Security Overview
Till reduces routine distribution of upstream AI provider credentials. It is a proxy control layer, not a zero-knowledge system or a replacement for your provider’s billing and security controls.
Credential design
- Upstream credentials are encrypted with AES-256-GCM and embedded in the scoped token returned to the customer.
- The application database stores a hash of the token lookup value, counters, account data, configuration, and metadata—not the upstream credential itself.
- The running service decrypts upstream credential material to authorize proxied requests. A stolen scoped token, compromised service host, or compromised encryption secret remains security-sensitive.
- Admin keys and scoped tokens are bearer credentials. Till currently does not offer MFA, SSO, or user-level roles.
Usage-control boundary
Activation and conservative token or spend capacity are reserved before a budgeted request is forwarded, then settled to provider-reported actual usage. A token- or spend-budgeted generation request must declare max_tokens, max_completion_tokens, max_output_tokens, or Google generationConfig.maxOutputTokens. Spend-limited requests require a model in Till’s pricing table; unknown-priced models are rejected. Cost remains an operational estimate and may differ from the provider invoice, so retain provider-side budgets and alerts.
Data path
Request and response bodies transit the Till proxy and the provider selected by the scoped key. Till does not intentionally persist those bodies in its application database. Infrastructure may retain metadata such as IP address, route, timing, status, and errors. See the Privacy Notice.
Customer controls
- Use the smallest practical activation cap, output-token cap, and expiry.
- Apply IP allowlists only after testing the exact network path.
- Keep admin keys outside browser-shared or collaborative environments where possible.
- Revoke lost scoped tokens and rotate the corresponding upstream key if exposure is suspected.
- Monitor Till counters and upstream provider usage independently.
Assurance status
Till is an early beta and does not currently claim SOC 2, ISO 27001, HIPAA, PCI DSS service-provider, FedRAMP, or similar certification. No public penetration-test report, bug bounty, or uptime SLA is currently offered.
Report a vulnerability
Follow security.txt. Use the operator's public contact route or the private method supplied during onboarding. The public route currently redirects to X direct messages and may require an X account. Do not include live credentials, personal data, or exploit data in an initial report. We will acknowledge reports as capacity allows; no response-time SLA is promised during beta.