Tokenwise
Tokenwise

Security & Trust

Your prompts are your prompts.

The proxy sees them in flight, and that’s it — we never have a plaintext copy at rest, your provider keys never land on our disk, and there’s an inbox at the bottom of this page for the thing we missed.

Encrypted at restEncrypted in transitHashed access keysModern password hashing[email protected]

Controls in place today.

Every item below is implemented in code, on the main branch, live in production. No roadmap promises.

  1. 01

    Prompts and completions are encrypted at rest

    Every prompt and completion we hold for you is stored as ciphertext. We do not keep a plaintext copy in our database, our backups, or our logs — the only place your text exists in the clear is in memory for the brief moment we’re routing the request.

  2. 02

    The edge cache is encrypted and key-isolated

    Cached responses at the edge are encrypted with a dedicated secret that never leaves the worker environment. Cache lookup keys are derived in a way that does not leak workspace identifiers or prompt contents to anyone with namespace access.

  3. 03

    Access keys are hashed, never stored in clear

    Your proxy keys and REST API keys are hashed with a modern keyed hash before they hit the database. We store the prefix you see in the UI for identification, but the secret itself is never in the clear. Revocation propagates across the edge in under a second.

  4. 04

    Your provider keys never persist on our infrastructure

    Your OpenAI / Anthropic / OpenRouter keys ride with the request to the upstream provider and drop out of memory the moment the response is returned. We don’t log them, cache them, or write them to disk. The proxy is BYOK by design.

  5. 05

    Outbound webhooks are restricted to known destinations

    Slack and Discord alert webhooks are validated against the canonical destinations each provider publishes — anything else is rejected, so an alert webhook can’t be redirected at internal infrastructure. The URLs themselves are also encrypted at rest.

  6. 06

    Encrypted in transit, end-to-end

    Every hop between your application, the edge proxy, our ingest API, and our database is encrypted with modern transport-layer security. HSTS is enabled with preload on every Tokenwise domain.

  7. 07

    Strict browser security headers

    Every page response carries a strict Content-Security-Policy, clickjacking protection, MIME-sniffing protection, a tight referrer policy, a locked-down Permissions-Policy (camera, mic, geolocation disabled), and cross-origin isolation.

  8. 08

    Rate-limited auth & write endpoints

    Login, signup, password-reset, account deletion, billing checkout, webhook receivers, workspace creation and API-key creation are all rate-limited per IP or per user. Credential stuffing, account enumeration and burst abuse get throttled before they reach the database.

  9. 09

    Multi-workspace isolation

    Every workspace lives behind an opaque identifier. Cache lookups, request reads, eval runs, alert deliveries and the public REST API are scoped at the query layer — there is no cross-workspace fall-through. Workspace members carry an explicit role that gates writes.

  10. 10

    Payload storage is opt-out, per workspace and per tag

    Payload storage is on by default because that’s what makes Insights, Optimize and Evals useful. You can disable it for an entire workspace, or for a specific tag (e.g. payments traffic), from Settings. When disabled we keep the metrics — cost, latency, tokens — and store nothing for prompts and completions.

  11. 11

    Data retention is enforced

    Requests roll off after your plan’s retention window (60 days on Indie, 180 days on Pro). Expired cache entries are purged daily. Account deletion cascades through every workspace-scoped table in a single transaction.

  12. 12

    Sessions are server-side and revocable

    Sessions live in our database, not in opaque client tokens. They’re stamped with IP and User-Agent, expire on a sensible rolling window, and you can revoke any session from Settings.

  13. 13

    Responsible disclosure inbox

    Found something we missed? Email [email protected] with a reproducer and we’ll get back to you. Responsible disclosure earns a public credit (or silence, your call).

Frequently asked.

The questions early customers ask before they ship the integration to prod.

Can you read my prompts?
Engineers can not casually read your prompts. They live as ciphertext in our database, and decryption requires a production secret that does not exist in our codebase, our backups, or developer machines. The dashboard you sign into of course decrypts your own prompts to show them to you.
What if I turn off payload storage entirely?
Then we never see them. The proxy still forwards the request, but the ingest path stores nothing for the prompt and the completion. You keep cost, latency, tokens, model, status. You lose the prompt drawer, prompt grouping, eval scoring, and prompt-version drift detection.
Where is data hosted?
Application and database run on a Hetzner VPS in Germany. The edge proxy runs across Cloudflare’s global network; cache entries are tied to the nearest POP. Product analytics use the EU region. Payments are processed by Polar (merchant of record).
Can I export everything?
Yes. The public REST API exposes every column we hold for your workspace, including decrypted payloads when storage is enabled. Indie keys get 1,000 calls/hr; Pro gets 10,000. There are no per-row export fees.
Have you been audited?
Tokenwise is too early for a SOC 2 attestation. The controls on this page are what we’ve actually implemented, end-to-end, in production. SOC 2 and ISO 27001 are on the roadmap when revenue supports a Type II audit — currently Q1 2027.
How do I report a vulnerability?
Email [email protected] with details. We’ll acknowledge quickly and we publicly credit responsible disclosure (or stay silent, your choice).

Disclosure.

Found something? Don’t open a public issue. Email [email protected] with a reproducer or a write-up. Responsible disclosure earns a public credit (or silence, your call) and, on a case-by-case basis, lifetime Pro on the house.

Tokenwise is built by a small team. We answer security mail ourselves; there’s no L1 queue in the way.