Security
No proxy. Ever.
CostKey is not a proxy. Your AI API calls go directly from your app to OpenAI/Anthropic/Google. CostKey's SDK runs inside your application and reads responses after they're returned. Your AI traffic never touches our servers.
You control what's sent
The SDK captures metadata (model, tokens, cost, latency, stack trace) and optionally the request/response body. You can disable body capture entirely:
CostKey.init({
dsn: '...',
captureBody: false // prompts and completions never sent
})When captureBody is false, only metadata is transmitted: model name, token counts, cost, latency, and the call site (file, function, line number). No prompt content. No completion content.
Data flow
What we receive
- Model name, provider, token counts
- Cost (calculated server-side from token counts)
- Latency, TTFT, tokens/sec
- Stack trace (file, function, line number)
- Request/response body (only if captureBody is enabled)
What we never receive
- Your API keys (never captured, never transmitted)
- Your source code (only file names and function names from stack traces)
- Any data not related to AI API calls
Infrastructure
- Hosting: Railway (US region), PostgreSQL database
- Encryption: TLS in transit, encrypted at rest
- Data retention: 90 days (Free), configurable (Enterprise)
- SDK: MIT licensed, fully open source — audit the code yourself
Self-hosting
Enterprise customers can self-host the CostKey server on their own infrastructure. The server is a single Node.js application with a PostgreSQL database. Your data never leaves your network.
Contact naman@costkey.dev for self-hosting setup.
Enterprise
- SSO / SAML: Available on Enterprise plan
- SOC 2: In progress
- GDPR: We don't process personal data unless you send prompt content containing PII. With captureBody disabled, no PII is transmitted.
- DPA: Available on request
Reporting vulnerabilities
If you find a security issue, please email naman@costkey.dev. We take all reports seriously and will respond within 24 hours.