If you are not sure if the website you would like to visit is secure, you can verify it here. Enter the website address of the page and see parts of its content and the thumbnail images on this site. None (if any) dangerous scripts on the referenced page will be executed. Additionally, if the selected site contains subpages, you can verify it (review) in batches containing 5 pages.
favicon.ico: ssimplifi.com/security - Security & your API keys  .

site address: ssimplifi.com/security redirected to: ssimplifi.com/security

site title: Security & your API keys how Prism handles BYOK Prism by Ssimplifi

Our opinion (on Friday 03 July 2026 11:47:08 UTC):

GREEN status (no comments) - no comments
After content analysis of this website we propose the following hashtags:



Meta tags:
description=How Prism secures your data and your provider API keys: AES-256-GCM encryption, keys never logged or returned, validate-then-store, $0 markup on BYOK, and an honest account of what we don t yet offer.;

Headings (most frequently used words):

your, what, we, keys, the, don, security, api, bring, own, byok, short, version, how, key, encryption, actually, works, log, and, where, data, lives, have, yet, honest, list, reporting, vulnerability, try, it, without, handing, over, anything, risky, product, resources, company, social,

Text of the page (most frequently used words):
the (30), your (23), you (18), and (16), prism (13), key (12), keys (12), with (11), for (10), provider (9), cache (8), never (8), what (7), are (7), api (7), that (7), email (6), not (6), #security (5), dashboard (5), byok (5), don (5), only (5), docs (4), one (4), yet (4), data (4), stored (4), log (4), tools (3), compare (3), guides (3), pricing (3), own (3), bill (3), markup (3), providers (3), account (3), protected (3), but (3), them (3), mumbai (3), can (3), row (3), store (3), aes (3), 256 (3), gcm (3), delete (3), encrypted (3), any (3), ciphertext (3), database (3), how (3), before (3), built (2), 2026 (2), ssimplifi (2), bengaluru (2), india (2), privacy (2), blog (2), risk (2), evaluate (2), register (2), send (2), request (2), report (2), savings (2), zero (2), from (2), read (2), saved (2), over (2), something (2), days (2), service (2), use (2), aws (2), cross (2), failover (2), sla (2), status (2), page (2), call (2), today (2), managed (2), source (2), proxy (2), self (2), under (2), have (2), honest (2), list (2), runs (2), cloudflare (2), edge (2), sits (2), redis (2), hit (2), served (2), requests (2), lives (2), level (2), payloads (2), short (2), capture (2), server (2), token (2), response (2), there (2), encryption (2), environment (2), down (2), works (2), back (2), then (2), last (2), touch (2), ask (2), ravi, rikuq, com, github, twitter, social, refunds, terms, contact, about, company, glossary, resources, faq, free, signup, product, lowest, way, watch, header, start, cents, try, without, handing, anything, risky, found, steps, reproduce, acknowledge, within, business, won, pursue, good, faith, researchers, who, avoid, violations, disruption, general, billing, questions, reporting, vulnerability, prompts, carry, sensitive, control, scrub, planned, shipped, pii, redaction, layer, run, publish, contractual, guarantees, formal, uptime, closed, host, open, path, active, evaluation, promised, hosted, option, these, roadmap, enterprise, adoption, delivered, need, tell, demand, moves, priority, soc, sso, saml, rather, decide, real, picture, than, discover, gap, later, global, fronting, auth, persistent, supabase, postgres, upstash, vector, index, entries, replicate, near, origin, non, cached, hits, typically, 30ms, warm, region, singapore, lands, around, 184ms, south, where, every, isolated, salted, hashes, sessions, signed, jwts, feature, encrypts, retains, window, pro, team, purges, timer, ships, gdpr, style, export, endpoints, off, unless, turn, opt, does, eval, replay, optional, side, conversation, history, rest, minute, ttl, written, long, term, logs, session, memory, default, usage, records, metadata, model, counts, cost, latency, tags, attach, bodies, messages, prompt, content, time, deletion, removes, soft, shadow, copy, secret, each, sealed, authenticated, cipher, tampering, detectable, just, unreadable, supplied, process, via, its, table, holds, locked, role, access, application, code, reads, through, narrow, projection, cannot, select, column, into, user, facing, same, place, actually, hold, fails, other, silently, falls, bills, stays, adds, tokens, billed, between, invoice, compute, against, when, add, make, single, live, confirm, encrypt, bad, rejected, validate, after, save, ever, shows, characters, identification, endpoint, line, support, tool, plaintext, logged, returned, openai, anthropic, google, more, they, our, using, alongside, stay, yours, bring, version, most, reasonable, question, pointing, traffic, this, answers, plainly, offer, here, isn, enough, bar, why, would, hand, updated, june, get, started, sign, handles,


