Security
Built for teams that need proof, not promises. Here’s exactly how we protect your data, your credentials, and your spend.
AES-256-GCM encryption at rest
Every secret · API keys, connector credentials, MFA secrets, SSO client secrets · encrypted with a rotating master key. Master key lives in a separate key store; runtime access is audit-logged.
Tenant isolation by default
Row-level security at the DB. Cross-tenant reads are physically impossible, not just filtered in code. Every query carries a tenantId belt + a projectId braces where relevant.
Auditable per-call ledger
Every token burn has a double-entry ledger row keyed to the LLM call it paid for. Export as CSV / JSON for compliance. Merkle-chained so tampering is detectable after the fact.
Always inspectable audit log
Every compute decision, settings change, and admin action lands in an audit log. Browsable, searchable, exportable. Nothing is hidden from you, including from your own admins.
SSO + MFA + scoped API keys
OIDC SSO (Okta / Azure AD / Google Workspace / Auth0). TOTP MFA with one-time backup codes. API keys with per-key scopes + rate-limit overrides + IP allowlist. Optional enforced-SSO mode disables password login entirely.
Prompt-injection guard
Every LLM-proxy request passes through a 19-signature injection detector. Stacked jailbreaks blocked with a 400; suspicious prompts logged + surfaced via response headers. Optional Lakera Guard escalation for ambiguous cases.
Single-token-burn guarantee
You only ever see one charge · ours. Startup lint + runtime audit verify no code path leaks to a native provider's billing on your behalf. Multi-provider redundancy with per-provider circuit breakers keeps the promise intact during incidents.
Secret redaction + PII masker
AWS keys / GitHub tokens / Stripe keys / JWTs / credit cards · automatically detected + redacted in prompts before they leave our proxy. PII masker scrubs outputs before they return to your client.
Defence in depth
Our threat model assumes attackers will compromise one layer. Independent controls at each layer mean compromise of any single one doesn’t expose customer data.
- Edge: Cloudflare CDN with WAF + DDoS mitigation + bot management. Geographic restrictions enforceable per tenant.
- Auth: JWT 15-minute access tokens, 7-day refresh. Tenant-level OIDC SSO. TOTP MFA with enforced-by-policy support. Scoped API keys for service-to-service.
- API: Per-tenant + per-user + per-project budget caps enforced as a 429 at the middleware layer. Per-key rate limits. Prompt-injection guard per LLM proxy.
- Data: Row-level security in Postgres. AES-256-GCM at rest for all secrets. TLS 1.3 in transit. Automatic cold-storage archival for projects inactive > 30 days.
- Telemetry: Every call logged with upstream provider + cost + debit + savings + latency. Anomaly detection on audit trail (rapid cross-project access = alert). Session replay reconstruct any call from the activity feed.
Incident response
- Detection: Synthetic monitoring (30s probe cycle), per-provider circuit breakers open after 5 consecutive failures, audit-anomaly job flags unusual access patterns.
- Response: On-call rotation; 15-minute acknowledgement SLA for sev-1 incidents. Public status page at tokenone.io/status updated in real time.
- Containment: Emergency kill-switch can isolate any provider, any tenant, any API key, any agent in one click.
- Communication: Incident write-ups within 48h of resolution with root cause + mitigation. Subscribers notified by email; summary posted to /status.
Compliance + audits
- SOC 2 Type II: in progress with an external auditor; the controls above are the scope. ETA on publishing the report by Q4 2026.
- GDPR / UK GDPR: data-subject rights (access, export, delete, restrict) exposed via the Privacy dashboard. Sub-processor list at /sub-processors. DPA available on request (and self-serve for qualifying plans).
- ISO 27001: evaluating for 2027 based on enterprise demand.
- Penetration testing: annual external pen-test on the production estate plus the TokenOne Desktop Bridge’s power-mode harness (separate scope).
Product surfaces for security teams
- Identity Oversight (platform admin): cross-tenant SSO + MFA adoption + API-key rollup. Spot tenants behind on hygiene.
- Provider Circuits (platform admin): live circuit-breaker state per upstream provider with force-close.
- Session Replay (tenant admin): click any LLM call in the Activity Feed for full compute decision, prompts, response, telemetry. Cold-tier archival at 7 days.
- Audit Log (platform admin): every mutation across the estate with actor + action + target + timestamp. CSV export.
- Tenant API Keys (tenant admin): create/rotate/ revoke with per-key scopes, rate limits, IP allowlist, expiration.
Reporting a vulnerability
Email security@tokenone.io. We respond within one business day. PGP key on request. We do not pursue good-faith researchers who follow responsible disclosure (90-day coordinated disclosure window, no public proof-of-concept until fix has shipped).
We run a bug bounty for qualifying vulnerabilities; email us for scope + reward table.