Bring Your Own Key (BYOK) Policy

Effective Date: March 6, 2026 | Version 3.0 | Last Reviewed: March 6, 2026

Company: MC Conversions Ltd (Company No. 14019497), Pantycrai, Adfa, Newtown, Powys, SY16 3BX. Contact: Luke@mcconversions.uk

1. What Is BYOK?

1.1 Bring Your Own Key (BYOK) allows You to use Your own API keys from third-party AI providers (e.g., Google, OpenAI, Anthropic) with the AI Prompt Architect platform.

1.2 When using BYOK, API requests are sent directly to Your chosen provider using Your credentials. Credits are not consumed for BYOK-powered requests.

2. Your Responsibilities

2.1 API Key Security. You are solely responsible for: (a) generating, storing, and rotating Your API keys securely; (b) not sharing API keys with unauthorised persons; (c) revoking compromised keys immediately; and (d) implementing appropriate access controls.

2.2 Costs. You are solely responsible for all charges incurred on Your third-party API accounts. We have no visibility into, control over, or responsibility for Your provider billing.

2.3 Terms Compliance. You must comply with the terms of service, acceptable use policies, and usage limits of Your chosen AI provider. This includes, without limitation, content policies, rate limits, and data processing restrictions.

2.4 Data Handling. When using BYOK, Your prompts and Content are sent directly to Your provider. We act as a conduit only. You are responsible for: (a) understanding how Your provider processes Data; (b) ensuring a lawful basis exists for any Personal Data sent; and (c) compliance with GDPR, CCPA, and applicable data protection laws for data processed via Your keys.

3. How BYOK Data Flows

Step	What Happens	Who Controls
1	You enter a prompt in AI Prompt Architect	You
2	The platform sends the prompt to Your provider via Your API key	You (via Your key)
3	Your provider processes the prompt and returns Output	Your provider
4	Output is displayed to You in the platform	You

We do not store, log, or retain Your API keys beyond the encrypted session. Keys are transmitted over TLS 1.2+ and are never written to Our persistent storage.

4. Supported Providers

• Google (Gemini API)

• OpenAI (GPT API)

• Anthropic (Claude API)

Additional providers may be added. This page will be updated accordingly.

5. Limitation of Liability

5.1 THE COMPANY SHALL NOT BE LIABLE FOR ANY LOSS, DAMAGE, COST, OR EXPENSE ARISING FROM OR RELATING TO YOUR USE OF BYOK, INCLUDING BUT NOT LIMITED TO: (a) charges incurred on Your API accounts; (b) data processed by Your provider; (c) outages, errors, or rate limiting by Your provider; (d) changes to Your provider's terms, pricing, or API; (e) security incidents affecting Your API keys; or (f) content policy violations on Your provider's platform.

5.2 In no event shall Our total liability for BYOK-related claims exceed ten pounds sterling (£10).

5.3 You agree to indemnify and hold harmless MC Conversions Ltd from all claims arising from Your BYOK usage.

6. Privacy & Data Protection

6.1 When You use BYOK, We are NOT a Data Processor for the Personal Data You send to Your provider. You are the Data Controller and Your provider is the Data Processor under Your own DPA with that provider.

6.2 We recommend: (a) reviewing Your provider's privacy policy and DPA; (b) ensuring SCCs or equivalent safeguards are in place for international transfers; and (c) conducting a DPIA for any high-risk processing.

7. Revocation

7.1 You may revoke Your BYOK configuration at any time via Account Settings. Upon revocation, all stored key references are immediately deleted.

7.2 If We detect misuse of BYOK (e.g., using Our platform to violate a provider's terms), We may disable BYOK for Your Account.

8. Contact

Luke@mcconversions.uk | MC Conversions Ltd | Company No. 14019497