Built to diagnose AI spend without storing prompts.
Costile is a diagnostic proxy for AI agent operations. The hosted product is designed around metadata minimization, 90-day request metadata retention, and clear enterprise review materials.
What Costile stores
- Agent, session, and request identifiers
- Model, token counts, timestamps, and cost
- Stop reason and limited tool-call metadata
- Account, budget, alert, and dashboard metadata
What Costile does not store
- Prompts or message bodies
- Model responses
- Customer provider API keys in the dashboard
- Training data for AI models
Retention
Request metadata is retained for 90 days by default and then deleted automatically. Customers can request deletion earlier.
Access controls
Dashboard sessions use JWT authentication. Dashboard API access is scoped to the authenticated user's Costile API key. Demo data is read-only.
Subprocessors
| Provider | Purpose |
|---|---|
| Railway | Application hosting and infrastructure |
| Cloudflare | DNS, routing, and edge security |
| Anthropic | AI model provider for proxied requests |
| SendGrid | Transactional email and alerts when enabled |
DPA and enterprise review
Costile maintains a DPA template covering processor obligations, retention, subprocessors, data subject support, deletion, and security measures. Enterprise customers can request the latest DPA and security review materials.