Plain language, no legalese. This is what actually happens to your API key and your data when you connect a provider to Fluxtab.
The short version
- We only ask for read-only, usage/billing-scoped keys — never keys that can spend money or read your prompts.
- Your key is encrypted the moment it reaches us and only decrypted, in memory, for the few seconds it takes to sync your usage.
- We can never see your prompts or completions — the keys we request don't have permission to read them, by design.
- You can disconnect and revoke access in one click, anytime.
Why a read-only key is safe to share
OpenAI and Anthropic both let you create API keys scoped to specific permissions instead of full account access. When you connect a provider to Fluxtab, we walk you through creating a key scoped to usage/billing read access only — nothing else.
A key like this:
- Cannot make an inference call or spend your money
- Cannot read, list, or access your prompts, completions, files, or fine-tunes
- Can only report back "here's what was spent, by model, by day"
That's the same read-only pattern established FinOps and cloud cost tools (like Vantage and CloudZero for AWS/GCP billing) already use. It's not a new kind of trust — it's a narrower one than most SaaS tools ask for.
When you paste a key in, we check its scope before accepting it. If it looks broader than a read-only usage key, we'll flag it rather than silently accept it.
What happens to your key after you paste it
- It's encrypted immediately using Supabase Vault before it's ever written to a database row.
- It's decrypted only in server memory, only at the moment a scheduled sync job runs — a few times a day — to pull fresh usage numbers.
- It's never sent to your browser, never logged in plaintext, and never visible to us through the normal product interface.
- If you remove a connection, the encrypted key is deleted from our systems. We'll also remind you to revoke or rotate it on the provider's side, since that's the only way to guarantee it can't be used again.
What we can see — and what we can't
We can see: which models you used, how many tokens, and what it cost, by day and by provider.
We cannot see: the actual content of any prompt or response you sent to OpenAI or Anthropic. That data simply isn't reachable with the scope of key we request — it's not a policy we promise to follow, it's a technical limit on what the key can do.
Where your data lives
- Database & encryption: Supabase (Postgres + Vault), with Row Level Security on every table — your data is only ever queryable by your own account.
- Hosting: Vercel.
- Payments: Razorpay. We never see or store your full card details.
- Alerts: if you set up a Slack webhook, only your alert message and threshold are sent to Slack — nothing else.
If something goes wrong
If you ever suspect a key has been compromised — through us or otherwise — the fastest fix is always to revoke it directly on the provider's dashboard (OpenAI or Anthropic), which invalidates it instantly regardless of where it's stored. You can also disconnect it from Fluxtab at the same time.
To report a security issue or vulnerability, email support@fluxtab.dev — we take these seriously and will respond promptly.
Questions
This page is meant to answer the obvious question — "why should I trust you with this?" — honestly. If it doesn't, email support@fluxtab.dev and ask directly.