Terms of Service
proxykey keeps your API keys encrypted and hands your applications revocable passes. This page sets out the rules: what we promise, what we don't, and what stays on your side of the line.
1. General
The proxykey service (the "service") is provided by its developer, acting as a private individual ("we", "us"); once a legal entity is registered, these terms will be updated with its details. These terms are the agreement between you and us governing your use of the service, including the website proxykey.org, the control panel at app.proxykey.org, the proxy at api.proxykey.org, and the MCP server at mcp.proxykey.org.
By creating an account or using the service in any other way, you accept these terms. If you do not agree with them, do not use the service.
2. The service
proxykey is a credential proxy for API keys. You enter your real provider key (OpenAI, Anthropic, Google, Telegram, and others) once; the key is encrypted with AES-256-GCM and is never returned by any API of the service. Instead of the key, applications and AI agents receive virtual tokens, and requests go through the proxy at api.proxykey.org: the service injects the real key on its side and forwards the request to the provider.
| Term | Meaning |
|---|---|
| Secret | The real provider API key you have stored in the service. |
| Pass | A virtual token (vlt_…) bound to a secret. This is what applications receive; a pass supports IP binding, request limits (rpm/rpd), and one-click revocation. |
| MCP token | A token (mcp_…) for the MCP server that lets an AI agent manage passes. The agent cannot read the real key. |
The service logs request metadata: method, path, status, and latency. Authorization headers and key values are never logged; request-body previews (up to 4 KB) are stored only if you explicitly enable them for a specific pass. For details on how data is handled, see the privacy policy.
3. Account
You sign in with a one-time link sent to your email or via GitHub OAuth; the service stores no password. You are responsible for access to your email inbox and your GitHub account: whoever controls them controls your account in the service.
Everything done under your account is treated as done by you. If you suspect someone else has gained access to your account, revoke your passes and MCP tokens and contact us.
4. Acceptable use
You may use the service only for lawful purposes. When proxying requests to third-party provider APIs, you must comply with those providers' own terms: a pass does not exempt you from the rules of OpenAI, Anthropic, Telegram, or any other provider whose API you use through the service.
You must not:
- attempt to access other users' secrets, accounts, or data;
- disrupt or attempt to disrupt the operation of the service, including circumventing request limits or IP-binding mechanisms;
- use the service for unlawful content or unlawful activity;
- resell access to the service or offer it to third parties as your own service without our written consent.
5. Your responsibilities
Passes and MCP tokens are access credentials; keep them confidential and do not publish them. If you suspect a token has been compromised, revoke it immediately — it takes one click and does not affect the real key.
Requests made through your passes are billed by the providers against your keys. Any charges the providers incur are your responsibility, including when the requests were sent by an application or agent you issued a token to.
6. Fees
The service is currently free: no card required, no paid plans. If paid plans are introduced, the payment terms will be published in advance — before anything becomes chargeable.
7. Disclaimer of warranties
The service is provided "as is" and "as available". We aim for uninterrupted operation but do not guarantee it, nor do we guarantee that the service will be error-free.
We do not control the third-party providers whose APIs the service proxies, and we are not responsible for their availability, for changes to their APIs, pricing, or terms, or for their decisions regarding your keys and accounts.
8. Limitation of liability
To the maximum extent permitted by law, we are not liable for indirect or consequential damages, including lost profits, loss of data, or loss of goodwill, arising from your use of or inability to use the service.
Our aggregate liability for any claims relating to the service is limited — to the maximum extent permitted by applicable law — to the amount you have paid us for the service in the preceding 12 months; as the service is currently free, that amount is zero.
9. Suspension and termination
We may suspend or terminate your access to the service if you violate these terms, or where the law or the security of the service and its other users requires it. Where reasonably possible, we will give you advance notice.
You may stop using the service at any time: revoke your passes and delete your secrets in the panel. You can also delete the entire account there (Overview → danger zone) — all data is erased irreversibly.
10. Changes to these terms
We may update these terms from time to time. The current version is always published on this page, with the last-updated date shown at the top. We will announce material changes with a notice on this page. By continuing to use the service after changes take effect, you accept the updated terms.
11. Governing law
The parties will seek to resolve disputes over these terms by negotiation. The governing law will be specified in this section once a legal entity is registered; until then, the mandatory rules of the law applicable to the parties apply.
12. Contact
A contact channel for questions about these terms will be published on this page shortly.