Back to sign in

Privacy & Data

How APIBurn handles your information.

What APIBurn is

APIBurn is a private dashboard for tracking your own API and AI spending. It is not an advertising product. Your data is used only to show you your spend — never sold, rented, or shared.

What it stores

  • Spend and usage figures pulled from your providers' official billing APIs (e.g. month-to-date dollar amounts).
  • Your settings: monthly budget, currency, and alert preferences.
  • If you connect a provider with an API key, that key is encrypted at rest (AES-256-GCM) and is never sent to your browser.
  • A signed session cookie so you stay logged in. No tracking or analytics cookies.

What it never does

  • Never stores your providers' usernames or passwords.
  • Never exposes API keys or secrets to the browser or in logs (only a last-4 hint is kept for display).
  • Never sells or shares your data with third parties.

How it is protected

All traffic is served over HTTPS with strict security headers. Stored secrets are encrypted. Access requires your password, which is rate-limited against guessing.

Your control

You can change your budget and settings at any time, disconnect a provider to remove its stored key, or request deletion of your data. Provider connections can also be revoked directly with each provider.

This page describes how the app handles data and is not a substitute for formal legal terms. Last updated 2026-05-29.