Using BYOK AI Keys Safely on Mobile

Bring-your-own-key mode is useful when you want stronger online models without Phos paying for or proxying hosted inference.

It is not the same as local mode. Your prompts go to the provider attached to your key, so that provider's privacy policy and retention behavior still matter.

What Phos stores

Phos stores provider profile metadata locally and keeps raw provider keys in secure device storage. The app should not put raw keys in local chat rows, diagnostics, screenshots, or public logs.

The key belongs to you. You can remove the provider profile and clear the key from the app.

What leaves the device

When BYOK mode is active, the selected prompt, relevant recent chat context, and any user-approved memory context needed for the request are sent to the provider endpoint.

Private attachments are included only when the active provider and model support that media type and the user selected it.

Safer setup habits

Create a provider key specifically for mobile use. Set a spending limit when the provider supports it. Rotate the key if your device is lost.

For sensitive thoughts, switch back to local mode before sending the message.