Security

Your Data. Your Keys. Your Control.

We handle sensitive cost data and API credentials.

We take that responsibility seriously with enterprise-grade security at every layer.

Security Practices

End-to-End Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). API keys are encrypted with per-user keys and never stored in plaintext.

SOC 2 Readiness

Our infrastructure and processes are designed to meet SOC 2 Type II requirements. We maintain audit logs for every data access event.

Zero Data Training

We never use your data to train models. Your prompts, responses, and cost data are yours alone. Period.

API Key Security

Your provider API keys are encrypted at rest, transmitted over TLS, and never logged. You can rotate or revoke access instantly.

Data Residency

Choose where your data lives. US, EU, or your own infrastructure — we support all deployment models.

Access Controls

Role-based access, SSO integration, and audit trails. Know exactly who accessed what and when.

Incident Response

Documented incident response procedures with defined SLAs. Transparent communication within 24 hours of any security event.

AES-256

Encryption at rest

TLS 1.3

Encryption in transit

Data used for training

We publish detailed security documentation and welcome any inquiry from your security team.

Enterprise security at every layer.