Security
How DriftLess protects your account and project data
Keys, sessions, data handling, and platform safety in plain language.
- You add your own API keys.
- Keys are encrypted at rest.
- We do not log or expose keys.
- You pay model providers directly.
- Session-based login with time-limited cookies.
- Optional Google and GitHub sign-in.
- Passwords are hashed, never stored as plain text.
- Your project data is private to your account.
- We protect files and run history with access checks.
- Traffic is protected over HTTPS.
- Credit transactions are stored in an encrypted database with full audit logging.
- We do not sell your data.
- We do not expose API keys.
- We do not bill model usage through hidden markups.