LLC (operating as Inferway) handles Personal Data on behalf of Inferway customers.

Last updated July 06, 20268 min read · 12 sections

Data Processing Agreement

This Data Processing Agreement ("DPA") is entered into by and between GWMM LLC, operating as Inferway ("Inferway," "Company," "we," "us," or "our"), and the Customer entity accessing the Services ("Customer," "you," or "your"). This DPA forms part of, and is incorporated into, the Terms of Service, and governs the processing of Personal Data by the Company on behalf of the Customer in connection with the Services.

Section 1

1. Definitions

  • "Controller" means the entity that determines the purposes and means of processing Personal Data. For purposes of this DPA, the Customer is the Controller.
  • "Processor" means the entity that processes Personal Data on behalf of the Controller. For purposes of this DPA, the Company is the Processor.
  • "Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject").
  • "Customer Content" means the prompts, messages, parameters, and generated completions submitted to or produced by the AI models through the Services. Customer Content is processed under the Company's Zero Data Retention commitment (Section 4) and is not retained by the Company.
  • "Sub-processor" means any third-party Processor engaged by the Company to process Personal Data in connection with the Services.
  • "Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means.
  • "Services" has the meaning given to it in the Terms of Service — the Inferway AI model inference endpoint, gateway, API, Sandbox, and console.
Section 2

2. Scope and Purpose

This DPA applies to Personal Data processed by the Company in connection with the Services, including account and authentication data, billing data, and non-content request metadata submitted by or on behalf of the Customer (including by the Customer's end users, API consumers, or AI Agents acting under the Customer's account). The Company processes Personal Data only on the documented instructions of the Customer, which include processing necessary to operate the Services as described in the Terms of Service and Privacy Notice. Customer Content (prompts and completions) is processed transiently to execute inference requests and is governed by the Zero Data Retention commitment in Section 4; the Company does not store Customer Content and does not use it to train, fine-tune, or evaluate any model.

Section 3

3. Processor Obligations

a. The Company shall process Personal Data only on the documented instructions of the Customer. b. The Company shall ensure that personnel authorized to process Personal Data are bound by confidentiality obligations. c. The Company shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as described in Section 4. d. The Company shall not engage a new Sub-processor without giving the Customer prior notice via the Sub-processor list in Section 5, and an opportunity to object as described therein. e. The Company shall assist the Customer, to the extent reasonably necessary, in responding to Data Subject requests and in meeting the Customer's obligations relating to data breach notification and data protection impact assessments.

Section 4

4. Security Measures and Zero Data Retention

The Company implements technical and organizational measures designed to protect Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, or damage, including: encryption in transit (TLS) for all API and console traffic; hashed storage of API keys (SHA-256, not reversible); access controls and role-based account membership; and per-request observability logging limited to non-content metadata for anomaly and fraud detection.

Zero Data Retention (ZDR). When an inference request is served by the Company's own infrastructure, Customer Content (the prompt, parameters, generated completion, and the derived KV cache) exists solely in GPU and system memory for the duration of a single request and is released and overwritten the moment the response finishes. Customer Content is never written to disk, logged in readable form, persisted to any datastore, or used to train, fine-tune, or evaluate any model. The Company retains only non-content request metadata — timestamp, input/output token counts, model name, latency metrics, HTTP status, and an anonymous session or authenticated account identifier — for operational and billing purposes.

Customer Content is transmitted to a third-party AI inference Sub-processor (Section 5) only during a failover or fallback event, and only to providers that publish zero-data-retention or short-retention commitments. Specific security documentation is available upon request to legal@gwmmai.com.

Section 5

5. Sub-processing

The Customer authorizes the Company to engage the Sub-processors listed below to deliver the Services. The Company will update this list when adding or replacing a Sub-processor; continued use of the Services after such an update constitutes notice to the Customer. Customers with a heightened need for advance notice (e.g., due to their own regulatory obligations) should contact legal@gwmmai.com to arrange it.

Sub-processorService ProvidedLocationData Transferred
Clerk, Inc.User authentication and account managementUnited StatesEmail, name, authentication credentials
Stripe, Inc.Payment processing and billing operationsUnited StatesPayment instrument data, billing details, transaction records
Vercel Inc.Website hosting and web analyticsUnited States / Global (edge)IP address, device/browser information, page-view metrics
Cloudflare, Inc.Secure tunnel and network deliveryGlobal (edge network)IP address, connection metadata
PostHog, Inc.Product analyticsUnited StatesProduct usage events, account/session identifier, IP address
Google LLCTraffic analytics (Google Analytics)United StatesIP address, user agent, page views

Conditional (failover) AI inference Sub-processors. Under normal operation, Customer Content is processed on the Company's own infrastructure under the Zero Data Retention commitment (Section 4) and is not transmitted to any Sub-processor. The following providers process Customer Content only during a failover or fallback event, when the Company's own node is unavailable:

Sub-processorService ProvidedLocationData Transferred
DeepInfra, Inc.Fallback AI model inference (failover only)United StatesPrompt and completion content, only during a failover event
Together AI (Together Computer, Inc.)Fallback AI model inference (failover only)United StatesPrompt and completion content, only during a failover event

The Company selects failover providers that publish zero-data-retention or short-retention commitments; during a failover event, the third-party provider's terms of service and privacy policy govern its processing of Customer Content. The active backend at any time is reflected on the System Status page (https://inferway.ai/status).

