← back to home

Docs

Core Tools

API WorkbenchMulti-Model CompareToken CounterCost Calculator

Prompt Engineering

Prompt LibraryOptimizerCaching Guide

Security

BYOK ArchitecturePrivacy Policy

BYOK Security

Your keys. Your data. Your privacy.

AIWorkbench.dev is built on a "Bring Your Own Key" (BYOK) architecture. Unlike most AI wrappers, we do not have a backend server that stores or processes your API keys.

Security Principles

1. Direct Transmission

When you click "Send" in the workbench, your browser makes a direct HTTPS request to the AI provider's endpoint (e.g., api.anthropic.com or api.openai.com).

2. Client-Side Only Storage

Your API keys are stored in your browser's sessionStorage.

  • Encryption: Keys are handled as plain secrets in memory but are never transmitted to our servers.
  • Persistence: Keys are cleared immediately when you close the tab or logout.
  • Visibility: No one, including the AIWorkbench.dev team, can see your keys.

3. No Proxy, No Logs

We do not use a middleware proxy. This eliminates the risk of "man-in-the-middle" data collection on our end. Your prompts and responses exist only in your browser's state and the provider's infrastructure.