What is BYOK (Bring Your Own Key) AI, and why does it matter?

Published 2026-07-07

You sign up for an AI writing tool, or a note app with a chat sidebar, and it just works. You type a question, an answer comes back. Somewhere behind that box, the app is calling a model from OpenAI or Anthropic or Google, and paying for it. BYOK is the option to change who that "somewhere" is billed to and governed by: instead of the app's account, it runs on yours.

Quick answer: BYOK ("bring your own key") means you give an AI app your own API key from a model provider like OpenAI or Anthropic, so its requests run under your provider account, your billing, and your provider's terms, instead of being pooled through the app vendor's key. It changes whose contract governs your data, not whether the data leaves your machine.

Which "BYOK" is this about?

There are two, and they get confused constantly.

note: The older meaning of BYOK is "bring your own encryption key." In cloud security, AWS KMS and Azure Key Vault both let you import your own key material to encrypt data at rest, and both call that BYOK. That is not what this article is about.

This article is about the newer, AI-specific meaning: bringing your own model-provider API key to a third-party app. If you came here looking for customer-managed encryption keys, you want your cloud provider's KMS docs instead. Everything below is about AI.

How does BYOK actually work?

Normally an AI app holds one API key of its own, calls the model provider with it, and charges you a subscription that includes the cost of those calls plus a margin. That is the "managed" model. ChatGPT, Claude's consumer app, Notion AI, and Microsoft 365 Copilot all work this way: the model access is the product they sell, so they keep the key and the billing relationship.

With BYOK, you paste a key you generated in your own provider console. The app authenticates to the provider as you. The tokens count against your account, the bill lands on your card, and, importantly, the provider's terms that apply are the ones attached to your account, not the app's.

As of 2026 this is common in developer and power-user tools. Cursor, Cline, Continue, LibreChat, Open WebUI, Jan, Chatbox, TypingMind, Raycast, and several Obsidian and Logseq plugins all take your own key. GitHub Copilot added it for VS Code in April 2026. The tools that still don't are the mainstream consumer suites, because BYOK cuts into a subscription business built on reselling inference.

Why does BYOK matter for privacy?

This is the part worth getting exactly right, because it's the strongest reason to use BYOK and also the easiest to overstate.

Every major provider's API terms are more protective than the same provider's consumer terms. The API is where BYOK sends your data.

  • OpenAI: data sent to the API is not used to train models by default. Abuse-monitoring logs are kept for around 30 days unless you qualify for a zero-retention agreement. That is the opposite of ChatGPT consumer, where content can feed training unless you opt out.
  • Anthropic: the Commercial Terms that cover API access say Anthropic does not train on your content, and as of 14 September 2025 the default API log-retention window is 7 days. Contrast that with the consumer terms updated 28 August 2025, which make Free, Pro, and Max chats trainable unless you opt out, with retention extended to five years when training is left on. Anthropic states plainly that the consumer change does not apply to API access.
  • Google Gemini: here the line is drawn by whether a Cloud Billing account is attached to your key. Paid, billed usage is not used to improve Google's products and is kept ~30 days for abuse detection only. Unbilled free-tier usage is used to develop Google's products and can be read by human reviewers. So a free-tier Gemini key is the worst of both worlds. If you go BYOK with Gemini, put the key on a billed project.

The pattern: BYOK routes your prompts down the protected API path instead of the consumer path. That's a real, verifiable difference, and it's the honest headline benefit.

What are the other benefits?

  • Cost, sometimes. You pay the provider's metered rate instead of the app's markup. This helps light users and can hurt heavy ones, since a flat "unlimited" subscription may be cheaper than per-token billing at volume. It's a trade-off, not a guaranteed saving.
  • Control. You can pick any model the provider offers, switch models when a better one ships, and rotate or revoke the key from your own console without asking the app for anything. Revoking a key is the cleanest way to offboard an app you no longer trust.
  • Compliance leverage. BYOK puts you in a direct relationship with the provider, so you can sign your own Data Processing Addendum and, if you're eligible, get a zero-data-retention agreement. Both OpenAI and Anthropic offer ZDR to approved API customers. Note that these are approval-gated: the key alone does not make you GDPR- or HIPAA-compliant, and it doesn't cover the app vendor, who is still a processor you have to check.

What does BYOK not solve?

One thing above all: BYOK is not local. Your prompt still travels to a cloud provider and runs on their servers. BYOK changes whose account and contract govern that trip, not whether the trip happens. If your requirement is that data never leaves your machine, BYOK doesn't meet it. A local model does.