Text of the page (random words):
security your api keys how prism handles byok prism by ssimplifi prism guides compare tools pricing docs blog dashboard sign in get started guides compare tools pricing docs security your api keys last updated june 1 2026 the most reasonable question to ask before pointing your traffic at prism is why would i hand my provider api keys to a proxy this page answers it plainly how your keys are stored what we log what we never touch and an honest list of what we don t yet offer if something here isn t enough for your risk bar email email protected and ask bring your own keys byok the short version your keys stay yours provider keys you register openai anthropic google and 5 more are encrypted with aes 256 gcm before they touch our database using a key that lives only in the server environment never in the database alongside the ciphertext keys are never logged and never returned after you save a key the api only ever shows you the last 4 characters for identification there is no endpoint log line or support tool that can read your key back in plaintext validate then store when you add a key we make a single 1 token live call to that provider to confirm it works then encrypt and store it a bad key is rejected before it s saved 0 markup your bill on byok requests prism adds zero markup the tokens are billed by your provider to you on your own account prism never sits between you and your provider s invoice we compute your cache savings against your bill failover stays on your keys if a provider you hold a key for is down prism fails over only to other providers you have keys for it never silently falls back to a prism managed key or bills you for one how key encryption actually works each key is sealed with aes 256 gcm an authenticated cipher so tampering with the stored ciphertext is detectable not just unreadable the encryption key is supplied to the api process via its environment and is never stored in the same place as the encrypted keys the database table that holds them is locked down with row level security to service role access only application code reads it through a narrow projection that cannot select the ciphertext column into any user facing response you can delete any key at any time from your providers dashboard deletion removes the row there is no soft delete shadow copy of the secret what we log and what we don t we do not log your prompt or response content by default usage records capture metadata model token counts cost latency cache status the tags you attach not the bodies of your messages session memory the optional server side conversation history is encrypted at rest in redis with a 30 minute ttl and is never written to long term logs eval replay capture the one feature that does store request payloads is opt in only encrypts payloads with aes 256 gcm retains them for a short window 7 days on pro 30 on team purges on a timer and ships gdpr style export and delete endpoints it is off unless you turn it on every account s data is isolated by row level security api keys are stored as salted hashes dashboard sessions use signed jwts where your data lives prism runs on aws in mumbai ap south 1 with cloudflare s global edge fronting the api for auth and cache persistent data sits in supabase postgres and upstash redis vector index cache entries replicate to cloudflare s edge so a cache hit can be served near you but the origin that runs your non cached requests is mumbai cache hits are typically served in under 30ms a warm cross region cache hit e g singapore mumbai lands around 184ms what we don t have yet the honest list we d rather you decide with the real picture than discover a gap later no soc 2 report sso or saml today these are on the roadmap for enterprise adoption but not delivered if you need them to evaluate tell us demand moves priority no self hosted option today prism is a managed closed source proxy a self host open source path is under active evaluation it is not promised no formal uptime sla we run 24 7 on aws with cross provider failover but we don t yet publish a contractual sla or a status page with on call guarantees no pii redaction layer yet if your prompts carry sensitive data you control what you send we don t scrub it for you planned not shipped reporting a vulnerability found something email email protected with steps to reproduce we ll acknowledge within 2 business days and won t pursue good faith researchers who avoid privacy violations and service disruption for general account or billing questions use email protected try it without handing over anything risky the lowest risk way to evaluate prism is byok register one provider key send one request and watch the x prism cache saved cents header report your savings on your own provider bill at zero prism markup start from the providers dashboard or read the byok docs product pricing docs free signup dashboard faq resources guides compare glossary tools blog company about contact bengaluru india security privacy terms refunds social twitter github email 2026 ssimplifi built in bengaluru india built by ravi rikuq com
Thumbnail images (randomly selected): * Images may be subject to copyright.GREEN status (no comments)

    No Images


    Verified site has: 16 subpage(s). Do you want to verify them? Verify pages:

    1-5 6-10 11-15 16-16


    The site also has 3 references to external domain(s).

     twitter.com  Verify  github.com  Verify  rikuq.com  Verify


    Top 50 hastags from of all verified websites.

