How your data is handled.
You are about to either run a scan or paste a key, so here is the engineer's version of what happens to the bytes. The short answer: we see the shape of your spend, never its contents. The longer answer is below, with enough detail to verify the claim.
The keyless scan
The scan — npx whatmodel scan — runs locally and reads the JSONL logs your agent tools already write to disk. It walks those line-delimited records and extracts only the structured fields it needs: the model id each call used, the provider, input and output token counts, a timestamp, an optional project or workspace label, and the dollar cost it computes from those tokens against our price index.
What it uploads is bounded by a strict schema. The payload has fields for model, provider, tokensIn, tokensOut, costUsd, timestamp, and projectLabel — and no field for prompt text, response text, or any message content. There is no key in the schema that would carry a conversation, so content is rejected at the boundary rather than trusted to be stripped later. If a log line contains message bodies, they stay on your machine; only the counts leave it.
Connected admin keys
When you connect a provider admin key instead of scanning, we use it for exactly one thing: pulling usage totals from that provider's usage and cost endpoints. The credential is the smallest scoped, read-only access that does the job — it can read aggregate usage, and it cannot send model traffic, change your account, or read the content of any request. Your traffic continues to run on your own account, billed to your own card. We do not sit in the request path. We never proxy the bytes of a model call unless you explicitly turn on Optimize and tell us to.
Encryption
Any credential you connect, and the usage metadata we derive from it, is encrypted at rest with an AES-GCM envelope scheme: each secret is sealed with a data key, and that data key is itself encrypted by a master key held server-side and never sent to the browser. Decryption happens server-side only, at the moment a read is needed. Everything moves over HTTPS in transit.
What this adds up to
We never see your message content — not from the scan, where the schema has no place to put it, and not from a connected key, which only reads usage totals. We see counts, model ids, project labels, and the dollar math built from them. That is enough to tell you exactly what to switch and where to watch for regressions, and nothing more than that leaves your control. The optimization recipe we compute stays inside your workspace.
For the full picture — retention, deletion, your rights, and the infrastructure we rely on — see the Privacy Policy.