Two more limits worth stating:

  • The app can still see your prompts. Unless the app is fully client-side or open-source, its own servers build and forward the request before it reaches the provider, so the operator can read and log it, and can spend the key you handed over. Where and how apps store that key varies a lot, and often badly. A Wake Forest University study published in June 2026 tested 444 AI chatbot apps on iOS and found 282 of them exposing paid AI access in their network traffic, with 54 sending keys in plaintext. Three months after disclosure, only 28% had fixed it.
  • The provider's rules still apply. "Not trained on" does not mean "not stored." Both OpenAI and Anthropic keep short abuse-monitoring windows under default API terms, and your key inherits rate limits and regional restrictions too.

What does a good BYOK setup look like?

Calmara is built this way, so it's a concrete example rather than an aside. It's a productivity app where AI features run on keys you supply: you paste your own OpenAI, Gemini, Claude, or Z.AI key, and there are no shared vendor keys behind the scenes. Keys are encrypted at rest with AES-256-GCM and never sent back to the browser after you save them.

Two details matter for the distinction above. First, BYOK isn't a paid add-on here: any tier, including the free one, can bring a key. What's metered is how many AI requests you make, not whether you can configure your own provider. Second, for the "data never leaves my machine" case, Calmara also runs against a local model. Point it at your own Ollama or LM Studio endpoint and the browser talks to the model directly, skipping even Calmara's backend. That's the setup for anyone whose compliance rules won't allow client data in a cloud AI, and it's a different guarantee from BYOK, not the same one.

If you want the fuller picture of why controlling your own keys and records matters for the tools that remember things about you, see how to build an AI second brain you can actually audit.

The one-line takeaway: use BYOK when you want your cloud AI to run under your account and your provider's better terms. Use a local model when you don't want it in the cloud at all. Knowing which problem you're solving is the whole decision.

FAQ

What does BYOK stand for?

BYOK stands for "bring your own key." In AI apps it means supplying your own model-provider API key (from OpenAI, Anthropic, Google, and others) so the app runs on your account instead of the vendor's. Older cloud-security usage refers to bring-your-own-encryption-key, which is a different thing.

Is BYOK more private than a normal AI subscription?

For the provider leg, yes. Your prompts run under the provider's API terms, which for OpenAI, Anthropic, and paid Google usage exclude your data from training by default, unlike the consumer versions. But the app itself can still see and log your prompts before forwarding them, so BYOK improves provider-side privacy, not app-side privacy.

Does BYOK mean my data stays on my computer?

No. This is the most common misunderstanding. With BYOK your data still goes to the cloud model provider. It changes whose contract governs the request, not whether it leaves your machine. Only a local, on-device model keeps data off the cloud entirely.

Is BYOK cheaper than paying for an AI app subscription?

It depends on usage. You pay the provider's metered per-token rate instead of the app's markup, which is cheaper for light use and can be more expensive for heavy use than a flat unlimited plan. Some apps also charge their own fee on top of BYOK.

Which AI apps support BYOK?

As of 2026, developer and power-user tools like Cursor, Cline, Continue, LibreChat, Open WebUI, Jan, Chatbox, TypingMind, and Raycast do, along with several Obsidian and Logseq plugins and, since April 2026, GitHub Copilot in VS Code. Consumer suites like ChatGPT, the Claude app, Notion AI, and Microsoft 365 Copilot do not.

Does BYOK make me GDPR or HIPAA compliant?

No, not on its own. BYOK lets you sign your own Data Processing Addendum with the provider and, if eligible, get a zero-data-retention agreement, which are useful building blocks. But those are approval-gated, and BYOK covers only the provider relationship. The app vendor is still a processor you must assess separately.

Is it safe to hand an app my API key?

Only as safe as the app. A June 2026 study of 444 iOS AI apps found most were exposing paid model access in network traffic and 54 were sending keys in plaintext. Prefer apps that encrypt keys at rest, are open-source or client-side, and let you scope and revoke the key from your provider console.

What's the difference between BYOK and a local LLM?

BYOK sends your data to a cloud provider under your own key and terms. A local LLM runs the model on your own hardware, so nothing leaves your network. BYOK is about ownership of the cloud relationship; local is about avoiding the cloud. Some apps, including Calmara, support both.

← All articles

Written by Dan Hagen

Try Calmara

Auditable AI memory, tasks, calendar, and notes. Self-hostable, BYOK, free tier.

Get started free