Security

Security at Gatekeeper

Your API keys and AI spend are valuable. We treat them accordingly — encryption everywhere, RBAC always on, and budget limits by default.

All API keys stored encrypted with AES-256. Keys are never logged in plain text.

All traffic between clients, Gatekeeper, and AI providers uses TLS 1.3.

Fine-grained permissions on every API key. Model access, rate limits, and budget controls.

Full audit trail of every request: who, what model, how many tokens, what cost.

Quarterly security reviews and annual penetration tests.

Hard budget limits prevent runaway costs. Alerts before you hit thresholds.

Responsible Disclosure

We welcome responsible security researchers. Report privately before public disclosure. 24-hour initial response SLA.