Privacy Policy
What we collect, why we need it, how your API keys are protected, and how to delete your data. In short: we don't sell data, we never log key values, and there are no ad trackers.
Who we are
The data controller is the developer and operator of proxykey (proxykey.org), acting as a private individual; once a legal entity is registered, this page will be updated with its details. proxykey is a credential proxy for API keys: the real keys of third-party providers are stored on our side in encrypted form, while your applications work with virtual pass tokens.
A contact channel for questions about this policy and the processing of your data will be published on this page shortly.
What data we process
| Data | Why | Retention |
|---|---|---|
| Account — your email (passwordless sign-in link) or your GitHub account's identifier and email (GitHub OAuth sign-in). No passwords are used or stored. | Signing in to the panel, contacting you about important service matters. | As long as the account exists. |
| Secrets — the real API keys of third-party providers that you enter yourself. Stored only in encrypted form (AES-256-GCM, envelope encryption). | Injecting the real key into proxied requests — the core of the service. | As long as the account exists, or until you delete the secret. |
| Request logs — metadata of each proxied request: method, path, HTTP status, latency, source IP of the request, provider. Authorization headers and key values are never logged. | Statistics, debugging, security features. | As long as the account exists; deleted on request. |
| Request/response body previews — up to 4 KB, with automatic redaction of secret-looking strings. Recorded only if you explicitly enable this option for a specific pass. | Debugging your integrations — at your request. | Same as the logs themselves (together with them). |
| Session cookie — the panel session identifier (SameSite=Strict). | Keeping you signed in to the panel. | Until the session ends. |
| Website visit logs — standard web-server access logs for proxykey.org: IP address, requested page, time, browser user-agent, referring page. | Aggregate visit statistics (how many people visit and which pages they read) and abuse protection. The statistics are computed on our own server; nothing is shared with third-party analytics services (Google Analytics, etc.). | 14 days, then deleted automatically by log rotation. |
The source IP of a request is used for security features: binding a pass to an IP and notifying you about a request from a new IP. The network name (ASN) for IP addresses in the logs is resolved against a local copy of the iptoasn.com database — no external lookups; IP addresses are not shared with third parties for enrichment.
Why and on what legal basis
- Providing the service (performance of a contract with you): storing and injecting keys, proxying requests, the control panel, logs and statistics.
- Security (legitimate interest): binding passes to IPs, notifications about requests from new IPs, protection against unauthorized token use.
- Communicating with you (performance of a contract): sending one-time sign-in links and important service notifications to your email.
How keys are protected
- Each secret is encrypted with AES-256-GCM using an envelope scheme: a dedicated data key per secret, with the data key encrypted by a master key.
- Decryption happens only in memory and only for the duration of a specific request; decrypted values are never stored or cached anywhere.
- No API of the service ever returns a key value after it has been saved — not to you, not to anyone else.
- Key values and authorization headers are never written to logs; in body previews, secret-looking strings are automatically redacted.
Who we share data with
- The API providers you choose (OpenAI, Anthropic and others): the proxied requests themselves are forwarded to the provider you specified — that is what the service does. The content of those requests is subject to the respective provider's terms and policies.
- Infrastructure contractors: the hosting provider (server hosting) and the email delivery service (Resend — delivery of sign-in links and notifications) — strictly to the extent necessary to run the service.
We do not sell your data and do not share it with third parties for advertising or profiling.
Retention periods
Account data and secrets are kept as long as the account exists; when the account is deleted, they are deleted with it. Request logs (including body previews, if you enabled them) are kept as long as the account exists; you can request earlier deletion.
Your rights
You can request access to your data, its rectification, erasure, or object to processing. You can delete secrets and revoke passes yourself in the panel at any time; the entire account — with all secrets, passes and logs — can be deleted there as well (Overview → danger zone). For other requests we will respond within the timeframe required by applicable law.
Cookies
We use a single session cookie — for signing in to the panel (SameSite=Strict). There are no ad trackers, third-party analytics, or tracking pixels on the site or in the panel.
This is also why there is no cookie-consent banner on the site: consent is only required for non-essential cookies (advertising, third-party analytics), and we use none. Our only cookie is a strictly necessary session cookie, which is exempt from consent requirements. If non-essential cookies ever appear, a consent prompt will appear first.
International data transfers
Data is processed and stored on rented servers that may be located outside your country of residence. If running the service ever requires transferring data to other jurisdictions, we will put in place the safeguards required by law for such transfers.
Children
The service is not intended for anyone under 16, and we do not knowingly collect their data. If you believe a child has provided us with their data, let us know via the contact channel in "Who we are" and we will delete it.
Changes to this policy
Updates are published on this page; the "Last updated" date at the top reflects the current version. We will additionally announce material changes by email.