This page is an early draft and should be reviewed before public launch.Legal index
BYOK API Key Safety
Draft BYOK security and user responsibility language.
Key storage
Raw provider keys should be entered only through protected app settings and stored through the server-side vault.
Provider billing
BYOK means the provider may bill the user directly. Obrasken should make that distinction clear before generation.
Current status
This is a product placeholder for launch planning. It describes intended controls and user-facing expectations, not final legal advice.
Private by default
Obrasken private workspace data should remain private unless the user intentionally chooses a secure sharing or export workflow.
Security boundary
Provider keys, service-role credentials, payment data, and other secrets must remain server-side and must not be exposed in browser code or logs.
