BYOK PDF Summarizer: Use Your Claude or OpenAI API Key
A byok pdf summarizer that extracts text in your browser, sends only the text to your own Claude or OpenAI key, and never routes the source PDF through pdfmavericks. Bring your own key, keep your own data.
What a byok pdf summarizer actually is
BYOK stands for "bring your own key". In a byok pdf summarizer, the user supplies their own API key for an LLM provider — Anthropic for Claude or OpenAI for GPT — and the tool uses that key to send extracted text directly from the browser to the provider's API. The tool vendor (pdfmavericks in this case) is not in the data path. The source PDF stays on disk, the extracted text is sent only to the provider the user chose, and the bill for the LLM call goes to the user's account at that provider.
This is a different model from the dominant ChatPDF-style approach, where the user uploads the PDF to the tool vendor, the tool vendor runs extraction and embedding on their own servers, the tool vendor pays for the LLM calls (and bundles the cost into a subscription), and the tool vendor stores the document for the conversation lifetime. The ChatPDF approach is operationally simpler for the user — no key management — but it adds the tool vendor to the trust chain and creates a copy of the document outside the user's control.
BYOK pushes both the operational responsibility (key management, billing) and the data exposure benefit (one fewer party sees the document) to the user. For users who already have Claude or OpenAI accounts — which is increasingly common in engineering, legal, and consulting work — BYOK is essentially free of additional cost and meaningfully better on privacy. For users who don't have those accounts, the ten-minute setup is the entry fee.
Trust chain: BYOK vs chatpdf-style upload
The trust chain is the sequence of parties who see your document between you and the answer. In a vendor-cloud summarizer like chatpdf.com or askyourpdf.com, the chain is: user's device → tool vendor server → tool vendor storage → LLM provider. Each hop is a copy of the document. The tool vendor keeps the upload for at least the chat session, often longer per their stated retention policies. The LLM provider sees the document content when the vendor calls the API.
In a BYOK summarizer, the chain is: user's device → LLM provider. One intermediate party drops out — the tool vendor — and with it goes the vendor's storage, the vendor's retention policy, the vendor's breach exposure (jsonformatter.org leaked 5GB of secrets in November 2025, illustrating that tool-vendor servers do get breached), and the vendor's prompt-logging for quality improvement. The LLM provider remains in the chain because the LLM is doing the actual work. But the LLM provider's data policies are public, audited, and addressable through enterprise agreements that the user already has (or can negotiate directly) — see anthropic.com/legal/privacy and openai.com/policies/privacy-policy for the current terms.
For a casual user summarizing a news article, the difference is academic. For a lawyer summarizing a privileged contract, a doctor summarizing a patient record, or a journalist summarizing a leaked document, the difference is the entire point.
How the BYOK flow works under the hood
The pdfmavericks.com byok pdf summarizer at /ai-summarize-pdf runs a four-stage pipeline entirely in the browser tab.
Stage 1: PDF text extraction. The user picks a PDF via the File API. The file bytes are read into a Uint8Array in browser memory. A WebAssembly build of Mozilla pdf.js parses the PDF, walks the content stream of each page, and produces a structured text representation: per-page text blocks with reading order preserved. The extracted text stays in browser memory.
Stage 2: Prompt assembly. The user picks a summary mode (executive, key-points, structured extraction, or custom). The mode maps to a prompt template. The template is filled with the extracted text. Long documents are chunked if they exceed the model's context window — Claude 3.7 Sonnet handles 200K tokens per call per docs.anthropic.com/en/docs/about-claude/models, and GPT-4o handles 128K tokens per platform.openai.com/docs/models. For documents over the context limit, the summarizer chunks and runs a hierarchical summary (map-reduce pattern).
Stage 3: API call. The browser issues a fetch() to api.anthropic.com/v1/messages (Claude) or api.openai.com/v1/chat/completions (OpenAI), with the user's API key in the Authorization header. The request body contains the prompt and the extracted text. The response comes back as a streamed JSON containing the model's output tokens. No pdfmavericks server is on the wire.
Stage 4: Display and persist. The streamed response is rendered to the page as it arrives. The user can copy the summary, download it as Markdown, or re-run with a different mode without re-extracting (the extracted text is cached in the tab for the session). When the tab closes, the extracted text and the summary are gone.
Step-by-step walkthrough
- Get an API key. For Claude, sign up at console.anthropic.com, add a payment method, create a key under API Keys, and copy it (starts with
sk-ant-). For OpenAI, sign up at platform.openai.com, add a payment method, create a key at platform.openai.com/api-keys, and copy it (starts withsk-). Either one works. - Open the summarizer. Navigate to pdfmavericks.com/ai-summarize-pdf. The page asks you to paste your API key on first visit. The key is stored in browser localStorage and never sent to pdfmavericks.
