Docs/ Privacy & security

Bring your own key (BYOK)

Run AI on your own Anthropic, OpenAI, or Google credits — with no caps.

On any paid Aiemaily plan you can connect your own Anthropic, OpenAI, or Google AI key. AI operations then run on your credits with no Aiemaily usage caps. Your key is envelope-encrypted, decrypted only in an isolated worker, and never logged.

Why BYOK?

Aiemaily’s default AI tier runs on metered credits included with your plan. Heavy users — large mailboxes, high Autopilot throughput, intensive drafting — may prefer to pay their model provider directly and skip usage limits entirely.

BYOK also gives you a direct relationship with the model provider: your API key is subject to your organisation’s data-processing agreement with that provider, not Aiemaily’s. If your company already has a zero-retention or enterprise DPA with Anthropic or OpenAI, BYOK lets you inherit those terms automatically.

Your key is never logged or exposed

BYOK keys are envelope-encrypted the moment you paste them in. Application code, error reporters, and analytics pipelines never see the plaintext. Decryption happens only inside an isolated Appwrite Function with no external egress other than the model provider’s API endpoint.

How to enable BYOK

  1. 1

    Open Settings → AI → Model keys

    Navigate to your account settings. The “Model keys” section lists supported providers: Anthropic, OpenAI, and Google AI (Gemini).

  2. 2

    Paste your API key

    Enter the key from your provider dashboard. The field is a password input — the value is masked immediately and submitted over TLS. You’ll see only the last four characters after saving.

  3. 3

    Choose your active key source

    Toggle between “Aiemaily shared” and “My key” per provider. You can keep a BYOK key saved but temporarily switch back to the shared pool without deleting it.

  4. 4

    Test the connection

    Hit “Test key” to verify the key is valid and has sufficient quota. Aiemaily sends a minimal probe request (a single token) and reports success or the provider error message.

  5. 5

    Rotate or revoke

    Paste a new key at any time to rotate — the old ciphertext is overwritten immediately. To remove a key entirely, click “Remove”; the ciphertext is deleted from the database within seconds.

Supported providers and models

ProviderModels available via BYOKKey format
AnthropicClaude 3.5 Sonnet, Claude 3 Haiku, Claude 3 Opussk-ant-…
OpenAIGPT-4o, GPT-4o mini, GPT-4 Turbosk-…
Google AIGemini 1.5 Pro, Gemini 1.5 FlashAIza…

Isolation and audit

When a BYOK key is active, the isolated worker fetches the envelope-encrypted blob, decrypts it inside a sandboxed function runtime, makes the outbound API call, and returns only the plaintext response to the caller. The decrypted key bytes exist in memory only for the duration of the single HTTP request and are never written to disk, cache, or log.

Every BYOK-powered AI action is tagged in the audit log with the provider name and the last four characters of the key that was used, so you can correlate Aiemaily’s activity with your provider’s usage dashboard.

Switch per account

If you manage multiple mailboxes under one Aiemaily account, you can assign a different BYOK key (or the shared pool) per connected mailbox. Useful if you have a personal account on the free tier and a work account with a corporate Anthropic key.

Frequently asked

Feature overview

AI Drafting

Ready to try it?

Start free