Get started

Security & your API keys

Last updated: June 1, 2026

The most reasonable question to ask before pointing your traffic at Prism is: “Why would I hand my provider API keys to a proxy?” This page answers it plainly — how your keys are stored, what we log, what we never touch, and an honest list of what we don't yet offer. If something here isn't enough for your risk bar, email [email protected] and ask.

Bring Your Own Keys (BYOK) — the short version

  • Your keys stay yours. Provider keys you register (OpenAI, Anthropic, Google, and 5 more) are encrypted with AES-256-GCM before they touch our database, using a key that lives only in the server environment — never in the database alongside the ciphertext.
  • Keys are never logged and never returned. After you save a key, the API only ever shows you the last 4 characters for identification. There is no endpoint, log line, or support tool that can read your key back in plaintext.
  • Validate, then store. When you add a key we make a single 1-token live call to that provider to confirm it works, then encrypt and store it. A bad key is rejected before it's saved.
  • $0 markup, your bill. On BYOK requests Prism adds zero markup — the tokens are billed by your provider, to you, on your own account. Prism never sits between you and your provider's invoice. We compute your cache savings against your bill.
  • Failover stays on your keys. If a provider you hold a key for is down, Prism fails over only to other providers you have keys for. It never silently falls back to a Prism-managed key or bills you for one.

How key encryption actually works

Each key is sealed with AES-256-GCM — an authenticated cipher, so tampering with the stored ciphertext is detectable, not just unreadable. The encryption key is supplied to the API process via its environment and is never stored in the same place as the encrypted keys. The database table that holds them is locked down with row-level security to service-role access only — application code reads it through a narrow projection that cannot select the ciphertext column into any user-facing response.

You can delete any key at any time from your providers dashboard. Deletion removes the row; there is no soft-delete shadow copy of the secret.

What we log — and what we don't

  • We do not log your prompt or response content by default. Usage records capture metadata — model, token counts, cost, latency, cache status, the tags you attach — not the bodies of your messages.
  • Session memory (the optional server-side conversation history) is encrypted at rest in Redis with a 30-minute TTL and is never written to long-term logs.
  • Eval-replay capture — the one feature that does store request payloads — is opt-in only, encrypts payloads with AES-256-GCM, retains them for a short window (7 days on Pro, 30 on Team), purges on a timer, and ships GDPR-style export and delete endpoints. It is off unless you turn it on.
  • Every account's data is isolated by row-level security; API keys are stored as salted hashes; dashboard sessions use signed JWTs.

Where your data lives

Prism runs on AWS in Mumbai (ap-south-1), with Cloudflare's global edge fronting the API for auth and cache. Persistent data sits in Supabase (Postgres) and Upstash (Redis + vector index). Cache entries replicate to Cloudflare's edge so a cache hit can be served near you, but the origin that runs your non-cached requests is Mumbai. Cache hits are typically served in under 30ms; a warm cross-region cache hit (e.g. Singapore→Mumbai) lands around 184ms.

What we don't have yet (the honest list)

We'd rather you decide with the real picture than discover a gap later:

  • No SOC 2 report, SSO, or SAML today. These are on the roadmap for enterprise adoption but not delivered. If you need them to evaluate, tell us — demand moves priority.
  • No self-hosted option today. Prism is a managed, closed-source proxy. A self-host / open-source path is under active evaluation; it is not promised.
  • No formal uptime SLA. We run 24/7 on AWS with cross-provider failover, but we don't yet publish a contractual SLA or a status page with on-call guarantees.
  • No PII redaction layer yet — if your prompts carry sensitive data, you control what you send; we don't scrub it for you (planned, not shipped).

Reporting a vulnerability

Found something? Email [email protected] with steps to reproduce. We'll acknowledge within 2 business days and won't pursue good-faith researchers who avoid privacy violations and service disruption. For general account or billing questions use [email protected].

Try it without handing over anything risky

The lowest-risk way to evaluate Prism is BYOK: register one provider key, send one request, and watch the X-Prism-Cache-Saved-Cents header report your savings — on your own provider bill, at zero Prism markup. Start from the providers dashboard or read the BYOK docs.