1. Acceptance of terms
By installing the CostPilot SDK (pip install costpilot or npm install costpilot), using the CLI, accessing the dashboard, or creating a
thecostpilot.dev account, you agree to be bound by these Terms of Service and our Privacy Policy.
If you are accepting on behalf of a company or other legal entity, you represent that you have the authority to bind that entity. If you do not have such authority, or if you do not agree with these terms, do not use the service.
These terms apply to: (a) the CostPilot SDK and CLI, (b) the thecostpilot.dev cloud service, and (c) the self-hosted enterprise license.
2. Definitions
| Term | Meaning |
|---|---|
| "CostPilot" / "we" / "us" | CostPilot and its founders, as the operator of thecostpilot.dev and publisher of the SDK. |
| "Service" | The CostPilot SDK (Python and Node.js), CLI, self-hosted dashboard, thecostpilot.dev cloud service, and all related documentation. |
| "You" / "Customer" | The individual or entity using the Service. |
| "Telemetry data" | Token counts, model names, costs, latency, hashed identifiers, and project labels captured by the SDK. Explicitly excludes prompt content, response content, and documents — see Section 8. |
| "Content" | Prompt text, response text, documents, or any other data you pass to an LLM provider. CostPilot never receives, stores, or processes Content. |
| "API key" | A cp_live_sk_* credential issued by thecostpilot.dev that authenticates
your SDK in CLOUD mode. |
| "License key" | A cpl_lic_* credential issued for self-hosted enterprise deployments. |
3. Description of service
CostPilot is a privacy-first AI cost intelligence platform. It provides:
- An SDK that intercepts LLM API calls and records token counts and cost metadata (never prompt content)
- A CLI for initialisation, reporting, and dashboard serving
- A self-hosted React dashboard fed by a local FastAPI server reading from SQLite
- A cloud service (thecostpilot.dev) for account management, cloud data sync, and remote dashboard access
- A pricing registry that tracks live LLM pricing from Anthropic, OpenAI, and Azure
The Service is provided "as is" during Phase 1. We aim for high availability but make no uptime guarantees for the thecostpilot.dev cloud service at this stage. See Section 10 for warranty disclaimers.
4. Accounts and credentials
4.1 Account creation
You must provide a valid email address to create a thecostpilot.dev account. You are responsible for maintaining the confidentiality of your API keys and for all activity that occurs under your account.
You may not create accounts on behalf of others without their consent, share API keys across separate organisations, or use automated means to create multiple accounts to circumvent usage limits.
4.2 API key security
Treat your cp_live_sk_* API key as a secret. Do not commit it to
version control. Add .costpilot.yaml (if it contains an api_key) to your .gitignore. CostPilot is not liable for
costs or data exposure resulting from a leaked key.
You may revoke and regenerate API keys at any time from your account settings. We will also revoke keys immediately upon a verified report of compromise.
4.3 Account accuracy
You agree to provide accurate and current information when creating an account and to update it promptly if it changes. We may suspend accounts with unverifiable contact information after notice.
5. Trial, plans, and billing
5.1 Trial period
New accounts receive a 14-day trial with full feature access at no charge. No credit card is required during the trial. At the end of the trial period, the account automatically transitions to the Free plan unless you have added billing details and selected a paid plan.
One trial per person/organisation. Creating multiple accounts to extend trial access is a violation of these terms.
5.2 Paid plans
Paid plans are billed in advance, monthly or annually as selected. All prices are in USD and exclusive of applicable taxes. You are responsible for taxes applicable in your jurisdiction.
5.3 Cancellation and refunds
You may cancel your subscription at any time from your account settings. Cancellation takes effect at the end of the current billing period. We do not provide prorated refunds for mid-period cancellations except where required by applicable law.
If we terminate your account for breach of these terms, no refund will be issued. If we terminate your account for any other reason, we will provide a prorated refund for the unused portion of any prepaid period.
5.4 Price changes
We may change subscription pricing with 30 days' notice by email. If you do not cancel within the notice period, you accept the new pricing. The free plan price (zero) will not change.
5.5 Self-hosted license
Enterprise self-hosted licenses are governed by a separate Order Form. The license key validates monthly with a 30-day offline grace period. Circumventing or cloning the license validation mechanism is prohibited and constitutes material breach.
The SDK continues capturing data. Only dashboard access windows change: history beyond 24 hours, scenario projections, migration reports, and CSV export are locked until you select a paid plan. No data is deleted on trial expiry.
6. Acceptable use
You agree not to use the Service to:
- Reverse engineer, decompile, or attempt to extract source code from any part of the CostPilot platform
- Attempt to probe, scan, or test the vulnerability of thecostpilot.dev infrastructure without prior written consent
- Use the Service to instrument systems that process data you are not authorised to process
- Transmit malicious code, viruses, or any code designed to disrupt the Service
- Use automated means to scrape pricing data from our registry for commercial purposes without a partnership agreement
- Resell or white-label the Service without an explicit reseller agreement
- Circumvent rate limits, authentication, or trial restrictions
- Use the Service in any manner that violates applicable law or regulation
We reserve the right to suspend access immediately for egregious violations, and to terminate accounts after notice for repeated or ongoing violations.
7. Privacy commitment (contractual)
This section is a contractual commitment, not merely aspirational. The privacy guarantee described here is part of the consideration for your use of the Service.
