Meta tags:
description= How Prism secures your data and your provider API keys: AES-256-GCM encryption, keys never logged or returned, validate-then-store, $0 markup on BYOK, and an honest account of what we don t yet offer.;
Headings (most frequently used words):
your, what, we, keys, the, don, security, api, bring, own, byok, short, version, how, key, encryption, actually, works, log, and, where, data, lives, have, yet, honest, list, reporting, vulnerability, try, it, without, handing, over, anything, risky, product, resources, company, social,
Text of the page (most frequently used words):
the (30), your (23), you (18), and (16), prism (13), key (12), keys (12), with (11), for (10), provider (9), cache (8), never (8), what (7), are (7), api (7), that (7), email (6), not (6), #security (5), dashboard (5), byok (5), don (5), only (5), docs (4), one (4), yet (4), data (4), stored (4), log (4), tools (3), compare (3), guides (3), pricing (3), own (3), bill (3), markup (3), providers (3), account (3), protected (3), but (3), them (3), mumbai (3), can (3), row (3), store (3), aes (3), 256 (3), gcm (3), delete (3), encrypted (3), any (3), ciphertext (3), database (3), how (3), before (3), built (2), 2026 (2), ssimplifi (2), bengaluru (2), india (2), privacy (2), blog (2), risk (2), evaluate (2), register (2), send (2), request (2), report (2), savings (2), zero (2), from (2), read (2), saved (2), over (2), something (2), days (2), service (2), use (2), aws (2), cross (2), failover (2), sla (2), status (2), page (2), call (2), today (2), managed (2), source (2), proxy (2), self (2), under (2), have (2), honest (2), list (2), runs (2), cloudflare (2), edge (2), sits (2), redis (2), hit (2), served (2), requests (2), lives (2), level (2), payloads (2), short (2), capture (2), server (2), token (2), response (2), there (2), encryption (2), environment (2), down (2), works (2), back (2), then (2), last (2), touch (2), ask (2), ravi, rikuq, com, github, twitter, social, refunds, terms, contact, about, company, glossary, resources, faq, free, signup, product, lowest, way, watch, header, start, cents, try, without, handing, anything, risky, found, steps, reproduce, acknowledge, within, business, won, pursue, good, faith, researchers, who, avoid, violations, disruption, general, billing, questions, reporting, vulnerability, prompts, carry, sensitive, control, scrub, planned, shipped, pii, redaction, layer, run, publish, contractual, guarantees, formal, uptime, closed, host, open, path, active, evaluation, promised, hosted, option, these, roadmap, enterprise, adoption, delivered, need, tell, demand, moves, priority, soc, sso, saml, rather, decide, real, picture, than, discover, gap, later, global, fronting, auth, persistent, supabase, postgres, upstash, vector, index, entries, replicate, near, origin, non, cached, hits, typically, 30ms, warm, region, singapore, lands, around, 184ms, south, where, every, isolated, salted, hashes, sessions, signed, jwts, feature, encrypts, retains, window, pro, team, purges, timer, ships, gdpr, style, export, endpoints, off, unless, turn, opt, does, eval, replay, optional, side, conversation, history, rest, minute, ttl, written, long, term, logs, session, memory, default, usage, records, metadata, model, counts, cost, latency, tags, attach, bodies, messages, prompt, content, time, deletion, removes, soft, shadow, copy, secret, each, sealed, authenticated, cipher, tampering, detectable, just, unreadable, supplied, process, via, its, table, holds, locked, role, access, application, code, reads, through, narrow, projection, cannot, select, column, into, user, facing, same, place, actually, hold, fails, other, silently, falls, bills, stays, adds, tokens, billed, between, invoice, compute, against, when, add, make, single, live, confirm, encrypt, bad, rejected, validate, after, save, ever, shows, characters, identification, endpoint, line, support, tool, plaintext, logged, returned, openai, anthropic, google, more, they, our, using, alongside, stay, yours, bring, version, most, reasonable, question, pointing, traffic, this, answers, plainly, offer, here, isn, enough, bar, why, would, hand, updated, june, get, started, sign, handles,
Text of the page (random words):