    Supplementary Information (add-on for SEO geeks)*- See more on header.verify-www.com

    Header

    HTTP/1.1 308 Permanent Redirect
    Date Fri, 03 Jul 2026 11:47:07 GMT
    Content-Type text/plain
    Transfer-Encoding chunked
    Connection close
    Location htt????/ssimplifi.com/security
    Refresh 0;url=htt????/ssimplifi.com/security
    Server cloudflare
    Cf-Cache-Status DYNAMIC
    Report-To group : cf-nel , max_age :604800, endpoints :[ url : htt????/a.nel.cloudflare.com/report/v4?s=kh%2F2YjhiISofjGg5FFF4R%2Fj8%2BNu3ZBViLxRJh1wcH7zPlF7ngyNEDU9qDQ2rK8hO4mlbpqs3n2hUVLG41%2FblwC4oWswQxhIj0hlMFUeVTEQMFQOM3QyGMP1F5jZ8JKvC ]
    Nel report_to : cf-nel , success_fraction :0.0, max_age :604800
    CF-RAY a155a7564f9f95ab-AMS
    alt-svc h3= :443 ; ma=86400
    HTTP/2 200
    date Fri, 03 Jul 2026 11:47:08 GMT
    content-type text/html; charset=utf-8
    access-control-allow-origin *
    age 2576382
    cache-control public, max-age=0, must-revalidate
    content-disposition inline
    nel report_to : cf-nel , success_fraction :0.0, max_age :604800
    report-to group : cf-nel , max_age :604800, endpoints :[ url : htt????/a.nel.cloudflare.com/report/v4?s=VCFWc8%2Fupxmb5nLAyKeSMK32HdRwFrBd8BrzY3WbVlZpiPBD3nNOF8IXxxoUa4Pqad5KtiPZFHy8xOa1h6e9FcQ3hts%2FD2YF13knXe4Sf46KFLk8I7Bi4kuF7s6FtxXn ]
    server cloudflare
    strict-transport-security max-age=63072000
    vary rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch
    vary accept-encoding
    x-matched-path /security
    x-nextjs-prerender 1
    x-nextjs-stale-time 300
    x-vercel-cache HIT
    x-vercel-id cdg1::d6zpg-1783079227972-a3f417e9955f
    cf-cache-status DYNAMIC
    content-encoding gzip
    cf-ray a155a756be34d151-CDG
    alt-svc h3= :443 ; ma=86400

    Meta Tags

    title="Security & your API keys how Prism handles BYOK | Prism by Ssimplifi"
    charset="utf-8"
    name="viewport" content="width=device-width, initial-scale=1"
    name="next-size-adjust" content=""
    name="description" content="How Prism secures your data and your provider API keys: AES-256-GCM encryption, keys never logged or returned, validate-then-store, $0 markup on BYOK, and an honest account of what we don't yet offer."
    name="robots" content="index, follow"
    property="og:title" content="Security & your API keys — Prism by Ssimplifi"
    property="og:description" content="How Prism secures your provider API keys (BYOK) and your request data — encryption, key handling, data retention, and an honest list of what we don't yet have."
    property="og:url" content="htt????/ssimplifi.com/security"
    name="twitter:card" content="summary"
    name="twitter:title" content="Security & your API keys — Prism by Ssimplifi"
    name="twitter:description" content="How Prism secures your provider API keys (BYOK) and your request data — encryption, key handling, data retention, and an honest list of what we don't yet have."

    Load Info

    page size10622
    load time (s)0.513343
    redirect count1
    speed download20705
    server IP 172.67.188.51
    * all occurrences of the string "http://" have been changed to "htt???/"