Security
Security
How we protect your data and API keys.
lock
Encryption
All API traffic is encrypted in transit. API keys are stored in protected form at rest and are never shown again after initial creation.
shield
Infrastructure
Our infrastructure uses isolated services, restricted access boundaries, and operational controls designed to reduce exposure.
vpn_key
API Key Security
- Keys are shown only once at creation time
- Per-key daily spend limits and optional expiration dates
- Instant revocation via dashboard
- Rate limiting per key to prevent abuse
- Key prefix visible for identification without exposing the full key
visibility_off
Privacy
- No KYC required by default
- Service data retained only as needed for processing, billing, debugging, and abuse prevention
- No tracking-heavy marketing surface
- Privacy-aware billing options
bug_report
Vulnerability Reporting
If you discover a security vulnerability, please report it responsibly to security@cheapaiapi.com.
Please do not publicly disclose vulnerabilities before we've had a chance to address them.
verified_user
Best Practices
We recommend the following for securing your integration:
- Rotate API keys regularly
- Set daily spend limits on production keys
- Use expiration dates for temporary or shared access
- Never commit API keys to version control
- Use environment variables for key storage