Security
How DriftLess protects your account and site data
Keys, sessions, data handling, and platform safety in plain language.
- Advanced teams can add their own provider keys.
- Keys are encrypted at rest.
- We do not log or expose keys.
- You pay model providers directly.
- Session-based login with time-limited cookies.
- Optional Google and GitHub sign-in.
- Passwords are hashed, never stored as plain text.
- Your site and account data are private to your account.
- We protect files and run history with access checks.
- Traffic is protected over HTTPS.
- Billing transactions are stored in an encrypted database with full audit logging.
- We do not sell your data.
- We do not expose API keys.
- We do not bill model usage through hidden markups.