Home About Pricing Blog Contact
Get started

Security

Last updated: August 25, 2025

Introduction

lozz.ai was built from the ground up with security and privacy in mind. We use a combination of technical and organisational measures to protect your data from unauthorised access, use, disclosure, or destruction.

We're also a UK based service subject to GDPR, so you can delete your data anytime.

However, please note. We are still in the early stages of our journey and new features are being added weekly. If you're working in a highly sensitive environment you should be careful when using any AI tool. We hope this page gives insight into our progress and helps you make a proper risk assessment.

Data Encryption

All data transmitted to and from lozz.ai is encrypted using enhanced TLS/SSL encryption. Your data is also protected at rest using AES-256 which is a widely tested, highly performant and industry-standard encryption algorithm.

Infrastructure Security

Rate limiting, browser fingerprinting, network level blocking of 'bullet proof hosting' ASNs, DDoS mitigation and API abuse detection are just a few security measures in place helping keep the bad actors away.

AI Requests

lozz.ai acts as a proxy between yourself and the AI models you interact with. This helps protect your identity because all the AI models see is your request (content), never anything personally identifiable.

Here is an example of a "Research" request that has been routed to Qwen via OpenRouter:

User Request...

{
  "model": "qwen/qwen3-235b-a22b-thinking-2507:online",
  "messages": [
    {
      "role": "system",
      "content": "<AI Context goes here>."
    },
    {
      "role": "user",
      "content": "Tell me about world war one and key events that happened in each year"
    }
  ],
  "max_tokens": 80000,
  "stream": true
}

What OpenRouter stores...

{
  "data": {
    "created_at": "2025-08-21T14:08:35.113727+00:00",
    "model": "qwen/qwen3-235b-a22b-thinking-2507",
    "app_id": 2349000,
    "external_user": null,
    "streamed": true,
    "cancelled": false,
    "latency": 1467,
    "moderation_latency": null,
    "generation_time": 30865,
    "tokens_prompt": 3858,
    "tokens_completion": 1317,
    "native_tokens_prompt": 3921,
    "native_tokens_completion": 1418,
    "native_tokens_reasoning": 689,
    "native_tokens_cached": 0,
    "num_media_prompt": null,
    "num_media_completion": null,
    "num_search_results": null,
    "origin": "https://lozz.ai/",
    "is_byok": false,
    "finish_reason": "stop",
    "native_finish_reason": "stop",
    "usage": 0.00136053,
    "api_type": "completions",
    "id": "gen-1755785121-54qWnnce0u3vtTGeroCK",
    "upstream_id": "cmpl-34f826d28d2844b4246356f0a23e025d",
    "total_cost": 0.00136053,
    "cache_discount": null,
    "upstream_inference_cost": 0,
    "provider_name": "DeepInfra"
  }
}

We then store the response from the AI model in our database as part of your conversation so that you can view it later. You may delete this from the database at any time by deleting the conversation. Once a conversation has been deleted from the database, it may exist in backups for up to 30 days.

China / Russia

None of our infrastructure is deployed in China or Russia and we do not directly use any Chinese or Russian company as a subprocessor. We also do not use Deepseek as a model provider.

Subprocessors

For full transparency, here is every company we use and what we use them for. We are not responsible for the security practices of our subprocessors, but we do our best to choose trusted partners. By using lozz.ai you are accepting the privacy policies of our subprocessors.

  • Cloudflare Our infrastructure is primarily hosted on Cloudflare with lozz.ai and it's subdomains deployed globally.
  • OpenRouter We use OpenRouter with Model Training disabled to route research and analysis requests to AI models that support OCR.
  • Runware We use Runware as our AI Image and Video generation provider
  • Resend We use Resend to send e-mails via auth.lozz.ai and via the contact form at lozz.ai/contact
  • GitHub We use GitHub for version control and code management.
  • Gravatar We use Gravatars API for user profile pictures.
  • Google hello@lozz.ai uses gmail to recieve and send e-mails.
  • Stripe Like almost every other company in the world, we use Stripe for payment processing. Your card details are never stored on our servers.

Account Deletion

Please e-mail us at hello@lozz.ai and request a deletion. We're working on making this self service via soon.

Report Security Issues

If you discover a security vulnerability, please report it to us immediately at hello@lozz.ai. We love a bug bounty so if you work with us, not against us, you will be rewarded!