What we never store
- ✕The text of your prompts
- ✕The text of model completions
- ✕Any end-user content, of any kind
There is no column in our database for prompt or response text — there's nowhere for it
to land. The only fingerprint we keep is a one-way SHA-256 hash, used for
caching and dedup. It can't be reversed into the original text.
What we do store
Per request, metadata only:
- ✓Timestamp & task category
- ✓Model we routed to (+ any we tried)
- ✓Input/output token counts, cost, latency
- ✓Success/failure + a
SHA-256request hash
That's the complete list — it's what powers your savings analytics. None of it can reconstruct a prompt.
How prompts are handled in transit
To route intelligently, each request is touched by two things — both in memory, both transient:
- →A lightweight classifier labels the task type so we can pick the right model.
- →The destination model you're routed to fulfills the request.
Your messages are forwarded to these in memory and never written to disk by Routecut. All API traffic is served over TLS. The model providers we route to act as subprocessors, under their own API data terms (which exclude API traffic from training by default).
Authentication & keys
- ✓You connect with one Routecut key (Bearer token). We store only its
SHA-256hash — the raw key is shown once and never saved, so even we can't recover or leak it. - ✓Keys are revocable instantly and generated with a cryptographically secure RNG.
- ✓You never hand your provider keys to end-users — Routecut manages provider credentials server-side, isolated from request logs.
No training on your data
Routecut is a router, not a model. There is no training or fine-tuning pipeline anywhere in the product — we don't build datasets from your traffic, period.
Questions a security review would ask?
Send them over — happy to walk through the architecture, data flow, or anything a vendor assessment needs.
Email abe@routecut.com