Last updated: May 2026
F1 is an Anthropic API proxy. When you use it, your Anthropic API key and every API call you make flow through our infrastructure. This page explains exactly what we do with that data — and how you can verify it independently.
The short version: We never store your prompts or responses. Your Anthropic key is encrypted at rest with a per-account key you can verify in the open-source code. Every decryption is logged where you can see it. Our subprocessors are Cloudflare, Stripe, Brevo, and Anthropic — nothing else.
The Worker source that runs every F1 request is MIT-licensed and publicly available at github.com/mini-on-ai/f1. Every production deploy is tagged. Your dashboard footer shows the exact commit hash currently running.
You don't have to trust our word — you can read the code and verify what we do with your data before signing up.
Each API call creates one row in our usage_events table with:
We never store: prompt text, response text, tool call arguments, user data in your messages, or any content from the request or response body. This is a hard policy enforced at the code level — the Worker logs are also audited to ensure no body content appears.
You can opt in to storing the first 200 characters of each input to enable the "Top expensive prompts" insight. This is off by default. Even with opt-in, full bodies are never persisted.
Your Anthropic key is stored in Cloudflare D1 using AES-GCM authenticated encryption:
F1_KEY_ENCRYPTION_MASTER) is stored as a Cloudflare Worker secret — never in code or environment files.You can verify the encryption implementation in src/crypto.js.
Every time your Anthropic key is decrypted, a row is written to the key_access_log table with:
proxy_forward, key_rotation)YYYY-MM-DD:ip, truncated to 16 hex chars — detects repeat IPs without storing raw addresses)Your dashboard shows the last 100 entries on the "Key access log" tab. If you see entries you don't recognize, contact us immediately.
To delete all your data immediately, use the DELETE /api/account endpoint from your dashboard. This hard-deletes all rows across all tables for your account.
There are no analytics SDKs, tracking pixels, A/B testing scripts, or third-party JavaScript on the F1 dashboard. The only external connections from the dashboard page are to the F1 Worker and to Stripe (for the billing portal). Our Content-Security-Policy enforces this.
| Subprocessor | Purpose | Data shared | Location |
|---|---|---|---|
| Cloudflare | Worker runtime, D1 database, KV, Pages hosting | All request metadata, encrypted Anthropic keys, usage events | Global (EU-only available for Scale tier) |
| Stripe | Payment processing, subscriptions | Email, payment method (handled by Stripe) | USA + EU |
| Brevo | Transactional email (welcome, key delivery) | Email address, F1 key, dashboard URL — no prompt data | EU |
| Anthropic | The upstream API being proxied | Your API calls, forwarded verbatim (we add no metadata) | USA |
We will update this page if subprocessors change. No other parties receive any data from F1.
F1 stores email addresses (for welcome emails and billing) and usage metadata. For Scale-tier customers who require a Data Processing Agreement, contact hello@mini-on-ai.com. A standard DPA template is available.
EU data residency (Cloudflare EU-only routing) is available for Scale tier. Request it at signup or via email.
If you discover a security vulnerability in F1, please email security@mini-on-ai.com with a description and reproduction steps. We will acknowledge within 48 hours and aim to remediate within 90 days. We do not currently offer a bug bounty, but we will credit researchers in the changelog unless they prefer anonymity.
See also: /.well-known/security.txt
mini-on-ai is operated by an anonymous brand. We acknowledge this creates a trust asymmetry for a product that handles API keys. Our mitigation strategy is deliberate: