API keys
Keys should be stored server-side only. Project keys are the beta default; team keys and scoped keys are roadmap items.
Security
Say what happens to keys, prompts, and logs.
Trust starts by being specific. This page avoids fake certifications and names the controls, beta limits, and roadmap items buyers will ask about.
Logging
Request metadata is needed for billing, abuse prevention, debugging, and routing receipts. Reduced-log modes are planned.
Provider routing
Prompts may be routed to eligible model providers according to the selected policy and plan boundaries.
Compliance roadmap
DPA, subprocessors, retention policy, SSO/RBAC, and audit logs should be published before enterprise motion.
Security promises
What this page will not overclaim.
- No SOC 2 claim until there is a completed report.
- No zero-data-retention claim unless the full routing path supports it.
- No uptime SLA during private beta unless operational support exists.
- No "enterprise-grade" wording without naming controls.