Home Features Pricing Blog FAQ Contact
Security & Trust

Your keys never leave your device.

ByteChat is a "bring your own key" tool. That only works if you can trust where your keys go. So here's the whole truth — exactly where keys live, what our proxy can and can't see, and why this is safer than a shared subscription.

🔒

Stored in your browser

Your API keys are saved in this browser's local storage — on your device only. They are never written to our database.

➡️

Passed straight through

When you chat, your key is used in-memory for one request to your chosen AI provider, then discarded. We don't log it.

💸

Zero token markup

You pay the AI provider directly at their published rates. ByteChat charges one flat fee — we never mark up your usage.

What ByteChat can — and can't — see
A plain list. No asterisks.

🚫 What we never store or sell

  • Your API keys — never written to our servers or database
  • Your conversation messages — not logged, not read, not stored by us
  • Your data for AI training — we never use it, ever
  • Your activity sold to advertisers — no ad networks, no trackers

What we do hold (the minimum)

  • Your email & display name, via our auth provider (Clerk)
  • Your subscription status, via Stripe — never your card number
  • Anonymous, aggregate usage counts to keep the service running
  • Optional cloud-synced history (paid plans) — your messages, never your keys
The exact path your key takes
From the moment you paste it to the moment you get a reply.
You paste your key into the app. It is saved only in your browser's localStorage — on your device.
When you send a message, your key travels in the Authorization header of a single request to our Cloudflare Worker proxy. It is never written to a log or database at this point.
The proxy forwards your key to your chosen provider using that provider's own API design — as an Authorization header (OpenAI, Anthropic, Groq…) or an API parameter (Google Gemini, per Google's own API spec). The call goes directly to the provider's servers.
The proxy never writes the key to disk, a database, or any log — it's discarded the instant the request finishes.
In plain terms: your key passes through our proxy in memory only, for the length of one request. After that it's gone from our side — it lives on your device.
You control the spending — not us
Because you bill the provider directly, you hold the cap. No surprise invoices from ByteChat.

💳 Set a hard limit at the provider

Every major provider lets you set a monthly usage limit. Set it low to start — e.g. $5 — and you literally cannot be charged more. OpenAI limits · Anthropic limits

📊 Watch spend in real time

ByteChat shows your estimated token usage and cost per bot as you chat, plus a running monthly total — so there's never a mystery about where your spend is going.

Why "bring your own key" is the safer model
It sounds like more responsibility. It's actually more control.
With a normal AI subscription, you hand your money and your data to one company and trust their black box. With BYOK, your relationship is directly with the AI provider — the same companies the big apps use. ByteChat is just the room they talk in. We can't see your messages, we can't touch your key, and you can revoke that key from the provider at any time, instantly, without us.

Want the legal detail? Read our full Privacy Policy. Questions? [email protected]

Try it without a key first.

Start free with 3 demo bots — no API key, no card. Add your own key only when you're ready.

Start free →