Security

Built to be trusted with your keys.

Byoky sits on the path of every AI request, so security is the architecture — not a feature bolted on. Here’s exactly how your credentials, prompts, and spend data are handled.

Sealed credentials

Provider keys are KMS-envelope encrypted with a per-org data key. They are decrypted in memory only to forward a request; apps and agents carry scoped byk_ keys and never see the raw key.

Database-enforced tenant isolation

Every org’s data is separated with Postgres row-level security — the boundary is enforced at the database, not just in application code, so a missing WHERE clause can’t leak across tenants.

SSO & RBAC

Sign in with OIDC (Google / Microsoft / Okta). Five scoped roles — owner, admin, finance, security, member — gate every action.

Immutable audit log

Every budget, policy, key, member, and access change is recorded append-only: who, when, what, before/after.

Opt-in, redacted prompt capture

Metadata (model, tokens, cost, latency, verdict) is captured by default. Full prompt capture is off unless a budget opts in — and even then only a short, PII/secret-redacted preview is stored, never the raw prompt.

Fail-open by design

If Byoky is unreachable, the SDK degrades straight to the provider. Adopting Byoky cannot make your AI less reliable — it is an upgrade, never a new single point of failure.

Data handling

What we store — and what we don’t.

Provider keys

Stored only as KMS-sealed ciphertext, scoped to your org. Never logged, never returned by an API, never visible to any app.

Prompts & responses

Not stored by default. If you explicitly enable prompt logging on a budget, we keep a truncated, redacted preview for observability — API keys, emails, cards, and SSNs are stripped before anything is written.

Spend & usage

We record request metadata (model, tokens, cost, latency, policy verdict, attribution) to power budgets, dashboards, and the ledger. This is your data — exportable, and deletable on request.

Payments

You keep paying your providers directly on your own accounts and discounts. Byoky meters and invoices its own fee — we do not hold or resell your provider spend.

Deployment & sub-processors

Run it your way.

Self-hostable

The full stack ships as Docker/Helm. Run it in your own cloud with your own KMS and IdP so provider keys and prompt data never leave your boundary. The code is open source (MIT) — audit exactly what touches your keys.

Sub-processors (managed offering)

The forwarding engine (LiteLLM) runs stateless in the same private region and holds no keys — they’re injected per request and never persisted there. Your chosen model providers receive the requests you send. A current sub-processor list is available on request.

Compliance

Where we are — stated plainly.

SOC 2 Type I is in progress. We’re not going to claim a certification we don’t hold. In the meantime, the architecture above — KMS custody, RLS isolation, RBAC, immutable audit, self-hosting — is designed to meet those controls, and we’re happy to walk your security team through it.

Report a vulnerability

Found something? Email security@byoky.com. We read every report and respond quickly.

Questions from your security team?

We’ll get on a call and answer them directly — no gated whitepaper.