Metadata-only. Always.
PromptKing connects to your AI vendor billing APIs — not your conversations. We see what you spend. We never see what you say.
What we collect
- ✓Vendor billing unit consumption (tokens, credits, RUs)
- ✓Plan tier and seat cost per user
- ✓Usage timestamps (daily aggregates — not per-request)
- ✓Model type used (e.g. "Claude Sonnet 4.6" — not prompt content)
- ✓Vendor invoice totals and line items
- ✓Organization and seat identifiers
What we never touch
- ✕Prompt content — what you type into AI tools
- ✕AI responses — what the model returns
- ✕Conversation history or session transcripts
- ✕Documents, code, or files processed by AI
- ✕Personal data entered into AI interfaces
- ✕Any content from your AI workflows
How it works
Billing API only
We connect via vendor billing APIs — Anthropic Usage API, GitHub Admin API, Microsoft Graph, AWS Cost Explorer. These return consumption metrics, not content.
Aggregated metadata
Daily aggregated usage statistics per seat — tokens, cost, model type. No per-request logging. No content.
Your data stays yours
Usage data is isolated per organization. We do not aggregate or share data across organizations without explicit opt-in.
Zero Prompt Visibility Architecture
PromptKing delivers AI FinOps and governance without ever reading your prompts.
Most cost attribution platforms require one of three things:
- —An SDK installed in your application code
- —A proxy relay that intercepts your API calls
- —A logging agent that captures prompt and response content
All three require access to prompt content. All three create privacy exposure. PromptKing uses none of them.
Instead, PromptKing operates on usage metadata from vendor billing APIs: token counts, model IDs, session identifiers, user identifiers, timestamps. This metadata is sufficient to deliver seat-level intelligence, cost attribution, rightsizing recommendations, governance scoring, and EU AI Act classification.
What PromptKing can see
- ✓How many tokens a session consumed
- ✓Which model and vendor
- ✓Which seat and user
- ✓When and how often
- ✓Cost and plan utilisation
What PromptKing cannot see
- ✗Your prompt text
- ✗Your system prompts
- ✗Your response content
- ✗Your application logic
- ✗Your data
This is not a technical limitation. It is a deliberate architectural choice. The EU AI Act does not require prompt storage to meet Article 26 obligations. Your CISO does not need to approve a system that reads prompt content. Your legal team does not need to review a system that logs AI outputs.
Session-level attribution maps directly to business workflows, use cases, and compliance evidence — without the privacy surface of prompt-level inspection.
| Prompt-level tools | PromptKing | |
|---|---|---|
| Requires SDK or proxy | ✓ Yes | ✗ No |
| Reads prompt content | ✓ Yes | ✗ No |
| Creates privacy exposure | ✓ Yes | ✗ No |
| Delivers cost attribution | ✓ Yes | ✓ Yes |
| Maps to business workflows | ✗ No (Noisy) | ✓ Yes (Aligned) |
| EU AI Act compatible | ✗ No (Risk) | ✓ Yes (Safe) |
Compliance
EU AI Act
PromptKing supports EU AI Act inventory and Annex III classification workflows. Usage metadata helps you evidence governance without accessing model inputs or outputs.
GDPR
We process billing metadata under legitimate interest for FinOps services. No prompt or conversation content is collected. Data Processing Agreement available on request.
SOC 2 Type II (Roadmap Q1 2027)
SOC 2 Type II audit is on our Q1 2027 roadmap. Current controls include tenant isolation, encrypted credential storage, and read-only vendor integrations.
Enterprise Procurement
We respond to security questionnaires, vendor risk assessments, and RFP security sections. Metadata-only architecture simplifies procurement review.
Data inventory
| Data Type | Collected | Stored | Retained | Purpose |
|---|---|---|---|---|
| Token consumption | Yes | Yes | 24 months | Cost analysis |
| Seat cost & plan tier | Yes | Yes | 24 months | Rightsizing |
| Model type used | Yes | Yes | 24 months | Efficiency |
| Usage timestamps | Yes | Yes | 24 months | Trend analysis |
| Prompt content | Never | Never | Never | N/A |
| AI response content | Never | Never | Never | N/A |
| Conversation history | Never | Never | Never | N/A |
| Documents processed | Never | Never | Never | N/A |
Questions about security or procurement?
We respond to security questionnaires, RFP security sections, and procurement reviews.
PromptKing AI FinOps · Ontario, Canada · www.promptking32.com