Section 6

6. Data Subject Rights

The Company will assist the Customer, taking into account the nature of the processing, in responding to Data Subject requests to exercise their rights (including access, rectification, erasure, restriction, and portability). End users may also submit such requests directly to the Company at https://inferway.ai/settings or https://inferway.ai/contact; the Company will notify the Customer without undue delay if it receives a request directly from a Data Subject that relates to the Customer's account.

Section 7

7. Data Breach Notification

In the event of a confirmed Personal Data breach affecting the Customer's data, the Company will notify the Customer without undue delay, and in any event within 72 hours of becoming aware of the breach, providing (to the extent known): a description of the nature of the breach, the categories and approximate number of Data Subjects and records concerned, the likely consequences, and the measures taken or proposed to address it.

Section 8

8. Audit Rights

The Customer may request evidence of the Company's compliance with this DPA (such as Sub-processor agreements or security documentation) no more than once per year, upon reasonable prior written notice, by contacting legal@gwmmai.com. On-site audits are not offered; the Company will cooperate in good faith to provide reasonably requested documentation instead.

Section 9

9. Data Retention and Deletion

Because of the Zero Data Retention commitment in Section 4, the Company does not retain Customer Content (prompts and completions) beyond the in-memory lifetime of a single request. The Company retains account and billing records for as long as the Customer maintains an account with the Services, and thereafter as required by applicable tax, accounting, or legal obligations. Upon account deletion — whether initiated by the Customer or in response to a verified deletion request — the Company anonymizes the associated user record (email and name are removed or replaced, and the Clerk authentication link is severed) within its systems. Billing and transaction records and per-request non-content usage records tied to the account are retained in de-identified form after anonymization for accounting, fraud-prevention, and legal-compliance purposes, consistent with the Prepaid Wallet & Credit Balance terms of the Terms of Service, under which prepaid credit balances are forfeited (not refunded) on deletion. Non-content request and usage metadata is retained for approximately 90 days. The Customer or an end user may request deletion at any time via https://inferway.ai/settings or by contacting legal@gwmmai.com.

Section 10

10. International Transfers

The Company's own servers are located in the United States, and, as described in Section 5, the Sub-processors currently engaged to deliver the Services operate in the United States (with certain providers maintaining global edge networks). If the Customer is located in, or processes Personal Data of Data Subjects located in, the European Economic Area, United Kingdom, or Switzerland, and requires a specific transfer mechanism, the Company relies on the European Commission's Standard Contractual Clauses (SCCs), together with the UK International Data Transfer Addendum where applicable, as the transfer mechanism for such Personal Data. Customers requiring a countersigned SCC package should contact the Company at legal@gwmmai.com before transferring such data through the Services.

Section 11

11. Term and Termination

This DPA remains in effect for as long as the Company processes Personal Data on the Customer's behalf under the Terms of Service. Upon termination, the Company will proceed as described in Section 9 (Data Retention and Deletion). This DPA is incorporated into and forms part of the Terms of Service (https://inferway.ai/terms).

Section 12

12. Miscellaneous

a. This DPA is governed by the laws of the State of Wyoming, United States, consistent with the Governing Law section of the Terms of Service. b. Any disputes arising under this DPA are subject to the dispute resolution terms of the Terms of Service. c. In the event of any conflict between this DPA and the Terms of Service on data processing matters, this DPA prevails. d. The Company may update this DPA from time to time; material changes will be reflected by an updated "Last updated" date above.

Contact for DPA Requests

To execute a signed, counterparty-specific version of this DPA or to discuss data processing terms, contact GWMM LLC (operating as Inferway) at legal@gwmmai.com, 30 N Gould St, Sheridan, WY 82801, United States.

Inferway

Transparent inference endpoint for open-weight models. Public latency metrics, zero data retention.

Product
PlaygroundModels & PricingModel CardDeveloper DocsSystem StatusStress Reports
Compliance
Privacy PolicyTerms of ServiceCookie PolicyData Processing AgreementAcceptable Use PolicyTrust & Compliance
Connect
OpenRouterContactlegal@gwmmai.com
© 2026 GWMM LLC (operating as Inferway)inferway.ai · All systems transparently routed