Privacy Policy

Byoky runs locally by default. Your API keys and OAuth tokens are encrypted on your device and never leave it unless you explicitly opt in to cloud sync at vault.byoky.com. When you do, each credential is encrypted on your device before upload — the plaintext never crosses the network — and stored as ciphertext in our database. The decryption key is held in server memory during your active session so features like gift relay and remote OpenClaw can work. This is not end-to-end encryption — see the cloud sync section below. We do not run analytics, do not log prompts or responses, and do not sell or share data with advertisers.

The data controller for the optional vault sync, gift relay, and the byoky.com website is:

• Michael Lodzik
• Vienna, Austria
• Email: privacy@byoky.com

When you use Byoky in local-only mode (no vault account) there is no data controller relationship with us, because no personal data ever reaches our servers.

We only collect the categories listed below. We do not collect anything else.

• Authentication credentials. The API keys and OAuth tokens you voluntarily add to Byoky for LLM providers (Anthropic, OpenAI, Google Gemini, Mistral, Cohere, xAI, DeepSeek, Perplexity, Groq, Together AI, Fireworks AI, OpenRouter, Azure OpenAI).
• Vault account data (only if you create one). A username you choose (no email required), a password hash, and a server-wrapped session key so you can sign back in after idle timeout.
• Usage metadata (only if you use vault sync). For each LLM call relayed by the vault: the calling app origin, provider ID, model name, response status, and token counts. We do not store prompts, completions, IP addresses, or user-agent strings.
• Local-only request log. A history of which apps used which credentials, kept in your browser's local storage. This never leaves your device.
• App-permission settings. If you create alias groups or authorize apps, the resulting policy mappings.
• Gifts you create. If you share a key as a gift: the encrypted key, the relay URL, the budget and expiration you set, and a running token-count.

• Directly from you. All authentication credentials, account data, and gift configurations are entered by you in the extension or mobile app.
• Generated by your use of the Service. Usage metadata and the local-only request log are generated as a byproduct of LLM calls you initiate. We do not buy, scrape, or otherwise acquire personal data from third parties.

We use the data described above only for these purposes:

• To authenticate you to the LLM providers whose keys you supplied.
• To proxy LLM API calls on your behalf — locally from the extension, or via vault.byoky.com when you have cloud sync enabled.
• To show you a per-app history of which credentials were used and how many tokens were consumed, so you can audit and revoke access.
• To synchronize your credentials and policies across the devices you have linked to the same vault account, if you opt in to cloud sync.
• To enforce budget and expiration limits on gift links you create, and to relay requests on the gift recipient's behalf.

We do not use your data for advertising, profiling, training machine-learning models, or any purpose unrelated to the user-facing features above.

• On your device. All credentials are encrypted with AES-256-GCM using a key derived from your master password via PBKDF2 (600,000 iterations) and stored in the browser extension's local storage or in the iOS/Android secure store. Your master password hash is stored locally for unlock verification only.
• On our servers (only if you opt in to cloud sync). Encrypted credentials, account records, request metadata, group/policy data, and gift records are stored in a PostgreSQL database hosted on Railway, in the United States. Plaintext credentials are never written to disk on the server.
• In server memory (transient). When you sign in to your vault, your decryption key is held in process memory and wrapped with a server-held secret in the sessions table so you stay signed in across the session window. Logging out or deleting the account evicts it.

We share your data only with the following recipients, and only as described:

• LLM providers you have configured. When you make an LLM call, Byoky forwards your prompt and the relevant API key or OAuth token to the provider you selected (Anthropic, OpenAI, Google Gemini, Mistral, Cohere, xAI, DeepSeek, Perplexity, Groq, Together AI, Fireworks AI, OpenRouter, or Azure OpenAI). The provider then handles the request under its own privacy policy, which we do not control.
• Railway (US) — infrastructure subprocessor. Hosts our PostgreSQL database and the vault server. Railway only ever sees the encrypted data described above and acts strictly on our instructions.
• Vercel (US) — infrastructure subprocessor. Hosts the byoky.com website, including this Privacy Policy and the docs. Vercel processes standard HTTP request logs for the website itself.
• Gift recipients you choose. If you create a gift link, the recipient can spend the gifted credit subject to the limits you set, until you revoke the gift or it expires.

We do not sell your data, share it with advertisers, or transfer it to data brokers. We do not disclose data to law enforcement except where required by enforceable Austrian or EU law.

Cloud sync is disabled by default. You must create a vault account and toggle it on in Settings.

