Trust

Trust & Compliance

GWMM LLC Pre-launch United States · US-West (Seattle)

Who runs GWMM, what touches your data, and how to reach us. One LLC, one node, one model — and full transparency about all three.

01 Operating entity

GWMM is an independent, single-operator inference service. One LLC, one node, one model — and full transparency about all three. The architect you email is also the person who chose the GPU, wired the tunnel, and ships the weights.

  • Legal name: GWMM LLC
  • Registered in: To be published
  • Registered address: To be published

Jurisdiction and address are populated when legal review publishes the Terms of Service. Until then, the placeholder above is the honest state of the world.

02 Data handling

The compressed version. The full architecture, retention model, and per-field handling is on the Privacy Policy page.

We never store your prompts or completions. Metadata only — token counts and latency, kept up to 90 days for billing and reliability. Never used for training, never sold.

Read the full Privacy Policy →

03 Subprocessors

These are the only third parties that touch a request, and only metadata in transit — never stored content. Every entry below comes from the company.subprocessors field in the single-source-of-truth config, so the table updates the moment a subprocessor is added or removed.

NameRoleData touchedLocation
OpenRouterAPI marketplace & request routingRequest metadata in transit (no stored content)United States
CloudflareTunnel & edge transportEncrypted traffic in transitGlobal edge
StripePayment processing for GWMM direct walletPayment method and transaction metadata (no prompt/completion content)United States

Additional subprocessors — typically the GPU host (if not self-hosted) and a payment processor (if billing moves off OpenRouter-only) — will be added before launch.

04 Security

Report vulnerabilities to legal@gwmmai.com. We aim to acknowledge within 48 hours.

Report abuse, including suspected CSAM or other illegal content, to legal@gwmmai.com. We review reports as soon as operational capacity allows and cooperate with law enforcement as required by law.

Single-operator service — there is no 24/7 SOC. Reports are triaged by the operator directly. For high-severity issues, encrypt sensitive details with a key we publish on request.

Architectural guarantees that materially reduce blast radius: prompts and completions are processed in GPU memory and never written to disk; traffic is encrypted in transit through the Cloudflare tunnel; the inference node is not directly exposed to the public internet. See the Privacy Policy — Security section for the full list.

05 Legal documents

  • Privacy Policy — ZDR, metadata, your rights.
  • Terms of Service — acceptable use, billing, liability.
  • Data Processing Addendum — available on request

DPA and any region-specific addenda are drafted in parallel with the Terms of Service. Once published, this page becomes the index — until then, contact legal directly.

06 Service reality

Honest pre-launch disclosure. Single-node service, no multi-region failover, no hot standby, no uptime SLA during pre-launch. We think this is a feature — a one-person shop can't honestly promise what a 100-engineer org can — but it's also a constraint you should know.

  • Single inference node. Node-01 (RTX 5090 · US-West) is the only place your requests run.
  • Concurrency ceiling. 64 concurrent requests per API key. Excess load returns HTTP 429.
  • No SLA during pre-launch. The public incident ledger on /status opens the day service goes live — empty, by design, and ready to be appended to.
  • Planned downtime is announced on /status in advance.

When the service flips from pre-launch to live, the /status page renders the same components with real data: live TTFT, real request counts, and the public incident ledger. No second page is built for pre-launch — same component, two states, driven by a single config field.