SecureGate LogoSecureGate
SECURE PROTOCOL

Privacy Policy

Last updated: February 19, 2026

01. Data Minimization principle

SecureGate is designed with a "zero-trust" and "zero-visibility" architecture. Unlike traditional API gateways, we do not store your raw API keys in plain text, and we do not log the contents of your AI requests or responses. Our primary objective is to facilitate secure transmission, not data collection.

02. Information We Collect

Account Information

When you sign up, we collect your email address via Supabase Auth to manage your connections and billing via Polar.

Security Hash Data

We store SHA-256 hashes of your security keys (SG_) and device fingerprints. These are one-way hashes; the original values cannot be recovered once set.

Metadata Logs

We log request metadata (timestamp, status code, IP address, and country) for your audit trail and to enforce security locks. We do NOT log request bodies.

03. Encryption & Security

Your provider API keys are encrypted using AES-256-GCM before they touch our database. The encryption keys are managed in a secure environment. Access to these keys is strictly limited to our automated proxy service and is never accessible to human operators.

04. Boundary of Responsibility

Our security guarantees only apply to data within our infrastructure.

We cannot protect your API keys or data if your own environment is compromised. SecureGate is not responsible or liable for any data breaches, key theft, or unauthorized usage resulting from:

  • Insecure storage of your generated proxy keys (`SG_...`) on your end.
  • Compromised developer machines, local networks, or CI/CD pipelines.
  • Vulnerabilities in third-party libraries, agents, or software you use to connect to SecureGate.
  • Failure to heed security warnings or implement our provided security locks.

SECURITY REMAINS A SHARED RESPONSIBILITY. YOU MUST SECURE YOUR LOCAL EDGE.

05. Third-Party Services

We use the following specialized partners to provide our service:

  • Supabase: For authentication and database hosting.
  • Polar: For subscription management and payment processing.
  • AI Providers: (OpenAI, Anthropic, etc.) for executing your proxied requests.

06. Your Rights

You have the right to delete your individual security keys, purge your audit logs, or delete your entire account at any time. Upon account deletion, all encrypted API keys and associated data are permanently removed from our active databases.

Questions?

Contact our security team for any privacy-related inquiries.

security@securegate.xyz