security your api keys how prism handles byok prism by ssimplifi prism guides compare tools pricing docs blog dashboard sign in get started guides compare tools pricing docs security your api keys last updated june 1 2026 the most reasonable question to ask before pointing your traffic at prism is why would i hand my provider api keys to a proxy this page answers it plainly how your keys are stored what we log what we never touch and an honest list of what we don t yet offer if something here isn t enough for your risk bar email email protected and ask bring your own keys byok the short version your keys stay yours provider keys you register openai anthropic google and 5 more are encrypted with aes 256 gcm before they touch our database using a key that lives only in the server environment never in the database alongside the ciphertext keys are never logged and never returned after you save a key the api only ever shows you the last 4 characters for identification there is no endpoint log line or support tool that can read your key back in plaintext validate then store when you add a key we make a single 1 token live call to that provider to confirm it works then encrypt and store it a bad key is rejected before it s saved 0 markup your bill on byok requests prism adds zero markup the tokens are billed by your provider to you on your own account prism never sits between you and your provider s invoice we compute your cache savings against your bill failover stays on your keys if a provider you hold a key for is down prism fails over only to other providers you have keys for it never silently falls back to a prism managed key or bills you for one how key encryption actually works each key is sealed with aes 256 gcm an authenticated cipher so tampering with the stored ciphertext is detectable not just unreadable the encryption key is supplied to the api process via its environment and is never stored in the same place as the encrypted keys the database table that holds them is locked down with row level security to service role access only application code reads it through a narrow projection that cannot select the ciphertext column into any user facing response you can delete any key at any time from your providers dashboard deletion removes the row there is no soft delete shadow copy of the secret what we log and what we don t we do not log your prompt or response content by default usage records capture metadata model token counts cost latency cache status the tags you attach not the bodies of your messages session memory the optional server side conversation history is encrypted at rest in redis with a 30 minute ttl and is never written to long term logs eval replay capture the one feature that does store request payloads is opt in only encrypts payloads with aes 256 gcm retains them for a short window 7 days on pro 30 on team purges on a timer and ships gdpr style export and delete endpoints it is off unless you turn it on every account s data is isolated by row level security api keys are stored as salted hashes dashboard sessions use signed jwts where your data lives prism runs on aws in mumbai ap south 1 with cloudflare s global edge fronting the api for auth and cache persistent data sits in supabase postgres and upstash redis vector index cache entries replicate to cloudflare s edge so a cache hit can be served near you but the origin that runs your non cached requests is mumbai cache hits are typically served in under 30ms a warm cross region cache hit e g singapore mumbai lands around 184ms what we don t have yet the honest list we d rather you decide with the real picture than discover a gap later no soc 2 report sso or saml today these are on the roadmap for enterprise adoption but not delivered if you need them to evaluate tell us demand moves priority no self hosted option today prism is a managed closed source proxy a self host open source path is under active evaluation it is not promised no formal uptime sla we run 24 7 on aws with cross provider failover but we don t yet publish a contractual sla or a status page with on call guarantees no pii redaction layer yet if your prompts carry sensitive data you control what you send we don t scrub it for you planned not shipped reporting a vulnerability found something email email protected with steps to reproduce we ll acknowledge within 2 business days and won t pursue good faith researchers who avoid privacy violations and service disruption for general account or billing questions use email protected try it without handing over anything risky the lowest risk way to evaluate prism is byok register one provider key send one request and watch the x prism cache saved cents header report your savings on your own provider bill at zero prism markup start from the providers dashboard or read the byok docs product pricing docs free signup dashboard faq resources guides compare glossary tools blog company about contact bengaluru india security privacy terms refunds social twitter github email 2026 ssimplifi built in bengaluru india built by ravi rikuq com
|