Costbase

Privacy Policy

Last updated: July 6, 2026

What we collect

Your email address (that's the whole account). Provider admin/management keys you connect, stored encrypted at rest and used only against read-only reporting endpoints. Usage and cost data returned by your providers' official reporting APIs: daily aggregates of tokens, requests, and dollar amounts per API key and model. Labels and app names you create.

We never receive your prompts, responses, or your applications' production API keys. Payment details go directly to Stripe; we never see card numbers.

How we use it

To run the product: syncing usage from your providers on a schedule, rendering your dashboard, sending sign-in links and account emails via Postmark, and processing subscriptions via Stripe. We don't sell your data, and we don't use your cost data for anything except showing it to you.

Where it lives

Application data is stored in a PostgreSQL database on Heroku (with daily backups). Email delivery runs through Postmark; payments through Stripe. Each processes only what's needed for its function.

Retention & deletion

Usage history is retained while your account exists — that history is the product. If your subscription lapses, data is retained and syncing continues so nothing is lost if you return. Deleting your account (Account page) permanently removes your connections, keys, usage history, and mappings, and cancels any subscription. Provider keys are deleted immediately when you remove a connection.

Your rights

You can access everything we hold about you through the app, correct your email on the Account page, and delete everything yourself. For anything else — export requests, questions, complaints — email hello@costbase.co and a human will respond.