How We Handle Your API Keys
Business Diver uses a Bring Your Own Key (BYOK) model. You provide an API key from Google Gemini, OpenAI, or Anthropic Claude. Here is exactly what happens to it.
Where Is My API Key Stored?
- Stored in your browser's localStorage
- Automatically expires after 24 hours
- Never sent to or stored on Business Diver's servers
- You can delete it anytime by clicking "Delete Key" in the research tool
What Happens During a Research Request?
Your key is sent from your browser over HTTPS
Our backend holds it in memory (RAM only)
Backend calls the AI provider with your key
Research results stream back to you
Key is discarded from memory. Request complete.
What We Never Do
- Never log your API key
- Never write it to disk or database
- Never share it with third parties
- Never include it in error messages
- Never use it for anything except your requested research
How Does Bring Your Own Key (BYOK) Work?
You get a free API key from an AI provider. You paste it into Business Diver. It stays in your browser. The provider bills you directly at their standard rates. You maintain full control and can revoke the key anytime from the provider's dashboard.
What If My Key Is Compromised?
- Revoke it immediately in your AI provider's dashboard
- Generate a new key
- Business Diver has nothing to revoke because we never stored it
Is It Safe to Use My API Key with Business Diver?
Yes. Your key is stored in your browser with 24-hour auto-expiry. It is transmitted over HTTPS only during active requests. Our backend has no database and no persistent storage. Your key exists in server memory only for the duration of one API call, then it is discarded.
- HTTPS-only transmission (never in URLs)
- Content Security Policy restricts outbound connections
- CORS locked to businessdiver.com
- Rate limiting on all endpoints
For full legal details, see our privacy policy.
Ready to start?
Try Business Diver Now