Security
How SpendLil handles your data and why the passthrough model minimises risk.
SpendLil's security model is built on a simple principle: store as little as possible. The less we hold, the less there is to breach.
What SpendLil Stores
| Data | Stored? | Detail |
|---|---|---|
| Your provider API keys | No | Passthrough only. SHA-256 hash stored for identification. |
| Your prompt content | No | Request body is forwarded and not persisted. |
| AI responses | No | Response body is forwarded and not persisted. |
| Token counts | Yes | Input/output token counts per request. |
| Cost estimates | Yes | Calculated from token counts and model pricing. |
| Model name | Yes | Extracted from the request body. |
| Timestamps | Yes | When each request was made. |
| Key hash + hint | Yes | SHA-256 hash and last 4 characters of your provider key. |
| Account details | Yes | Email, name, plan, billing info. |
The Passthrough Model
SpendLil never stores your provider API keys. They pass through in the request header from your app to the provider and back. We compute a SHA-256 hash purely for identification — to group usage records by key in your dashboard — and store the last 4 characters as a visual hint so you can tell which key is which.
SHA-256 is a one-way hash function. The full key cannot be recovered from the hash. Even if SpendLil's database were compromised, your API keys would not be exposed.
No Prompt Storage
SpendLil does not read, log, or store the content of your prompts or AI responses. The request body is forwarded to the provider and the response body is forwarded back to your app. The only data extracted from the response is the token usage counts (a few numbers) and the model name.
SpendLil only sees metadata: how many tokens, which model, how much it cost. The actual content of your AI interactions is not our business.
Infrastructure Security
- All traffic is encrypted in transit (TLS/HTTPS)
- DynamoDB data is encrypted at rest (AWS-managed keys)
- Lambda functions run in isolated execution environments
- IAM roles follow least-privilege access
- Cognito handles authentication with bcrypt password hashing
- TOTP-based two-factor authentication available
- Trusted device tokens with 30-day expiry
- Point-in-time recovery enabled on DynamoDB
Data Retention
Usage records auto-expire after 90 days by default (configurable per account). Audit logs expire after 365 days. You can request full data deletion at any time by deleting your account.
Compared to Alternatives
Many AI management tools require you to hand over your API keys so they can make requests on your behalf. This means they store your keys (encrypted or not), and a breach of their system exposes your keys. SpendLil's passthrough model eliminates this entire category of risk.