A: Hi! Great question.
Your API keys are stored locally on your device and are never transmitted to our servers. They are encrypted at rest and only used to make direct calls from your machine to your chosen LLM provider.
Third-party aApps from our marketplace also cannot access your stored API keys — all aApps go through code review before being listed, and we specifically check that no aApp attempts to read or exfiltrate credentials.
In short: your keys stay on your device, encrypted, and out of reach from anyone else. 🔒