proxykey API KEY VAULT

Terms of Service

proxykey keeps your API keys encrypted and hands your applications revocable passes. This page sets out the rules: what we promise, what we don't, and what stays on your side of the line.

Last updated: 06.07.2026 · proxykey

1. General

The proxykey service (the "service") is provided by its developer, acting as a private individual ("we", "us"); once a legal entity is registered, these terms will be updated with its details. These terms are the agreement between you and us governing your use of the service, including the website proxykey.org, the control panel at app.proxykey.org, the proxy at api.proxykey.org, and the MCP server at mcp.proxykey.org.

By creating an account or using the service in any other way, you accept these terms. If you do not agree with them, do not use the service.

2. The service

proxykey is a credential proxy for API keys. You enter your real provider key (OpenAI, Anthropic, Google, Telegram, and others) once; the key is encrypted with AES-256-GCM and is never returned by any API of the service. Instead of the key, applications and AI agents receive virtual tokens, and requests go through the proxy at api.proxykey.org: the service injects the real key on its side and forwards the request to the provider.

TermMeaning
SecretThe real provider API key you have stored in the service.
PassA virtual token (vlt_…) bound to a secret. This is what applications receive; a pass supports IP binding, request limits (rpm/rpd), and one-click revocation.
MCP tokenA token (mcp_…) for the MCP server that lets an AI agent manage passes. The agent cannot read the real key.

The service logs request metadata: method, path, status, and latency. Authorization headers and key values are never logged; request-body previews (up to 4 KB) are stored only if you explicitly enable them for a specific pass. For details on how data is handled, see the privacy policy.

3. Account

You sign in with a one-time link sent to your email or via GitHub OAuth; the service stores no password. You are responsible for access to your email inbox and your GitHub account: whoever controls them controls your account in the service.

Everything done under your account is treated as done by you. If you suspect someone else has gained access to your account, revoke your passes and MCP tokens and contact us.

4. Acceptable use

You may use the service only for lawful purposes. When proxying requests to third-party provider APIs, you must comply with those providers' own terms: a pass does not exempt you from the rules of OpenAI, Anthropic, Telegram, or any other provider whose API you use through the service.

You must not:

5. Your responsibilities

Passes and MCP tokens are access credentials; keep them confidential and do not publish them. If you suspect a token has been compromised, revoke it immediately — it takes one click and does not affect the real key.

Requests made through your passes are billed by the providers against your keys. Any charges the providers incur are your responsibility, including when the requests were sent by an application or agent you issued a token to.

6. Fees

The service is currently free: no card required, no paid plans. If paid plans are introduced, the payment terms will be published in advance — before anything becomes chargeable.

7. Disclaimer of warranties

The service is provided "as is" and "as available". We aim for uninterrupted operation but do not guarantee it, nor do we guarantee that the service will be error-free.

We do not control the third-party providers whose APIs the service proxies, and we are not responsible for their availability, for changes to their APIs, pricing, or terms, or for their decisions regarding your keys and accounts.

8. Limitation of liability

To the maximum extent permitted by law, we are not liable for indirect or consequential damages, including lost profits, loss of data, or loss of goodwill, arising from your use of or inability to use the service.

Our aggregate liability for any claims relating to the service is limited — to the maximum extent permitted by applicable law — to the amount you have paid us for the service in the preceding 12 months; as the service is currently free, that amount is zero.

9. Suspension and termination

We may suspend or terminate your access to the service if you violate these terms, or where the law or the security of the service and its other users requires it. Where reasonably possible, we will give you advance notice.

You may stop using the service at any time: revoke your passes and delete your secrets in the panel. You can also delete the entire account there (Overview → danger zone) — all data is erased irreversibly.

10. Changes to these terms

We may update these terms from time to time. The current version is always published on this page, with the last-updated date shown at the top. We will announce material changes with a notice on this page. By continuing to use the service after changes take effect, you accept the updated terms.

11. Governing law

The parties will seek to resolve disputes over these terms by negotiation. The governing law will be specified in this section once a legal entity is registered; until then, the mandatory rules of the law applicable to the parties apply.

12. Contact

A contact channel for questions about these terms will be published on this page shortly.