Verify the end user
Your app sends the end user token (Firebase or Supabase). The proxy verifies it against your auth provider before any provider spend can start. Optional Firebase App Check ties the request to a known app.
Privacy
What data flows through the proxy, the data-logging modes you control, how long anything is kept, and the subprocessors that power the platform.
Last updated June 22, 2026
Every proxied request runs through the same pipeline. Provider keys stay server-side and no provider spend starts until the user is verified and the policy passes.
Your app sends the end user token (Firebase or Supabase). The proxy verifies it against your auth provider before any provider spend can start. Optional Firebase App Check ties the request to a known app.
We look up or create an app-user record keyed to the verified external user id, and attach the entitlement category from RevenueCat so the right policy applies.
The policy engine checks the requested model, endpoint, per-request token cap, and daily and monthly request and cost limits before forwarding. Blocked requests never reach a provider.
Allowed requests are forwarded through our hosted gateway to the model provider using your server-side key. Token counts and cost are committed to usage, and analytics are captured in PostHog.
Logging is off by default. You choose per app how much of a request is retained. Anything stored beyond disabled is encrypted at rest with AES-256-GCM and deleted when its retention window expires.
Provider keys and any logged request or response payloads are encrypted with AES-256-GCM before they reach the database, with a per-record initialization vector and authenticated additional data. We store ciphertext, never plaintext secrets.
Each data log carries a retention window you set per app. Once it expires, the log is eligible for deletion. Usage counters and cost aggregates are kept so your dashboard analytics stay accurate.
The proxy processes your end users' prompts and responses on your behalf to deliver the AI features you build. You control whether any of that content is logged and for how long. You remain the controller of your end-user relationship and are responsible for obtaining any consent your jurisdiction requires before content is sent to model providers.
We rely on the following subprocessors to operate the service. Each processes only the data needed for its role.
| Subprocessor | Purpose | Data processed |
|---|---|---|
| Supabase | Primary Postgres database and end-user token verification for the Supabase auth provider. | Account, app, policy, usage records, and encrypted secrets. |
| Model providers | OpenAI, Anthropic, OpenRouter, and other providers you configure. Their policies apply to forwarded traffic. | Prompt and response content you choose to send. |
| Dodo Payments | Merchant of record for subscription billing. | Billing identity and subscription state for the account holder. |
| RevenueCat | Resolves the entitlement category that selects the applicable policy for each end user. | End-user entitlement and subscription category. |
| PostHog | LLM analytics and product usage events. | Per-request usage metadata such as tokens, cost, model, and status. |
| Vercel | Hosting and edge delivery for the dashboard and proxy. | Standard request and infrastructure logs. |
For the security controls behind this policy, see our Security page.
Stand up a verified, server-held AI proxy and start routing traffic in minutes.
A hosted, OpenAI-compatible proxy that keeps provider keys server-side, verifies users, and tracks usage and cost.
© 2026 MobileAiProxy. All rights reserved.
Built for mobile AI teams.