We're taking a moment to make VibeKey even better.

Top-ups and new purchases are paused during this quick pit stop — your existing balance is still ready to go. We'll be back before you know it.

Privacy Policy

Last updated: May 5, 2026

VibeKey is an AI API gateway. When you use VibeKey, your requests may be routed to third-party model providers based on your selected model and project settings. This policy explains what information we collect, how we use it, and your choices.

1. Information We Collect

  • Account information: email address and authentication data.
  • Project information: project names, API key prefixes, provider settings, spend caps.
  • Usage metadata: provider, model, requested model, token usage, estimated cost, latency, request status, error codes, and timestamps.
  • Billing information: top-up amount, Stripe checkout and payment identifiers, balance transactions.
  • Support communications: emails or messages you send to us.

2. Prompt and Response Content

  • VibeKey does not store raw prompts or raw model responses by default.
  • Prompts and responses pass through VibeKey servers so we can route requests and return responses.
  • Requests are sent to third-party model providers according to your selected model and project settings.
  • Do not send secrets, regulated data, or sensitive personal information unless your project settings and provider agreements allow it.

3. Third-Party Providers

VibeKey uses the following third-party services, which process data according to their own terms and privacy policies:

  • Model providers: OpenAI, DeepSeek, and future providers for AI model inference.
  • Supabase: authentication, database, and storage.
  • Stripe: payment processing for prepaid top-ups.
  • Resend: transactional email delivery.
  • Vercel: application hosting and deployment.
  • Upstash: Redis for rate limiting.

4. How We Use Information

We use the information we collect to:

  • Provide and operate the AI API gateway.
  • Authenticate users and API keys.
  • Process payments and manage prepaid balances.
  • Enforce spend caps, rate limits, provider controls, and Sensitive Mode.
  • Show usage dashboards and transaction history.
  • Detect and investigate abuse, fraud, outages, and security issues.
  • Provide customer support.
  • Improve the product based on aggregate usage patterns.

5. API Keys and Secrets

  • VibeKey customer API keys are shown once at creation and stored only as cryptographic hashes with short prefixes for identification.
  • Provider API keys (OpenAI, DeepSeek, etc.) are never intentionally exposed to customers.
  • You should not send secrets, passwords, or private keys in prompts or support messages.

6. Sensitive Mode and Provider Controls

Provider controls let users choose which AI providers a project may use. Sensitive Mode keeps sensitive prompts off lower-cost providers while still allowing eligible generic prompts to route cheaper. No automated classifier is perfect, so you remain responsible for what you send through the gateway and ensuring it complies with provider policies and applicable law.

7. Data Retention

  • Usage metadata and billing records may be retained for operations, accounting, abuse prevention, and legal compliance.
  • Raw prompts are not stored by default.
  • Support emails may be retained as needed to provide support.
  • You can request account deletion or data questions by contacting hello@usevibekey.com.

8. Payments

Payments are processed by Stripe. VibeKey does not store full card numbers. Stripe may receive payment and billing information necessary to process transactions. See our Credits and Billing Policy for details on prepaid credits, refunds, and payment processing fees.

9. Security

VibeKey uses industry-standard security practices including hash-only API key storage, rate limits, spend caps, account suspension tools, and no default raw prompt storage. However, no system is perfectly secure. You are responsible for keeping your API keys confidential and configuring project settings appropriately for your use case.

10. Your Choices

  • Revoke API keys from the dashboard.
  • Disable individual providers per project.
  • Enable Sensitive Mode to protect sensitive prompts.
  • Set daily and monthly spend caps.
  • Delete projects (contact support if self-serve deletion is not yet available).
  • Request account deletion or data export by emailing hello@usevibekey.com.

11. Children

VibeKey is not intended for children under 13 or the minimum age required in the user's jurisdiction. We do not knowingly collect information from children.

12. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated through the VibeKey website or dashboard. The “Last updated” date at the top of this page reflects the most recent revision.

13. Contact

For questions about this policy, account deletion, or data requests, email us at hello@usevibekey.com.