Security
This page summarizes the security expectations that matter to customers. It does not list internal implementation details.
Account security
Section titled “Account security”- The raw API key is shown only once.
- Revoked keys stop working immediately.
- Passwords, sessions, and sensitive access details are not exposed in user-facing screens.
Request security expectations
Section titled “Request security expectations”| Layer | Implementation |
|---|---|
| Transport | All traffic uses HTTPS |
| Authentication | Separate secure flows for dashboard sessions and API keys |
| Account controls | API keys, usage tracking, and balance actions are managed in the account dashboard |
| Abuse protection | Validation, rate limiting, and misuse controls are applied |
Prompt and response privacy
Section titled “Prompt and response privacy”Data handling expectations are stated on model pages and formal legal notices. Before sending sensitive content, review the selected model’s data path and provider terms.
For models explicitly marked as hosted in Türkiye, requests are processed on LLMTR infrastructure in Türkiye. For third-party or foreign-provider models, the data path depends on the selected provider; review the model detail page before production use.
For formal legal notices, see the Privacy Policy and the KVKK Disclosure Notice.
Reporting a security issue
Section titled “Reporting a security issue”If you discover a security problem, contact us through our support channels.