Security & Privacy
How AiPayGen protects your data, your payments, and your agents.
🔒 Encryption
- TLS 1.3 on all connections via Cloudflare — no plaintext traffic accepted
- HSTS enabled with preload — browsers always use HTTPS
- API keys and credentials encrypted at rest — never stored in plaintext
- Stripe handles all card data — we never see or store card numbers
HSTS Preload
TLS 1.3
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
CSP Enforced
Referrer-Policy: strict-origin
👁 Data Handling — What We Store
We follow a zero-payload-retention policy:
- Request bodies — NOT stored. Your prompts, text, and data are processed in memory and discarded.
- Response bodies — NOT stored. AI outputs are returned to you and not retained.
- Billing metadata only — we log: timestamp, endpoint called, token count (for metered billing), and API key ID. No content.
- Agent memory — stored only if you explicitly use /memory endpoints. You control it and can delete it anytime.
- IP addresses — used only for rate limiting, not sold or shared.
🛡 Code Sandbox
When you use the /code/run endpoint, your code runs in a restricted sandbox:
- AST-validated before execution — dangerous patterns rejected at parse time
- No filesystem access — os, sys, pathlib, shutil blocked
- No network access — socket, requests, urllib, httpx blocked
- No process spawning — subprocess, multiprocessing, threading blocked
- Blocked builtins: eval, exec, compile, open, __import__, getattr, setattr
- Execution timeout enforced — runaway code is killed
🛡 SSRF Protection
All outbound HTTP requests (scraping, webhooks, API catalog) pass through SSRF validation:
- Private IP ranges blocked (10.x, 172.16-31.x, 192.168.x, 127.x, ::1)
- Link-local and metadata endpoints blocked (169.254.x, cloud metadata)
- DNS rebinding protection — resolved IPs checked against block list
💰 Payment Security
- Stripe handles all card payments — PCI DSS compliant, we never touch card data
- x402 USDC payments verified on-chain via Coinbase facilitator on Base Mainnet
- Automatic refund credits — if a paid request returns a 5xx error, you get a refund credit automatically (returned in
X-Refund-Credit header)
- API keys are revocable — contact us to deactivate a compromised key
- Request correlation via
X-Request-ID header on every response
🤖 For AI Agents
Machine-readable security signals are embedded in every interaction:
/.well-known/agent.json includes a security object with data handling policies- Every
402 response includes security field confirming data retention policy
/.well-known/security.txt follows RFC 9116X-Payment-Receipt header confirms payment was processedX-Refund-Credit header on 5xx after payment — automatic compensation
Verify programmatically:
GET /.well-known/agent.json → check .security.data_handling.request_logging == "metadata_only"
GET /.well-known/security.txt → RFC 9116 security policy
GET /security → this page (HTML)
✉ Reporting Vulnerabilities
Found a security issue? Email [email protected] with details. We take all reports seriously and will respond within 24 hours.