Keys never leave the server
Your app talks to the proxy with a public app key and a verified user token. Real provider keys are decrypted only inside the request that forwards traffic, used once, and never returned to the client. That single property removes the most common way mobile AI features leak credentials.