// Compliance Center

Clear service boundaries for Chinese LLM inference export.

XinoAPI is designed for users outside mainland China. We combine regional access controls, metadata-only billing logs, upstream provider policy transparency, and a local-first Privacy SDK so customers can use Chinese frontier models with a clearer compliance posture.

Compliance posture

These controls are modeled after mature model-routing platforms, with additional restrictions for the China-to-global inference use case.

Regional Boundary

No mainland China service

Mainland China users are not permitted to register, purchase credits, access the dashboard, or use API endpoints. Server-side IP controls enforce this boundary.

Data Minimization

Metadata-only billing logs

XinoAPI does not retain plaintext prompts or responses by default. Billing uses metadata such as model, token counts, status, latency, and timestamps.

Provider Transparency

Upstream terms apply

Each model provider has its own terms, data policy, regional restrictions, and content policy. Customers must choose providers appropriate for their use case.

Control matrix

AreaCurrent XinoAPI controlCustomer responsibility
Regional accessMainland China IP ranges blocked at the API origin; registration and purchase terms prohibit mainland China use.Do not use VPNs, proxies, affiliates, or subaccounts to bypass regional restrictions.
Provider termsTerms require compliance with each upstream provider's terms, acceptable-use policy, data policy, and regional restrictions.Review provider terms before routing regulated or sensitive workloads.
Content retentionNo plaintext prompt/response retention by default; request hashes may be used for audit integrity.Avoid sending secrets or regulated personal data unless redaction and internal review are in place.
Sensitive dataPrivacy SDK supports local PII and secret redaction before prompts leave customer infrastructure.Enable local redaction and avoid transmitting credentials, PHI, financial records, or trade secrets where not necessary.
PaymentsStripe handles card data; XinoAPI stores transaction metadata and account credit balance.Use business billing details and avoid using payment methods tied to restricted regions.
Enterprise complianceDPA, zero-data-retention routing, dedicated routing, and audit support are available by request or on the roadmap.Request enterprise review before production use in regulated industries.

Available now vs roadmap

Available now

  • Mainland China API origin IP blocking
  • Terms and registration restriction for mainland China users
  • Metadata-only billing logs by default
  • Provider terms flow-down in Terms of Service
  • Privacy SDK for local redaction and response verification
  • Security whitepaper for intermediary attack risks

Roadmap and enterprise options

  • Cloudflare WAF country blocking after API DNS is proxied through Cloudflare
  • Enterprise DPA template and vendor questionnaire package
  • Zero Data Retention routing commitments for qualified enterprise plans
  • SSO, organization audit logs, and fixed-region routing
  • Third-party security review and compliance report package
Important: XinoAPI is a gateway. It does not replace a customer's own legal review, data classification, provider review, or industry-specific compliance obligations.

Related documents

Legal

Terms of Service

Eligibility, mainland China restriction, upstream provider terms, payments, refunds, and suspension rights.

Privacy

Privacy Policy

Data collection, upstream provider processing, international transfers, retention, and regional restriction enforcement.

Security

Security Whitepaper

Intermediary attack risk, payload scanning, local-first redaction, gateway signatures, and enterprise isolation roadmap.