Privacy Policy

Byoky stores everything locally on your device. We do not collect, transmit, or store any personal data, API keys, usage data, or analytics. Period.

• Your API keys and OAuth tokens — encrypted with AES-256-GCM, stored in your browser's local storage
• Your master password hash — stored locally for vault unlock verification
• A request log — stored locally so you can audit which apps used your credentials

All of this data stays on your device. None of it is ever sent to Byoky, our servers, or any third party.

• We do not collect analytics or telemetry
• We do not track your browsing activity
• We do not send your API keys anywhere — the extension proxies requests directly to LLM providers
• We do not use cookies
• We do not have servers that receive your data

The Byoky extension makes network requests only when you explicitly use it to connect to an LLM provider (Anthropic, OpenAI, Google Gemini, etc.). These requests go directly from your browser to the provider's API — Byoky does not proxy through any intermediate server.

When you use Byoky to make API calls, your prompts and data are sent to the LLM provider you selected (e.g., Anthropic, OpenAI). These providers have their own privacy policies. Byoky does not control or monitor what these providers do with your data.

Byoky is fully open source under the MIT license. You can audit the entire codebase at github.com/MichaelLod/byoky.

If you have questions about this policy, open an issue on GitHub.