Privacy and provider logging

Privacy, provider logging, and payload handling

How X420 routes prompts while reducing exposure of secrets, tenant keys, and raw payloads.

Short answer

X420 is designed as a zero-trust, least-privilege proxy: TLS 1.3 transport, server-side upstream secrets, tenant-separated customer keys, hashed key storage, rotation, and no frontend exposure of provider credentials. Payloads are not used for training, not resold, and raw content retention is avoided outside the minimum needed to route, meter, debug, and comply with law.

What X420 sees

X420 receives the request payload because it must route the API call, estimate and settle usage, stream the response, and enforce wallet or key caps. Operational logs are scoped to request metadata, timestamps, model, tenant, status, token counts, error class, and billing events.

What providers may see

When X420 routes a request upstream, the selected provider can process the prompt and response for delivery. Provider-side logging depends on the provider and route used. X420 minimizes what is sent, avoids exposing customer credentials upstream, and keeps provider secrets isolated server-side.

What is not done

X420 does not train models on customer payloads, does not resell payload content, and does not expose raw upstream credentials to the browser. Raw prompts and completions are not treated as analytics inventory.

How to reduce exposure

Avoid sending secrets, credentials, payment data, private keys, regulated personal data, or customer data you do not need for the task. Redact before sending, use per-app X420 keys, cap each key, rotate keys regularly, and isolate tenants in your own app.

Logging model

Layer	X420	Note
Transport	TLS 1.3 where supported between client and X420.	Use HTTPS only.
Customer API keys	Tenant-separated, hashed, revocable, and rotated when needed.	Never ship keys in public clients.
Upstream secrets	Stored server-side and never sent to the frontend.	Your app receives X420 keys only.
Payloads	Routed for inference and minimized after routing and billing.	Do not send unnecessary sensitive content.
Training	Customer payloads are not used by X420 for training.	Provider terms can vary by route.

Provider logging caveat

X420 reduces exposure and avoids retaining raw content where possible, but upstream providers may have their own processing and logging policies. For high-risk workloads, contact X420 before production so routing, retention, and provider constraints can be reviewed.