Security & data
What we do (and don't do) with your prompts, completions, API keys, and metadata.
NeuroAPI is built so prompts and completions transit through the system, are billed, and are not retained. The only data we keep is what we need to authenticate, meter, and debug - and even that excludes the content of your prompts.
What we don't store
- Prompt text. Not persisted in our database. Not written to durable logs. Not kept after the response is delivered.
message_historycontent. Same as prompts.- Completion text. Streamed or returned, then forgotten.
- Training corpora. Your traffic is not used to train any model on our side, and is not shared with any party other than the model provider serving the request.
What we do store
| Scope | Fields |
|---|---|
| Per call | request_id, timestamp, API-key prefix (neuro_<8 chars>), HTTP status, cost_units, mode, request and response byte counts |
| Per account | account email, hashed password, Stripe customer / subscription ids, monthly usage counters, list of API-key prefixes |
The API-key prefix is the public identifier (e.g.
neuro_a1b2c3d4) - never the full secret. The full secret is shown
once at creation, hashed-and-encrypted at rest, and unrecoverable
afterwards.
Where prompts go
Prompts and completions are processed by a mix of two backends:
- Leading model providers - Anthropic, OpenAI, and DeepSeek - under their respective enterprise data-handling terms, which exclude API traffic from training corpora at the time of writing.
- Open-source models and our own customized fine-tunes, hosted on Neurobro infrastructure. Traffic served by these models stays entirely within Neurobro and is not shared with any third party.
The mix is selected per request based on the chosen mode. If your
compliance posture requires excluding a specific third-party provider
or pinning your traffic to in-house models only, email
[email protected] and we will scope your account accordingly.
Logging policy
- Application logs record the API-key prefix only; full secrets are never written. The same rule applies to error reports forwarded to our error-tracking pipeline (payloads are scrubbed before send).
- The
X-Request-Idheader on every response is the safe correlation id to share with support - it does not encode any account or key material. - Operational logs are kept for the minimum window needed to debug and meter usage.
API-key handling
- At rest. Keys are stored as a peppered hash of the secret plus a versioned encrypted ciphertext copy. Plaintext exists in memory only at creation time and is discarded after it's shown to the user.
- On the wire. TLS 1.2+ is enforced at the edge.
- Rotation. Mint a new key, deploy alongside, switch traffic, then
revoke the old one - see the Authentication
guide. Revoked keys return
401on the next request; there is no grace period. - Misuse protection. Repeated failed-auth attempts from the same source are rate-limited (20 / minute) to throttle credential guessing.
Encryption
We use industry-standard encryption everywhere data is stored or transmitted.
| Layer | Mechanism |
|---|---|
| In transit | TLS 1.2+ on every external connection |
| At rest, account data | Encrypted at rest |
| At rest, API keys | Authenticated symmetric encryption (AES-128-CBC + HMAC-SHA256) with a versioned envelope key |
Data retention
| Data | Retention |
|---|---|
Prompts, completions, message_history | Not retained |
| Operational logs (request_id, status, prefix, byte counts) | Minimum needed to debug + meter |
| Billing / usage records | Retained for tax and accounting requirements |
| Account record | Until you delete the account, then purged on next batch |
Compliance & data-subject requests
- GDPR. Data-subject requests (access, deletion, export) go to
[email protected]. - DPA. A Data Processing Addendum is available on request to the same address.
- Certifications. We follow SOC2-aligned operational practices internally; formal certification status is published here when finalised.
Reporting a vulnerability
Email [email protected] with a subject prefixed vulnerability:. We
acknowledge within one business day. There is no public bounty
programme today; we credit reporters in the changelog when a fix
ships, with their permission.