How We Handle Your API Keys

Business Diver offers two modes: Bring Your Own Key (BYOK) for free users and managed Gemini keys for paid subscribers. Here is exactly how we handle API keys in both modes.

Where Is My API Key Stored?

  • Stored in your browser's localStorage
  • Automatically expires after 24 hours
  • Never sent to or stored on Business Diver's servers
  • You can delete it anytime by clicking "Delete Key" in the research tool

What Happens During a Research Request?

1

Your key is sent from your browser over HTTPS

2

Our backend holds it in memory (RAM only)

3

Backend calls the AI provider with your key

4

Research results stream back to you

5

Key is discarded from memory. Request complete.

What We Never Do

  • Never log your API key
  • Never write it to disk or database
  • Never share it with third parties
  • Never include it in error messages
  • Never use it for anything except your requested research

How Does Bring Your Own Key (BYOK) Work?

You get a free API key from an AI provider. You paste it into Business Diver. It stays in your browser. The provider bills you directly at their standard rates. You maintain full control and can revoke the key anytime from the provider's dashboard.

Get your API key:

Gemini (recommended, free)OpenAIClaude

What If My Key Is Compromised?

  1. Revoke it immediately in your AI provider's dashboard
  2. Generate a new key
  3. Business Diver has nothing to revoke because we never stored it

Provider dashboards:

Google AI StudioOpenAI PlatformAnthropic Console

Is It Safe to Use My API Key with Business Diver?

Yes. Your API key is stored in your browser with 24-hour auto-expiry. It is transmitted over HTTPS only during active requests. Your key exists in server memory only for the duration of one API call, then it is discarded. Our database stores your account information and research history, but never your API keys.

  • HTTPS-only transmission (never in URLs)
  • Content Security Policy restricts outbound connections
  • CORS locked to businessdiver.com
  • Rate limiting on all endpoints

For full legal details, see our privacy policy.

Managed Keys for Paid Tiers (Coming Soon)

When Pro and Business tiers launch, subscribers will be able to use managed Gemini keys provided by Business Diver. This means you will not need to set up or provide your own API key. Here is how managed keys will work and how they differ from BYOK:

  • Managed keys are stored as encrypted environment variables on our backend server
  • They are never exposed to your browser or included in client-side code
  • Keys are used only during active research requests, then released from memory
  • All error messages are scrubbed to ensure keys never appear in logs or responses
  • You can switch to your own BYOK key at any time, even on a paid plan

The core security principle remains the same across both modes: API keys are used transiently for a single research request and are never logged, stored in a database, or shared with third parties.

Managed Key FAQs

What are managed keys and how are they different from BYOK?
Managed keys are Gemini API keys owned and operated by Business Diver on behalf of paid subscribers (Pro and Business tiers). You do not need to provide or manage any API key. The managed key is stored on our backend server, never exposed to your browser, and is used solely to call the Gemini API during your research requests.
Are managed keys as secure as BYOK?
Yes. Managed keys are stored as encrypted environment variables on our backend server and are never exposed to users or included in any client-side code. They follow the same security practices as BYOK: keys are used only during active research requests, never logged, and scrubbed from all error messages.
Can I still use my own API key on a paid plan?
Yes. Paid subscribers can use either managed keys (no setup needed) or their own BYOK keys. When using BYOK on a paid plan, your key stays in your browser just like on the free tier. You can switch between managed and BYOK at any time.

Ready to start?

Try Business Diver Now