ZenLLM

ZenLLM Security Overview

Security and trust information for the live ZenLLM customer-facing web application and API environment.

Verified summary

ZenLLM runs the customer-facing website on Firebase Hosting and the main API on Google Cloud Run in us-central1. Browser auth uses Firebase bearer tokens, and SDK ingest uses X-API-Key.

API keys are shown once at creation, stored as SHA-256 hashes plus prefix, and can be revoked.

Customer-facing backend secrets are injected from Google Secret Manager references.

Download the security overview PDF or contact security@zenllm.io for follow-up questions.