Trust Model

Your Keys, Your Credits,
Our Logic.

We built this platform with one constraint: if our servers were completely compromised, attackers would get nothing useful. Here's exactly how that works.

1

Your keys never leave your browser

When you add an API key, it is encrypted immediately in your browser using AES-256-GCM before anything is stored. The plaintext key is never sent to our servers — not even for a millisecond.

2

Encrypted at rest with your master password

Your master password is used to derive an AES-256-GCM encryption key via PBKDF2 with 100,000 iterations and a random salt. Without your master password, the ciphertext is meaningless.

3

Zero server storage

We have no database of API keys. We have no user accounts tied to credentials. There is nothing on our servers to breach. Your vault is stored only in your browser's localStorage.

4

Direct API calls

Generation requests go directly from your browser to the AI provider's API (e.g., api.klingai.com) using your decrypted key. Our servers are not in the request path — we never see your traffic.

5

Open architecture

The encryption logic lives in lib/vault.ts — a single, auditable file using the Web Crypto API with zero external dependencies. There is no proprietary black box.

Technical Specification

EncryptionAES-256-GCM
Key derivationPBKDF2-SHA256, 100,000 iterations
Salt16 bytes, random per vault
IV12 bytes, random per entry
Crypto APIWeb Crypto API (browser-native)
StoragelocalStorage (your device only)
Server storesnothing

Threat Model

Our server is breached

Attacker gets nothing — no keys stored server-side

Our database is leaked

No credential database exists to leak

Network traffic is intercepted

Keys never traverse the network in plaintext

Your device is compromised

localStorage is exposed — protect your device

Add your API key securely →