Back to home
Security
How we protect your code and account.
Self-host for full controlComing soon
Run bychat on your own infrastructure so your code and data never leave your environment. Self-hosting is the most private way to use bychat — you own the keys, the storage, and the compute.
Authentication
Email + OTP sign-in backed by Supabase Auth.
Data handling
Your prompts and code live in isolated project storage.
Responsible disclosure
Found something? Tell us and we'll fix it.
Handling secrets & sensitive data
Where to put secrets
Only add secrets in the places that explicitly say so. Don’t paste API keys, passwords, or tokens into prompts, chat, or code where they aren’t clearly handled as secrets.
Using bychat Cloud
On the hosted cloud, don’t send sensitive or confidential information. For anything sensitive, self-host so the data stays within your own environment.
We don’t sell your data or share it with anyone beyond what’s needed to run the service. When you self-host, your data never leaves your infrastructure.