Goal
Document Free-Way's local security and privacy model clearly for BYOK users.
Background
Free-Way is local-first and does not provide free API access, host a shared proxy, or pool user keys. Users still need to understand where keys are stored, what data goes to third-party providers, and what responsibilities remain with the user.
Suggested topics
- Free-Way runs locally and users bring their own provider keys.
- Free-Way does not sell, provide, pool, or share API access.
- Provider keys may be stored locally when configured through the console; document the local file path and deletion/rotation guidance.
- Prompts and outputs are sent to the selected third-party provider according to that provider's API and terms.
- Users remain responsible for provider ToS, quotas, regions, and data policies.
- Free-tier availability is not guaranteed.
- Link to LICENSE and clarify that provider APIs, models, names, and trademarks are not licensed by this project.
Suggested changes
- Add SECURITY.md and/or docs/privacy.md.
- Link the notes from README.md and README.zh-CN.md.
- Keep wording factual and non-alarmist.
Acceptance criteria
- Users can find the local security/privacy notes from the README.
- The docs explain key storage and third-party provider data flow.
- The docs reinforce that Free-Way does not bypass rate limits or provider terms.
Goal
Document Free-Way's local security and privacy model clearly for BYOK users.
Background
Free-Way is local-first and does not provide free API access, host a shared proxy, or pool user keys. Users still need to understand where keys are stored, what data goes to third-party providers, and what responsibilities remain with the user.
Suggested topics
Suggested changes
Acceptance criteria