BYOK — Bring Your Own Keys

Furx is a pass-throughorchestrator. Your provider keys go from your machine directly to the provider over HTTPS. We don't run a proxy, don't see your prompts, don't see your responses, and don't bill your provider quotas.

Where keys live

• macOS: Keychain via the native security framework. Service name furx-provider-<alias>.
• Linux: Secret Service (GNOME Keyring on GNOME, KWallet on KDE, libsecret as fallback).
• Windows: Credential Manager via CredWrite / CredRead.

All three are user-scoped, OS-encrypted at rest, and require user login session to read. Furx does not have a fallback to plaintext file storage — if Keychain is unavailable, the wizard fails closed.

What we never store

• Provider keys (in any form, even hashed).
• Prompts you send.
• Responses you receive.
• The contents of your audit log (it stays on your machine).
• Your code, git history, or filesystem snapshots.

See Privacy Policyfor the full list of what we do/don't collect.

What does cross the network

Once you opt-in (Pro only):

• .mcp.json contents (your MCP server config — but not the secrets they reference, which live in Keychain).
• Audit log metadata (timestamps, event types, model names) — never the prompt/response bodies, unless you explicitly enable "deep sync".
• Crash telemetry (PII-scrubbed, opt-in, default OFF). Details.

Provider-side: where your data goes

When you dispatch a prompt, Furx opens an HTTPS connection from your machine straight to the provider you picked. Examples:

• OpenRouter: api.openrouter.ai (US/EU edges).
• Anthropic: api.anthropic.com.
• OpenAI: api.openai.com.
• Cerebras: api.cerebras.ai.
• Ollama: 127.0.0.1:11434 (local, no egress).

You are responsible for the provider's TOS, data-retention policy, and rate limits. Use a local model (Ollama) if your data can't leave your machine.

Council Mode and BYOK

Council Mode dispatches in parallel to multipleproviders. Each request uses its own key. We never multiplex multiple users' keys, never share connections, never warm-pool credentials.

You can build a Council preset that's 100% local (Ollama models only) — that's the privacy moat for legal / regtech / finance teams.

Rotation & revocation

Update a key via Furx Connect(Settings → Connect → pick provider → Update key). The old key is overwritten in Keychain; nothing is cached in memory longer than the request that's in flight.

To fully revoke: delete via wizard, then revoke at the provider side (you control that). Audit log entries reference key aliases, never the secret itself.

Multi-tenant / Team mode

On Team subscription, each seat's Keychain is independent. Centralized policy (allow-listing, spend caps) is enforced via the proxy URL — not by Furx seeing the keys. Use LiteLLM or your own gateway as the proxy target.

Next

• Keychain reference — commands to inspect/export.
• Audit log — schema + retention.
• Security policy — how to report a vulnerability.