Encryption model. On login, your device and our server independently derive the same AES-256-GCM key from your password using PBKDF2 (600,000 iterations) against a per-user salt. Your device uses its copy to encrypt each API key before upload, so the plaintext key never traverses the network. The server uses its copy — held in memory during your session, and wrapped with a server-held secret in the sessions table — to decrypt stored ciphertext when relaying gift and remote-OpenClaw traffic on your behalf. This means it is not end-to-end encryption: a compromise of our server or the wrapping secret while your session is active could expose your credentials. Logging out evicts the key; deleting your account removes it entirely.

You can delete your vault account at any time from Settings. Deleting your account removes your user record, all synced credentials, sessions, groups, request logs, and gifts from our database within 30 days.

Byoky's use and transfer of information received from Google APIs (specifically, OAuth tokens issued via oauth2.googleapis.com for the Google Generative Language API) adheres to the Google API Services User Data Policy, including the Limited Use requirements. In particular:

• We use Google user data only to provide the user-facing feature you requested (calling Gemini on your behalf with your account's OAuth token).
• We do not transfer Google user data except as necessary to provide that feature, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
• We do not use Google user data for advertising.
• We do not allow humans to read Google user data unless we have your affirmative consent, it is necessary for security, or it is required by law.

The extension declares the nativeMessaging permission so it can talk to the optional Byoky Bridge — a local helper you can install separately to use Byoky credentials from CLI or desktop apps. The Bridge runs entirely on your computer. Data exchanged between the extension and the Bridge does not leave your device, is not transmitted to our servers, and is not shared with any third party.

The extension injects a content script on all websites (<all_urls>) so that any page implementing the Byoky SDK can request a proxied LLM call. The content script only listens for BYOKY_* messages posted by the page; it does not read page content, form data, cookies, browsing history, or any other data on the websites you visit. The host permissions for LLM provider domains exist solely so the extension can forward your authenticated requests to those providers.

• Local data. Stays on your device for as long as you have the extension or mobile app installed. Uninstalling the extension removes it.
• Vault account, credentials, groups, sessions. Retained until you delete the account; deleted within 30 days of the deletion request.
• Vault request log. Retained for 90 days for usage display and abuse detection, then automatically deleted. Deleted immediately if you delete the account.
• Gift records. Retained until you revoke the gift or it expires; removed automatically on expiration.
• Website server logs (Vercel). Standard HTTP logs retained for up to 30 days.

Our hosting providers (Railway, Vercel) operate from the United States. If you are located in the European Economic Area, the United Kingdom, or Switzerland, using the vault sync feature involves an international transfer of personal data. We rely on the European Commission's Standard Contractual Clauses (SCCs) and the providers' implementation of equivalent safeguards as our legal mechanism for these transfers. Because credentials are stored encrypted with a key the server derives only in memory during your session, the data at rest in the US has no plaintext exposure.

If the GDPR applies to you, you have the following rights with respect to data you have given us via vault sync:

• Right of access (Art. 15) — request a copy of your data.
• Right to rectification (Art. 16) — correct inaccurate data.
• Right to erasure (Art. 17) — delete your account and associated data.
• Right to restriction of processing (Art. 18).
• Right to data portability (Art. 20) — export your synced credentials.
• Right to object (Art. 21).
• Right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde, dsb.gv.at) or with the supervisory authority of your country of residence.

You can exercise most of these rights directly inside the extension Settings (export, delete account). For anything else, email privacy@byoky.com. We respond within 30 days.

Legal basis for processing under GDPR Art. 6: performance of the contract you enter when you create a vault account (Art. 6(1)(b)) for credentials, account data, and request relaying; our legitimate interest in preventing abuse (Art. 6(1)(f)) for the 90-day request log.

• We do not collect analytics, telemetry, or tracking data in the extension.
• We do not track your browsing activity.
• We do not log prompts, completions, IP addresses, or user agents.
• We do not use cookies in the extension.
• We do not sell or share data with advertisers or data brokers.
• We do not use your data to train machine-learning models.

Byoky is not directed to children. We do not knowingly collect data from children under 14 (the digital-consent age in Austria) or under the age of digital consent in your country, whichever is higher. If you believe a child has provided us with data, contact privacy@byoky.com and we will delete it.

Byoky — including the vault server — is fully open source under the MIT license. You can audit every line at github.com/MichaelLod/byoky.

If we make material changes to this policy we will update the “Last updated” date and, for existing vault users, surface a notice in the extension on next unlock.

Privacy questions, GDPR requests, or data-deletion requests: privacy@byoky.com. General support: support@byoky.com.