Why HabitSage stores your AI key locally on your device

HabitSage lets a person use their own OpenAI or OpenRouter account. That only works cleanly if the app keeps the key tied to the individual user instead of hiding everything behind one shared service account.

So the basic model is simple: you bring your own provider key, and JBhabit keeps that key locally on your own device. The goal is not to make the product feel technical. The goal is to keep billing, access, and provider choice closer to the user.

What local-only storage means

It means your key is saved on the device where you entered it. It is there so the app can make model requests on your behalf without asking you to paste the key in over and over.

For a user, the practical meaning is straightforward: your key is your responsibility in the same way a saved password is your responsibility. If somebody gets access to the device and the key is visible, they could use it.

How to protect it

Start with the obvious basics. Keep a real passcode on your phone or computer. Use Face ID, Touch ID, or the equivalent device lock if you have it. Do not leave settings screens open when you are screensharing or handing your device to someone else.

The safer setup is to create one dedicated key just for HabitSage. That makes it easier to watch usage and easier to replace the key without touching anything else in your setup.

How to limit spend

OpenRouter is the stricter option if you want a cap. It lets you set a credit limit on the key itself. OpenAI is more of a budget-alert model. You can set project budgets and watch usage, but that should be treated more like a warning line than a hard emergency brake.

When to rotate the key

Rotate the key immediately if you think it showed up in a screenshot, a recording, a support message, or anywhere else it should not have appeared. The cost of replacing a key is low. The cost of leaving an exposed key active can be much higher.