Privacy Policy

Byoky runs locally by default. Your API keys are encrypted on your device and never leave it unless you explicitly opt in to cloud sync. When you do, each key is encrypted on your device before upload — the plaintext never crosses the network — and stored as ciphertext in our database. The decryption key is held in server memory during your active session so features like gift relay and key previews can work. This is not end-to-end encryption — see the cloud sync section below.

• Your API keys and OAuth tokens — encrypted with AES-256-GCM (PBKDF2, 600,000 iterations) and stored in the extension's local storage
• Your master password hash — stored locally for vault unlock verification
• A request log — stored locally so you can audit which apps used which credentials

If you never enable cloud sync, none of this data ever leaves your device.

Byoky offers an opt-in cloud sync feature so you can use the same keys across devices. It is disabled by default — you must create a vault account and toggle it on in Settings.

When cloud sync is enabled, the following applies:

• Encryption model. On login, your device and our server independently derive the same AES-256-GCM key from your password using PBKDF2 (600,000 iterations) against a per-user salt. Your device uses its copy to encrypt each API key before upload, so the plaintext key never traverses the network. The server uses its copy — held in memory during your session, and wrapped with a server-held secret in the sessions table so you stay signed in after idle timeouts — to decrypt stored ciphertext when relaying gift and remote-OpenClaw traffic on your behalf. This means it is not end-to-end encryption: a compromise of our server or the wrapping secret while your session is active could expose your credentials. Logging out evicts the key; deleting your account removes it entirely.
• Account data. We store a username you choose (no email required), a password hash, and a server-side wrapped copy of your session key so you can sign back in after a session expires.
• Synced credentials. For each credential you sync we store: the provider ID, an optional label, the encrypted key material, and the last-used timestamp.
• Request log. When an app makes an LLM call via your vault, we log the app origin, provider, model, request status, and token counts, so you can see usage per app. We do not log prompts or responses, IP addresses, or user-agent strings.
• Groups and sessions. If you create alias groups or authorize apps, we store those associations so the same policy applies across your devices.
• Gifts you create. When you share one of your keys as a gift, we store the encrypted key, the relay URL used to proxy requests, the token budget and expiration you set, and a running count of tokens consumed. Gifted keys are encrypted before storage and are revealed in plaintext only transiently when the relay forwards a request to the upstream provider. You can revoke or delete any gift from the extension at any time; expired gifts are removed automatically.

You can delete your vault account at any time from Settings. Deleting your account removes your user record, all synced credentials, sessions, groups, and request logs from our database.

• We do not collect analytics, telemetry, or tracking data
• We do not track your browsing activity
• We do not log prompts, completions, IP addresses, or user agents
• We do not use cookies on the extension or apps
• We do not sell or share any data with advertisers

The Byoky extension makes network requests only when you use it: either directly to an LLM provider (Anthropic, OpenAI, Google Gemini, etc.) when using local-only mode, or through vault.byoky.com when cloud sync is enabled. In the vault flow, prompts and responses pass through our server only long enough to be forwarded to the provider — they are not stored.

When you use Byoky to make API calls, your prompts are sent to the LLM provider you selected (e.g., Anthropic, OpenAI). These providers have their own privacy policies and Byoky does not control what they do with your data.

Our vault database is hosted on Railway (PostgreSQL). Railway acts as a data subprocessor and only ever stores the encrypted data described above.

Byoky is not directed to children under 13 and we do not knowingly collect data from them.

Byoky — including the vault server — is fully open source under the MIT license. You can audit every line at github.com/MichaelLod/byoky.

If we make material changes to this policy we will update the “Last updated” date and, for existing vault users, surface a notice in the extension on next unlock.

Questions? Open an issue on GitHub.