Security
Protecting your data is foundational to everything we build. Here's how we keep your API traffic and account secure.
Encryption at Rest & In Transit
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. API keys are hashed and never stored in plaintext.
SOC 2 Type II
We maintain SOC 2 Type II compliance with annual audits by independent third-party assessors.
Zero Data Retention
We do not store, log, or train on your prompts or completions. Request data is proxied and never persisted.
Role-Based Access Control
Granular API key permissions with scoped access, rate limits, and IP allowlisting for enterprise accounts.
Infrastructure Security
Deployed on Cloudflare's global edge network with DDoS protection, WAF, and isolated compute environments.
Incident Response
24/7 monitoring with automated alerting. Our incident response team follows a documented runbook with < 1 hour acknowledgment SLA.
Report a Vulnerability
If you discover a security issue, please report it responsibly. We appreciate your help keeping TokenHub safe.
Contact Security Team