TheRouter.aiTheRouter.ai
Trust & Security

Security Built Into Every Request

TheRouter is the infrastructure layer between your apps and AI providers. Every request passes through one consistent security boundary — key isolation, audit logging, and access control built in, not bolted on.

We document what we collect, where it goes, and who can see it. Engineering decisions made explicit, not hidden behind compliance logos.

What We Collect, Store, and Don't Store

TheRouter is a middleman. Here's exactly what data we see at each layer, what gets persisted, and what doesn't.

Prompts & Responses

Not persisted by default

Request and response bodies pass through our gateway for routing, but are not stored in our database. Only request metadata (model name, token counts, latency, status code) is retained for billing and analytics.

Read data collection policy

Request Metadata

Stored for 90 days (configurable)

We store: timestamp, user ID, model ID, prompt tokens, completion tokens, total cost, latency, HTTP status, and error type (if failed). This enables usage accounting, billing reconciliation, and incident investigation. Data is automatically purged after the retention period (default 90 days, configurable per tenant from 1–730 days).

See usage accounting

Your API Keys

Hashed or encrypted, never logged

TheRouter API keys (sk-*) are stored as irreversible bcrypt hashes — they cannot be recovered even with database access. BYOK provider keys are encrypted with AES-256-GCM, with the encryption key managed via AWS Secrets Manager. No key ever appears in application logs, metrics, or error traces.

API key management

Provider Credentials

Isolated in environment secrets

Upstream provider API keys (for shared endpoints) are stored as Kubernetes Secrets or environment variables, never in the application database. Each provider runs in an isolated Pod with no cross-provider access.

Model routing overview

Request Lifecycle: What's Visible at Each Layer

A single request passes through multiple network boundaries. Here's what data is visible and persisted at each hop.

User Client
Visible:
Full request (headers, body, API key)
Persisted:
None (client-side only)
CloudFront
Visible:
TLS-encrypted traffic, HTTP headers
Persisted:
Access logs (IP, timestamp, status) — 7 days
Gateway
Visible:
Full request (routing, auth, billing)
Persisted:
Metadata only (tokens, cost, latency) — 90 days
Provider Pod
Visible:
Transformed request for upstream API
Persisted:
None (stateless, logs only transient errors)
Upstream API
Visible:
Full request sent to OpenAI/Anthropic/etc
Persisted:
Provider-dependent (see provider privacy policies)

Prompt and completion bodies are never written to our database. They exist only in request/response memory during routing.

Architecture Security: Design Decisions That Matter

Security isn't just encryption—it's isolation, redundancy, and blast radius containment built into the infrastructure layer.

Provider Isolation

Each upstream provider (OpenAI, Anthropic, Bedrock, etc.) runs as a separate Kubernetes Pod. A vulnerability in one provider adapter cannot access credentials or request data from another. No shared process memory, no lateral movement.

Why it matters:
Limits blast radius if a provider adapter is compromised

CloudFront as API Gateway

All requests hit AWS CloudFront before reaching our origin. This provides DDoS mitigation (AWS Shield Standard), TLS termination, WAF protection, and GeoIP-based request metadata. CloudFront's global edge network absorbs volumetric attacks before they reach our infrastructure.

Why it matters:
Protects against volumetric DDoS, common attack patterns, and certificate management errors

Multi-Region Separation

Global traffic routes through AWS (us-east-2), China traffic through Aliyun (Hangzhou). No cross-border data transfer. Each region operates as an independent deployment with its own database, Kubernetes cluster, and provider credentials.

Why it matters:
Ensures compliance with data sovereignty requirements (China Cybersecurity Law)

Payment Data Isolation

TheRouter does not store credit card numbers, CVV, or bank account details. All payment processing is handled by Stripe (global) or WeChat Pay (China) via a dedicated payment service. Only payment method IDs and transaction receipts are stored in our database.

Why it matters:
Removes PCI-DSS compliance burden and minimizes payment fraud risk

Threat Model: What Could Go Wrong, and How We Mitigate It

No system is perfectly secure. Here's our assessment of realistic attack scenarios, their impact, and architectural mitigations.

Internal Threat (Malicious Insider)

Impact

An employee with database access could read request metadata (model, tokens, cost, timestamps), encrypted API keys, and user emails. Prompt/response bodies are not in the database.

Mitigation

Database access restricted to application subnet via security group rules (RDS not publicly accessible). Customer API keys stored as irreversible bcrypt hashes; BYOK provider keys encrypted with AES-256-GCM. Encryption keys loaded from AWS Secrets Manager — not stored in the application database. Write operations via admin API logged to an audit trail. Production infrastructure access limited to founding engineers.

External Breach (Database Compromise)

Impact

If an attacker dumps the entire database, they get encrypted API keys (useless without decryption key), request metadata, and user account info. No plaintext prompts or responses.

Mitigation

Encryption keys loaded from AWS Secrets Manager (not stored in the application database). Separate key per environment. Database backups encrypted at rest with 14-day retention. CloudFront + WAF blocks common attack patterns.

Service Outage (Infrastructure Failure)

Impact

If TheRouter gateway goes down, all requests fail. Customers lose routing, failover, and billing visibility until service is restored. No data loss (database persists), but active requests return 503.

Mitigation

Multi-AZ RDS deployment with automated daily backups (14-day retention) and point-in-time recovery. EC2 auto-recovery alarms for instance failures. Provider fallback routing across multiple upstream APIs. Route 53 health checks with automated reboot on unresponsiveness. SLA commitments for incident response (see below).

Security Incident Response SLA

These are target response times, not contractual guarantees. We commit to transparent communication during incidents, with acknowledgment and resolution timelines based on severity.

SeverityExamplesAcknowledgmentResolution Target
CriticalAPI key leak, data breach, production authentication bypass24 hours7 days
HighSecurity vulnerability (RCE, SQL injection), TLS certificate expiry48 hours30 days
MediumNon-critical security issue (XSS in docs, rate limit bypass)72 hours90 days
LowSecurity suggestion, documentation improvement, feature request1 weekBest effort

Targets, not guarantees. Actual response times may vary based on incident complexity and available resources.

Security FAQ

Common questions about data handling, encryption, compliance, and operational security.

Report a Security Issue

Found a vulnerability? Have a security concern? We take all reports seriously and respond according to the SLA commitments above.

Security contact
security@therouter.ai

Send email to security@therouter.ai

Include: vulnerability description, reproduction steps, impact assessment.

We acknowledge within 24-48 hours

Initial response confirms receipt and assigns a severity level.

We investigate and patch

Critical issues patched within 7 days, High within 30 days. You'll receive status updates.

Email security team

We will not pursue legal action against good-faith security research.

Last updated: March 29, 2026