Security at tokentrace
Your LLM traces may contain sensitive data. We take that seriously. Here's how we protect it — and how you can do your part.
Security controls
🔒Encryption in transitAll data between your servers and tokentrace travels over TLS 1.3. The SDK enforces HTTPS and rejects non-secure endpoints.
💾Encryption at restTrace data and credentials are encrypted at rest using AES-256 in our cloud storage provider.
🔑API key scopingProject API keys are write-only — they can ingest traces but cannot read data back. Dashboard access requires separate authentication.
👥Team access controlsRole-based access per project. Owners, admins, and read-only members. API keys rotate independently from user sessions.
🪵Audit logsEvery key creation, deletion, and settings change is logged with actor, IP, and timestamp.
🔐SSO / OAuthSign in via GitHub or Google OAuth. Passwords are bcrypt-hashed; we never store plaintext credentials.
Trace data and PII
tokentrace captures the full content of LLM requests and responses by default. If your prompts include personally identifiable information, you should use the SDK's redaction options before that data leaves your servers:
redactInputs: true— stores token/cost metadata only; prompt content never reaches our serversredactOutputs: true— same for completionspiiRedaction: true— SDK-side regex scrub of emails, phone numbers, card patterns before transmission
Your responsibilities
- Keep your project API keys secret — treat them like passwords
- Rotate keys immediately if you suspect exposure
- Use environment variables, not hardcoded keys in source code
- Enable PII redaction if you process user-identifiable data
- Review team member access regularly and remove stale members
Reporting a vulnerability
responsible disclosure
If you discover a security vulnerability in tokentrace, please report it privately. Do not open a public GitHub issue for security-sensitive findings.
security@tokentrace.app →We aim to acknowledge reports within 48 hours and provide a resolution timeline within 5 business days. Researchers who responsibly disclose will be credited (if desired).