MyCostPilot

AI Gateway

HomeStart Trial

Legal

Privacy Policy

MyCostPilot is built to help teams proxy AI requests with their own provider keys, review usage by API key, manage subscriptions, and add budget-aware guardrails. This page explains what information we collect, why we collect it, and how third-party providers fit into the request flow.

Read how MyCostPilot handles provider keys, generated API keys, request logs, billing data, and the third-party services involved in delivering the product.

Last updated

March 20, 2026

This page is designed to be read quickly first, then referenced section by section when needed.

Data Scope

We collect the account, billing, usage, and operational data reasonably needed to run MyCostPilot as a hosted gateway product.

Provider Keys

User-supplied OpenAI and Gemini keys are stored in encrypted form, and MyCostPilot API keys are stored as hashes.

Third Parties

Billing is processed by a payment provider, account and workspace data are handled through hosted infrastructure partners, and AI providers receive proxied request data when you use the gateway.

What We Collect

The data needed to operate the workspace, not mystery tracking.

Account and workspace data

This includes email address, authentication metadata, workspace access state, and related account records.

Billing metadata

This includes subscription status, Stripe customer IDs, subscription IDs, plan details, and billing events.

Encrypted provider credentials

If you save an OpenAI or Gemini key, MyCostPilot stores it in encrypted form and may display only a masked hint.

Usage, API-key, and request records

This can include provider, model, token counts, timestamps, retry or fallback metadata, request cost, API-key attribution, and proxied request or response payloads.

How We Use It

We use data to run the product, secure it, and make it useful.

  • Authenticate users and keep access scoped to the correct workspace.
  • Store provider keys in encrypted form and proxy AI requests on your behalf.
  • Generate dashboard analytics, request histories, API-key usage summaries, and cost estimates.
  • Apply request-level guardrails such as retries, provider fallback, monthly budgets, and related operational checks.
  • Run trials, subscriptions, and billing management flows through Stripe.
  • Investigate abuse, keep the service stable, and respond to operational or security issues.

Keys and Prompts

What happens to provider keys, MyCostPilot API keys, and proxied content.

Provider API keys saved in MyCostPilot are encrypted before storage. MyCostPilot API keys generated for remote access are shown once at creation and stored only as hashes so the raw token is not recoverable from the database.

Depending on workspace configuration, MyCostPilot may store request and response payloads for proxied traffic in order to power logs, support debugging, and make usage review more useful. If payload logging is disabled, MyCostPilot can still retain usage metadata such as provider, model, tokens, timestamps, retries, fallback behavior, and estimated cost.

You are responsible for deciding what prompts, content, credentials, or user data you send through MyCostPilot and for making sure you have the right to process that information.

Third-Party Providers

MyCostPilot works with infrastructure and billing vendors you should know about.

Application infrastructure

MyCostPilot relies on hosted infrastructure partners for authentication, database storage, and user-scoped application data access.

Stripe

Stripe handles checkout, subscription billing, and billing portal workflows for MyCostPilot plans.

AI providers

When you proxy a request, the selected AI provider receives the relevant request data. Those providers operate under their own privacy, retention, and model-processing practices.

Retention and Security

We keep what is reasonably needed and try to protect it carefully.

We retain account, subscription, usage, and operational data for as long as reasonably necessary to provide the service, support customers, comply with legal obligations, resolve disputes, and protect the platform.

MyCostPilot uses encrypted credential storage, access controls, and user-scoped database policies. No service is perfectly secure, and users remain responsible for protecting their own login credentials, provider accounts, and any systems that call MyCostPilot with generated API keys.

Your Choices

You can control keys, billing, and account lifecycle.

  • Update or remove stored provider keys from the settings area.
  • Generate, review, or revoke MyCostPilot API keys used by your apps and environments.
  • Configure budget limits and choose whether over-budget traffic should warn or block.
  • Manage subscription changes or cancellations through the Stripe billing portal when available.
  • Request deletion of your account and associated workspace data, subject to legal and operational limits.

Contact

Questions about privacy?

For privacy questions, account data requests, or concerns about how MyCostPilot handles information, contact us at [email protected].