Credentials stay server-side
Provider keys are designed to remain on the server and are not sent to the browser.
Security
Token Pilot is designed around limited access, clear approval, safe defaults, and evidence that can be reviewed.
Provider keys are designed to remain on the server and are not sent to the browser.
The first stage is read-only. A recommendation is not a live change.
Changes can require an approved person, scope, limit, and time window.
A rollout can include stop rules and a path back to the prior setup.
People should only see and control the projects their role allows.
Important actions can be tied to who approved them and when they happened.
Cost and performance reporting does not need raw prompts or generated customer content.
Token Pilot is designed around bring-your-own-key provider accounts.
Responsible disclosure
Please send a clear report with steps to reproduce the issue. Do not include customer data, passwords, or private API keys.
For account help, contact support@thetokenpilot.com.