Privacy Policy

Last updated: July 2026

Your AI API keys never touch our servers

This is the most important thing to understand about AICostPass: we do not store your provider API keys (Anthropic, OpenAI, etc.) in our database — ever.

When you connect a provider key, it is stored locally in your browser's storage (localStorage), scoped to your account on your device. The key is sent directly from your browser to the provider's API when syncing usage. It is never transmitted to, stored on, or readable by our servers.

Key point: If you clear your browser storage or switch devices, your keys are gone — you'll re-enter them. That's by design. Your keys never leave your browser.

What we do store

What we don't store

How we use your data

We do NOT sell your data. We do NOT use your data for advertising. We do NOT share your data with third parties except as required for the service (Paddle for payments, Resend for email delivery) or as required by law.

Cookies

We use one strictly-necessary cookie: a session cookie (so you stay logged in). We do not use tracking, advertising, or analytics cookies.

Data retention

Your rights

You can export or delete your account data at any time. Because your usage data and API keys live in your browser, clearing your browser storage removes them immediately — no request to us required. To delete your account, email [email protected].

Third-party services

Security

Passwords are hashed with scrypt. Sessions use signed JWTs in httpOnly cookies. 2FA via TOTP is available. See our Terms of Service for full details on acceptable use.

Children's privacy

AICostPass is not intended for users under 13. We do not knowingly collect data from children.

Changes to this policy

We may update this privacy policy. Material changes will be announced via email to active accounts.

Contact

Questions about privacy? Email [email protected].

© 2026 AICostPass. All rights reserved.