Summary
Bring Your Own AI does not collect any data. We have no servers. We have no analytics. We have no telemetry. All conversations are stored locally on your device. All API calls go directly from your device to your chosen provider — we never see your prompts or responses.
1. Information We Do Not Collect
Bring Your Own AI does not collect, store, transmit, or share any of the following:
- Personal information (name, email, phone, address)
- Conversation content (prompts or responses)
- API keys you enter
- Device identifiers (IDFA, IDFV, MAC, IMEI)
- Location data
- Usage analytics or telemetry
- Crash reports
- Advertising identifiers
- Any data, period
2. Information Stored Locally on Your Device
The following data is stored only on your device, inside the app's sandboxed storage. It is never transmitted to us or to any third party except as described in §3:
| Data | Where | Purpose |
|---|---|---|
| Conversation history | Local SQLite database | Render your chat history within the app |
API keys (e.g. sk-...) |
iOS Keychain (Secure Enclave AES-256) | Authenticate you to your chosen provider |
| Endpoint configurations | Local SQLite database | Remember which providers and models you've configured |
| App preferences (theme, default model) | UserDefaults | Restore your settings on launch |
All local storage is protected by iOS Data Protection. The SQLite database uses the default
NSFileProtectionCompleteUntilFirstUserAuthentication class, which encrypts the file
with AES via APFS. The Keychain entries use kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
meaning they cannot be exfiltrated via iCloud or device backups.
3. Information Sent Directly to Your Chosen Provider
When you send a message, Bring Your Own AI makes a direct HTTPS request from your device to the AI provider you have configured (OpenAI, Anthropic, DeepSeek, or MiniMax). These requests are made directly — they do not pass through any server operated by us, because we have no servers.
The request payload contains:
- Your current prompt
- Recent messages from the same conversation (for context)
- Your API key (as a bearer token in the
Authorizationheader) - Optional: image attachments you include (for vision-capable models)
The provider's handling of your data is governed by their privacy policy, not ours. Supported providers:
4. Third-Party Software
Bring Your Own AI uses the following open-source libraries. None of them collect, transmit, or share any data:
| Library | License | Purpose |
|---|---|---|
| SQLite.swift | MIT | Local SQLite persistence |
| KeychainAccess | MIT | Secure API key storage |
| MarkdownUI | MIT | Markdown rendering |
| Highlightr | MIT | Syntax highlighting in code blocks |
6. Children's Privacy
Bring Your Own AI does not knowingly collect any information from anyone, including children under 13. Because we collect nothing at all, this is structurally guaranteed.
7. Your Rights
You have full control over your data:
- Delete a conversation: Swipe-left on any row in the conversation list, or tap the trash icon on the conversation detail.
- Clear all history: Settings → Data Management → Clear All Chat History.
- Delete an API key: Models → tap the endpoint → clear the API key field.
- Export your data: Long-press a conversation → Export as Markdown / JSON.
- Uninstall: Removing the app from your device deletes all local data.
8. International Transfers
Because we operate no servers, no data is transferred to us from anywhere. The only cross-border traffic is between your device and the AI provider you have chosen, which is governed by that provider's privacy policy.
9. Changes to This Policy
If we ever change this policy, we will update the "Last updated" date above and ship a new app version with an in-app notification. Material changes will be highlighted in the release notes.
10. Contact
Questions? Concerns? Open an issue on GitHub.