How we handle your credentials.
Stax connects to your AI providers using API keys and OAuth tokens. We read billing endpoints, not request content. Here's exactly what that means in practice.
Billing and usage metadata.
Dollar amounts, dates, model names, request counts, invoice line items, seat counts, and renewal dates — pulled from each provider's billing API.
Prompts and completions.
We never read the content of your AI requests or responses. Your prompts and the model's outputs never touch our servers. Ever.
AES-256 envelope encryption.
Every API key and OAuth token is encrypted with AES-256-GCM before it hits storage. Encryption keys are managed by Cloudflare KMS, not in application code.
TLS 1.3 only.
Every connection — browser to Stax, Stax to providers — runs over TLS 1.3. Older protocols are disabled at the edge.
Read-only, billing-only.
OAuth scopes are requested at the narrowest possible level. We ask for billing read, not full account access. We can't delete, charge, or modify anything in your provider account.
Every key access is logged.
Decrypts of stored credentials are written to an append-only audit log. You can request the log for any of your own keys at any time.
Provider → encrypted store → your dashboard.
OpenAI, Anthropic, Cursor & friends.
You generate or authorize a credential and paste it into Stax. We never see your password.
Encrypted at the edge, decrypted only to fetch.
Your credential is AES-256-GCM encrypted in Cloudflare D1, behind a KMS-managed key.
Dollars, dates, tags. Yours alone.
Aggregated into the views you see. Per-workspace isolation; no cross-tenant queries are possible.
Per-provider scope matrix.
The exact auth method, scope, and endpoint we hit for each supported provider. If a provider isn't on the list, it isn't connected.
Supported providers · v1 matrix
| Provider | Auth | Scope | Endpoint | Data fetched |
|---|---|---|---|---|
| OOpenAI | API key | — | /v1/dashboard/billing/* | Usage, invoice totals |
| AAnthropic | API key | — | /v1/organizations/usage_report | Usage, model breakdown |
| CCursor | OAuth | billing:read | /api/billing/team | Seats, invoices, renewal |
| GGitHub Copilot | OAuth | manage_billing:enterprise | /enterprises/{e}/copilot/billing | Seats, active users |
| CChatGPT Team | OAuth | billing:read | /api/team/billing | Seats, invoices |
| PPerplexity | API key | — | /api/v1/usage | Usage, request counts |
| GGoogle AI | Service acct | billing.accounts.get | cloudbilling.googleapis.com | Usage, invoice line items |
| MMistral | API key | — | /v1/usage | Usage, request counts |
What we collect, in plain English.
When you connect a provider, Stax stores three things:
- The encrypted credential (API key or OAuth token) — used only to call the provider's billing endpoint on your behalf.
- The billing metadata we fetch — line items, model usage counts, invoice totals, dates. Used to build your dashboard and run budget alerts.
- The workspace settings you create — tags, budgets, alert recipients. None of this leaves your workspace.
That's the entire list. We do not store prompts. We do not store completions. We do not train any model on anything we pull. Provider data is yours and stays yours.
Compliance and certifications.
SOC 2 is the active priority. We're working through Type II controls with a third-party auditor now; the formal observation window opens in the third quarter of 2026. If your procurement process needs a current security questionnaire or our vendor risk pack before then, email [email protected] and you'll get a response within one business day.
Sub-processors.
We use a deliberately small set of vendors. Each one is contractually bound to handle data on the same terms.
- Cloudflare — site hosting, edge compute, database, and KMS for credential encryption.
- Stripe — payment processing. We never see your card number.
- Resend — transactional email delivery (waitlist notifications, budget alerts).
No analytics vendor. No advertising network. No data broker. The full and current list lives in the privacy policy.
Responsible disclosure.
If you find a vulnerability, please report it before disclosing publicly. We treat security reports as the highest-priority inbound and acknowledge every one within one business day.
Email: [email protected]
Acknowledgement: within 1 business day.
Resolution target: critical issues patched within 7 days; everything else within 30.
Safe harbor: good-faith research that does not access other customers' data, degrade service, or violate the law is welcomed. We won't pursue legal action against researchers who follow this policy.
We don't run a paid bounty program yet. We do credit reporters in the changelog if you'd like — just say so in the email.
Rotating or revoking a key.
You can revoke any connected credential from your workspace settings at any time. Revocation deletes the encrypted credential from our store within 60 seconds; the cached billing data we already pulled is kept on your standard retention schedule (and can be deleted on request — email [email protected]).
If you believe a key may be compromised, rotate it on the provider's side first, then re-paste the new key into Stax. Old usage records remain intact and tied to your workspace.