Overview
LumeAPI provides an OpenAI-compatible API gateway and USD wallet portal. This page summarizes how we protect API keys, account data, and payments. For data retention specifics, see our Data retention policy.
API keys & authentication
- Portal sessions use signed JWTs; passwords are stored as bcrypt hashes.
- Gateway API keys are issued per account and can be rotated from the Console.
- Keys are encrypted at rest when server-side encryption is configured.
- List views mask key material; full keys are shown only on create/reveal.
Inference & upstream providers
Prompts and model payloads transit our gateway to upstream model providers required to fulfill each request. Do not send secrets, payment card numbers, or government identifiers in prompts. See Privacy Policy and Subprocessors for processing details.
Payments
Wallet top-ups use on-chain USDT. We record transaction hashes and settlement status for reconciliation. We do not store bank card numbers on the portal.
Reporting vulnerabilities
If you believe you found a security issue, email security@lumeapi.site with steps to reproduce and impact assessment. We aim to acknowledge reports within a few business days. You can also use our security.txt contact.
General support
Non-security account help: support@lumeapi.site or Contact.