Security

Cost control should not create a new risk.

Token Pilot is designed around limited access, clear approval, safe defaults, and evidence that can be reviewed.

01

Credentials stay server-side

Provider keys are designed to remain on the server and are not sent to the browser.

02

Observe before changing

The first stage is read-only. A recommendation is not a live change.

03

Human approval

Changes can require an approved person, scope, limit, and time window.

04

Rollback ready

A rollout can include stop rules and a path back to the prior setup.

05

Role-based access

People should only see and control the projects their role allows.

06

Audit history

Important actions can be tied to who approved them and when they happened.

07

Privacy-safe reporting

Cost and performance reporting does not need raw prompts or generated customer content.

08

Customer-owned accounts

Token Pilot is designed around bring-your-own-key provider accounts.

Responsible disclosure

Found a possible security issue?

Please send a clear report with steps to reproduce the issue. Do not include customer data, passwords, or private API keys.

Security contactsecurity@thetokenpilot.com

For account help, contact support@thetokenpilot.com.