CostPilot contractually commits to the following:
- No prompt capture. The SDK will never store, transmit, log, or otherwise process the text content of messages you send to LLM providers. This applies to: user messages, assistant messages, system prompts, tool results, and documents injected as context.
- Whitelist enforcement. Storage is controlled by a whitelist-based sanitizer (
DataSanitizer). Only the 14 explicitly safe fields listed in our Privacy Policy are ever written to SQLite or transmitted to thecostpilot.dev. - Hashed identifiers only. User IDs and session IDs are stored exclusively as one-way SHA-256 hashes. The salt is generated locally and never transmitted to our servers.
- LLM provider keys not intercepted. Your Anthropic, OpenAI, or Azure credentials are passed through to the provider unchanged. We never log, store, or transmit them.
- Self-hosted data isolation. Customers operating under a self-hosted Enterprise license have a contractual guarantee that no telemetry data is transmitted to CostPilot infrastructure.
If we breach this commitment, you may terminate your subscription immediately and receive a full refund of any prepaid amounts. To assert a breach, email security@thecostpilot.dev with evidence.
8. Intellectual property
8.1 CostPilot IP
All rights in the CostPilot name, trademarks, logos, SDK, CLI, cloud service, and backend code are owned by CostPilot. Nothing in these terms grants you rights to our trademarks or to the service beyond the limited right to access it per these terms.
8.2 Your IP
Your prompts, responses, documents, and application code remain entirely yours. As stated in Section 8, CostPilot never receives this content. The telemetry data (token counts, costs, hashed IDs) that the SDK generates about your LLM calls is yours — you may export and delete it at any time.
8.3 Feedback
If you provide feedback, bug reports, or feature suggestions, you grant CostPilot a perpetual, royalty-free license to use that feedback without restriction or attribution. You are not required to provide feedback.
10. Disclaimers and warranties
The Service is provided "as is" and "as available" without warranty of any kind, express or implied. To the maximum extent permitted by applicable law, CostPilot disclaims all warranties including merchantability, fitness for a particular purpose, and non-infringement.
Specific disclaimers:
- Pricing accuracy. Cost calculations are based on our pricing registry, which is updated regularly but may lag provider changes. CostPilot does not guarantee that recorded costs exactly match your provider invoices. Always verify against your provider's billing console for financial decisions.
- Uptime. We do not guarantee uninterrupted availability of thecostpilot.dev. The SDK is designed to work offline and will not block your application if the cloud service is unavailable.
- Migration projections. Pre-migration cost reports are estimates based on your measured usage patterns. Actual cloud costs depend on provider pricing at time of migration, usage variation, and configuration choices we cannot predict.
- Scenario projections. Projections are models, not guarantees. Actual costs at scale depend on factors outside our control.
11. Limitation of liability
To the maximum extent permitted by applicable law, CostPilot's total liability arising out of or related to these terms or the Service shall not exceed the greater of: (a) the amount you paid to CostPilot in the 12 months preceding the claim, or (b) USD $100.
In no event shall CostPilot be liable for any indirect, incidental, special, exemplary, or consequential damages, including loss of profits, data, or business, even if advised of the possibility of such damages.
Some jurisdictions do not allow exclusion of certain warranties or limitation of liability — in those jurisdictions, our liability is limited to the greatest extent permitted by law.
12. Indemnification
You agree to indemnify, defend, and hold harmless CostPilot and its founders, employees, and agents from and against any claims, damages, losses, costs, and expenses (including reasonable legal fees) arising from: (a) your use of the Service in violation of these terms; (b) your violation of applicable law; or (c) third-party claims arising from your application or use of the Service output.
13. Termination
13.1 By you
You may terminate your account at any time by requesting deletion via the API endpoint DELETE /v1/account/data or by emailing hello@thecostpilot.dev. Deletion is completed within 30 days. All API keys
are revoked immediately.
13.2 By CostPilot
We may suspend or terminate your access immediately if: (a) you materially breach these terms and fail to cure within 7 days of notice; (b) we are required to do so by law; or (c) you engage in conduct that poses a security risk to the Service or other users.
We may terminate the Service entirely with 90 days' notice. In that event, we will provide a data export tool and prorated refund of any prepaid amounts.
13.3 Effect of termination
Upon termination, your right to access thecostpilot.dev ceases. Sections 7, 8, 9, 10, 11, 12, and 14 survive termination. Local SQLite data remains on your machine and is not affected by account termination.
14. Governing law and disputes
These terms are governed by the laws of India, without regard to conflict of law principles. You agree to submit to the exclusive jurisdiction of courts in Bengaluru, Karnataka for any dispute arising from these terms.
Before initiating formal proceedings, you agree to attempt to resolve any dispute by contacting us at legal@thecostpilot.dev. We will respond within 10 business days with a proposed resolution.
For EU customers, you retain the right to bring complaints before your local supervisory authority regarding data protection matters.
15. Changes to these terms
We may update these terms from time to time. For material changes — those that affect your rights or obligations — we will notify you by email at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the revised terms.
The version history of these terms is available on GitHub. The effective date at the top of this page reflects the currently active version.
16. Contact
For questions about these terms:
Legal enquiries
General: legal@thecostpilot.dev
Privacy: privacy@thecostpilot.dev
Security: security@thecostpilot.dev
We respond to legal enquiries within 5 business days.