Guides

Privacy & security

KeyC is built as a control plane for spend and access — not a prompt archive.

Prompts & completions

We never store prompts or completions. Request bodies are proxied to the upstream provider and are not written to our database.

What we do log

  • Token counts (input / output)
  • Model and provider
  • Latency and HTTP status
  • Estimated cost for budgeting and reports

Provider keys

Real provider keys are encrypted at rest with AES-256-GCM under a master key you control in server config. They are never returned by the dashboard or public APIs after vaulting.

Virtual keys are stored as hashes only. The raw kc-… value is shown once at creation.