We collect what the scan needs.
Targe stores account data, endpoint configuration, scan evidence, and reports so teams can review LLM endpoint risk. Targe is free during the launch period, then paid. Credentials should be scoped or temporary, and private deployments are available for teams that cannot send credentials to Targe Cloud.
Read the security modelData we handle
- Account dataEmail, organization membership, plan state, and audit events needed to run the product.
- Endpoint dataEndpoint URL, request template, provider type, and scan configuration.
- CredentialsOptional auth header values encrypted at rest and used only to execute scans.
- Scan evidenceProbe names, model responses, verdicts, findings, report hashes, and PDF reports.
- Operational logsApplication logs and system health events used to debug reliability and abuse.
What we do not do
- We do not need your primary provider API key.
- We do not intentionally put secrets into reports or audit events.
- We do not sell customer endpoint data.
- We do not keep production usage free after the launch period.
- We do not claim SOC 2 certification until an audit is complete.
Vendors and subprocessors
- Supabase for database, auth, and private report storage.
- Vercel for the web app.
- Render for the worker unless the customer runs a private deployment.
- Upstash Redis for rate limiting when configured.
- Stripe for billing when paid plans are enabled after the launch period.
- Anthropic or OpenAI only when a judge model is configured for scan grading.
Deletion and private deployment
Teams can delete targets and avoid long-lived credentials by using scoped keys. For stricter requirements, run the full stack in your own cloud account so endpoint credentials never enter Targe Cloud.