Bring your own AI access (advanced)

Why this exists

AI features cost real money to run. When you use the AI budget included in a paid tier, AnchoredTime pays those costs and builds them into the subscription price. That is honest and straightforward for most people.

But some people already have OpenAI or Anthropic accounts for other work. They are already paying those providers. Charging them again on top of the subscription would mean paying twice for the same thing. Bringing your own access exists so that does not happen.

It also means power users who want more AI capacity than the platform budget allows can extend it with their own key at the provider’s standard rate, without needing to upgrade to a higher AnchoredTime tier.

Which keys are supported

• OpenAI. Used for Faithful Actions, Smart Recall, journaling prompts, and weekly summaries. Requires a standard OpenAI API key (sk-...).
• Anthropic. An alternative to OpenAI for the same AI features. If both are present, you can choose which provider to use from Settings. Requires an Anthropic API key (sk-ant-...).

Where to get your keys

OpenAI

1. Go to platform.openai.com and sign in or create an account.
2. Click your profile in the top right, then API keys.
3. Click Create new secret key. Name it something like “AnchoredTime.”
4. Copy the key immediately. OpenAI will not show it again.

You will need to add a payment method and some credit to your OpenAI account before the key will work. A few dollars is enough to get started. Usage is pay-as-you-go and very low for personal devotional use.

Anthropic

1. Go to console.anthropic.com and sign in or create an account.
2. Navigate to API Keys in the left sidebar.
3. Click Create Key. Name it “AnchoredTime.”
4. Copy the key. Anthropic will not show it again after you close the dialog.

You will need to add billing credit before the key will work. Usage for personal devotional features is minimal.

How to enter your keys

1. Open AnchoredTime and go to Settings.
2. Open the AI Keys (advanced) section.
3. Paste your key into the appropriate field.
4. Tap Save. The app will immediately verify the key with the provider.
5. If the key is valid, you will see a fingerprint in place of the full key (for example: sk-ant-...F0Ji). The raw key is never displayed again after saving.

You can add keys for one provider or both. AnchoredTime will use whichever keys are present, falling back to the included AI budget for any provider not configured. Semantic-embedding features (Smart Recall) always run on the included budget. There is no bring-your-own option for embeddings.

Security model

Your keys are sensitive credentials. Here is exactly how AnchoredTime handles them:

• Encrypted at rest. Keys are encrypted with AES-256-GCM before being stored in the database. The encryption master key is held outside the database in a separate secret store. A database breach alone does not expose your keys.
• Never displayed after save. Once you save a key, the raw value is gone from the UI. Only a short fingerprint (first and last four characters) is shown so you can identify which key is active.
• Never logged. Keys are not written to application logs, error reports, or any monitoring system.
• Soft-revoked on failure. If your key is rejected by the provider (expired, revoked at the provider, or invalid), AnchoredTime soft-revokes it immediately and shows you a clear error. We do not silently fall back to billing the platform budget.
• Hard-deleted on account deletion. If you delete your AnchoredTime account, your saved keys are hard-deleted from the database immediately.

How to revoke a key

To remove a key from AnchoredTime, go to Settings, open AI Keys (advanced), and select Remove next to the key you want to revoke. The key is hard-deleted from the database immediately.

To fully revoke the key (so it cannot be used anywhere, even if someone had copied it), you also need to delete it in the provider dashboard: OpenAI API keys at platform.openai.com, Anthropic at console.anthropic.com.

Removing the key from AnchoredTime without revoking it at the provider means the key no longer works in our app, but is still technically valid elsewhere. If you have any concern about a key being exposed, revoke it at the provider and create a new one.