Security

Security & BYOK

Your credentials stay with you. Here's how we keep your data and API keys secure.

Bring Your Own Keys (BYOK)

AOS operates on a strict BYOK model. We never ask for, store, or have access to your API keys.

What We DO

  • • Provide workflow files and prompts
  • • Offer documentation for setup
  • • Connect you with seller support
  • • Process marketplace payments

What We DON'T

  • • Store your API keys
  • • Access your automation accounts
  • • Share credentials with sellers
  • • Run agents on our infrastructure

How BYOK Works

1

Purchase Agent

Buy the agent from AOS Marketplace. You receive workflow files and documentation.

2

Set Up Your Platform

Import the workflow into your automation platform (Make.com, n8n, etc.).

3

Add Your Keys

Enter your own API keys directly into your platform's credential manager.

4

Full Control

You manage usage, costs, and can revoke access anytime.

Security Measures

Bring Your Own Keys (BYOK)

Your API keys stay with you. We never store OpenAI, Anthropic, Twilio, or any other credentials.

API keys entered directly into your automation platform
Sellers never have access to your credentials
You control API usage and spending limits
Revoke access anytime by changing your keys

Secure Payments

All payments processed through Stripe with industry-standard encryption.

PCI-DSS compliant payment processing
Card details never touch our servers
Stripe Connect for secure seller payouts
Encrypted transaction records

Data Protection

Your data is encrypted in transit and at rest. We collect only what's necessary.

HTTPS/TLS encryption for all connections
Secure password hashing (bcrypt)
JWT-based authentication
Regular security audits

Agent File Safety

All agent files are scanned and reviewed before listing.

Manual review of all agent submissions
No executable code or scripts
Workflow files are JSON/configuration only
Prompt injection safeguards checked

Your Responsibilities

With BYOK comes responsibility. You're in control of:

  • API Key Security: Keep your keys safe and rotate them if compromised.
  • Usage Monitoring: Set up spending limits and monitor API usage.
  • Platform Security: Secure your automation platform accounts.
  • Compliance: Ensure your use complies with relevant regulations.

Have security questions?

Contact Security TeamPrivacy Policy