Skip to content

Privacy Policy

Windfall — a product of Ecofrontiers SARL

Last updated: 15 February 2026

1. Who we are

This privacy policy explains how Windfall, a product of Ecofrontiers SARL, collects, uses, and protects your data when you use the Windfall inference gateway at windfall.ecofrontiers.xyz.

This policy supplements the Ecofrontiers general privacy policy. Where this policy addresses a topic specific to Windfall, it takes precedence.

Data controller:
Ecofrontiers SARL
23 Chemin du Coupereau, Le Canebas
83320 Carqueiranne, France
info@ecofrontiers.xyz

2. Data we collect

We collect different types of data depending on how you interact with Windfall:

2.1 API key data

  • Key hash — a SHA-256 hash of your API key (we never store the raw key)
  • Key prefix — the first 12 characters of your key, for identification
  • Label — an optional name you provide when creating the key
  • Wallet address — your Ethereum wallet address, if you link one for crypto payments
  • Balance and usage statistics — credit balance, request counts, spend totals
  • Timestamps — when the key was created and last used

Legal basis: Contract performance (Art. 6(1)(b) GDPR) — necessary to provide the service.

2.2 Request logs

Each API request generates a log entry containing:

  • Request ID (UUID)
  • Wallet address or key reference
  • Node that processed the request
  • Model used
  • Routing mode (cheapest/greenest/balanced)
  • Token counts (input/output)
  • Energy price and carbon intensity at time of processing
  • Cost and payment method
  • Response time

We do not log the content of your prompts or responses in request logs.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — billing, abuse prevention, and service monitoring.

2.3 Cached responses

Windfall caches LLM responses to reduce cost and latency. Cached entries contain:

  • Cache key — a SHA-256 hash of the normalised prompt content and model name. This is not reversible to the original prompt.
  • Response content — the full LLM response JSON, stored temporarily
  • Metadata — model name, token counts, creation and expiry timestamps, hit count

Cached responses expire after 1 hour and are purged every 10 minutes. You can bypass caching entirely by including Cache-Control: no-cache or Cache-Control: no-store in your request headers.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — performance optimisation and cost reduction.

2.4 Payment data

  • Card payments — processed by Stripe. We do not see or store your card number. See Stripe's privacy policy.
  • USDC deposits — transaction hash, sender wallet address, amount, and the block number. Stored in our database to prevent double-crediting.
  • ETH deposits — transaction hash, sender wallet address, amount in ETH, USD equivalent at time of receipt, ETH price used, and block number.
  • Revenue log — wallet address, amount, payment method, and transaction hash for paid requests.

Legal basis: Contract performance and legal obligation (Art. 6(1)(b), (c) GDPR) — billing and financial record-keeping.

2.5 Contact form data

If you use the contact form, we collect your name, email address, server location (if provided), and message. This is stored in a log file on our server.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — responding to enquiries.

2.6 Onchain attestations

Windfall publishes attestations to the Ethereum Attestation Service (EAS) on Base L2. These contain:

  • Node ID and coordinates
  • Energy price and carbon intensity
  • Whether curtailment was active
  • Model name and a request hash (not the prompt content)
  • Request count (for batched attestations)

Attestations do not contain your prompt content, API key, wallet address, or any personally identifiable information. Once published to the blockchain, attestations cannot be modified or deleted.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — providing verifiable proof of energy routing.

2.7 Browser storage

The Windfall website stores your API key in localStorage under the key windfall_key when you enter it on the top-up page. This is strictly necessary for the functioning of the top-up and dashboard features — it allows the page to show your balance and process payments without re-entering your key. We do not use localStorage for tracking or analytics.

Legal basis: Strictly necessary for service functionality (exempt from consent under ePrivacy Directive Art. 5(3)).

3. How your data flows through the service

When you send a request to Windfall:

  1. Your request arrives at our server (Hetzner, Germany or Finland).
  2. We check authentication, classify engagement, and check the cache.
  3. If not cached, your prompt is forwarded to OpenRouter for LLM inference. OpenRouter processes your prompt under their privacy policy.
  4. The response is returned to you, and a metadata log entry is created (without prompt content).
  5. The response may be cached for up to 1 hour (opt out with Cache-Control: no-cache).
  6. An attestation may be queued for onchain publication (no PII included).

Your prompt content is never stored in our request logs or attestations. It may temporarily exist in the response cache (up to 1 hour) and is transmitted to OpenRouter for inference.

4. Sub-processors

We share data with the following third parties as necessary to provide the service:

Provider Purpose Data shared Location
OpenRouter LLM inference Prompt content, model selection US
Stripe Card payment processing Payment details (card info handled by Stripe, not us) US
Hetzner Server infrastructure All service data (hosted on Hetzner servers) Germany, Finland
Electricity Maps Energy grid data None (we query their API; no user data is sent) Denmark
CoinGecko ETH price data None (we query their API; no user data is sent) Singapore
Base (Coinbase L2) Onchain attestations, deposit detection Attestation data (no PII), blockchain queries Decentralised

For transfers to the US (OpenRouter, Stripe), we rely on standard contractual clauses or the provider's EU-US Data Privacy Framework certification.

5. Data retention

Data Retention period
Cached responses 1 hour (auto-purged every 10 minutes)
API key data Until you delete your key via DELETE /api/keys/me, or 12 months after last use
Request logs 12 months (wallet addresses anonymised after 30 days)
Payment/deposit records 7 years (French accounting obligation)
Contact form submissions 12 months
Onchain attestations Permanent (blockchain data cannot be deleted)
localStorage (browser) Until you clear browser data or delete your key

6. Your rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data. You can delete your API key and associated data via DELETE /api/keys/me. Note: onchain attestations cannot be deleted, but they contain no PII.
  • Restriction of processing — ask us to limit how we use your data.
  • Objection — object to processing based on legitimate interest.
  • Data portability — receive your data in a machine-readable format.

To exercise any of these rights, contact us at info@ecofrontiers.xyz. We will respond within one month.

7. Security

All data is encrypted and password-protected on our servers. Specific measures include:

  • API keys are stored as SHA-256 hashes — we cannot retrieve your raw key
  • All connections use HTTPS/TLS encryption
  • Database uses WAL mode with file-system permissions
  • Wallet private keys are stored as environment variables, not in the database

8. Cookies and analytics

The Windfall website (windfall.ecofrontiers.xyz) does not use cookies or analytics trackers. We do not use Google Analytics, tracking pixels, or similar technologies on the Windfall domain.

The only browser storage used is localStorage for your API key (see section 2.7).

The parent Ecofrontiers website (ecofrontiers.xyz) may use cookies and Google Analytics as described in the Ecofrontiers privacy policy.

9. Children

Windfall is a developer API service and is not directed at individuals under the age of 16. We do not knowingly collect data from children.

10. Changes to this policy

We may update this policy from time to time. Changes will be reflected in the "Last updated" date at the top of this page. Material changes will be communicated via a notice on the Windfall website.

11. Contact and complaints

For questions about this privacy policy or to exercise your data rights, contact us at:

Ecofrontiers SARL
23 Chemin du Coupereau, Le Canebas
83320 Carqueiranne, France
info@ecofrontiers.xyz

If you are not satisfied with our response, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL):

www.cnil.fr