- Pick the model. Choose from the supported list — Claude 3.7 Sonnet, Claude Haiku, GPT-4o, or GPT-4o mini. The tool surfaces the per-call estimated cost so you see what each summary will charge.
- Drop the PDF. Drag a PDF onto the page. The extractor runs in the browser, surfaces the detected page count and word count, and shows the estimated input tokens.
- Pick a summary mode. Executive, key-points, structured extraction, Q&A, or custom prompt. The mode controls the prompt template that ships with the extracted text.
- Run the summary. Click Summarize. The browser sends the prompt and extracted text to the LLM provider you chose. The response streams back into the page in 5-15 seconds depending on document length and model.
- Copy, save, or re-run. Copy the summary to clipboard, save as Markdown via the Save button, or pick a different mode and re-run without re-extracting. The extracted text is cached for the tab session.
- Close the tab when done. The extracted text, the API key (if you chose "forget on close"), and the summary all clear from memory. The PDF on disk is untouched.
What it costs in API credits
BYOK costs are pay-per-call against the user's LLM provider balance. The per-summary cost is small but adds up for heavy use. Here is the math for a typical 50-page PDF.
A 50-page PDF averages roughly 500 words per page after extraction — about 25,000 words total, or about 33,000 input tokens (using the ~1.3 tokens-per-word rule for English text). A structured executive summary produces about 300 words of output, or about 400 output tokens.
Apply current pricing per provider. Anthropic's pricing page at docs.anthropic.com/en/docs/about-claude/pricing and OpenAI's at openai.com/api/pricing give live numbers per million tokens. As of the 2026-05 pricing for the typical tiers (Claude Sonnet, Claude Haiku, GPT-4o, GPT-4o mini), the per-summary cost lands between $0.02 and $0.15 depending on which model. The lighter-weight models (Haiku, GPT-4o mini) sit at the low end and produce summaries that are visibly close in quality to the top tier for typical business documents.
For a power user summarizing 20 PDFs per week with the mid-tier models, the monthly bill is roughly $5-$15 — meaningfully less than a chatpdf-style subscription ($14-$20 monthly typical) and with no tool-vendor data exposure.
Summary modes and prompts
Four built-in modes cover the most common use cases. Each mode is a different prompt template applied to the same extracted text.
Executive summary. "Read this document and produce a 200-word top-level overview that a busy executive can read in under one minute. Identify the main thesis, the key supporting points, and any critical numbers or conclusions." Output: a single paragraph or short bullet list.
Key points. "Extract 10-15 key takeaways from this document as bulleted points. Each bullet should be a complete, standalone statement that captures one specific insight, datum, or recommendation." Output: bullet list.
Structured extraction. "Identify and extract: named parties, dates and deadlines, monetary amounts, defined terms, and action items. Return as a Markdown table grouped by category." Output: tables. Useful for legal contracts and financial reports.
Q&A. User pastes a specific question. The prompt becomes "Based only on the content of this document, answer this question with citations to specific page numbers. If the document does not answer the question, say so explicitly rather than guessing." Output: grounded answer with page citations.
Custom. Power users paste their own prompt template; the tool ships it along with the extracted text. Useful for one-off workflows that don't map to the built-in modes.
Confidential documents and compliance
BYOK is the right model for confidential documents, with two caveats. First, the LLM provider still sees the extracted text. For documents subject to specific regulatory regimes — HIPAA-protected health data, attorney-client privileged communications, financial data under SOX — verify that the LLM provider has appropriate contractual commitments for your use case. Anthropic offers a HIPAA BAA on the Claude for Work tier; OpenAI offers similar commitments on the Enterprise tier per openai.com/enterprise-privacy. Use a key from the appropriate tier for regulated workflows.
Second, the underlying document obligations follow the data wherever it goes. Sending an attorney-client privileged document through any third party — including an LLM — may waive privilege depending on jurisdiction. Consult counsel before running BYOK summaries on privileged material. The BYOK model removes the tool vendor exposure but does not change the privilege analysis.
For documents the user wants summarized without any LLM involvement — including structured extraction of named entities, dates, and numbers — non-LLM tools cover the deterministic path. See the PDF-to-Markdown guide and the extract-text guide for non-LLM extraction workflows.
Enterprise key management
For organizations standardizing on BYOK across employees, two patterns work well. Pattern A: centrally-managed key. IT provisions a single enterprise key under their LLM provider account, distributes it via a browser extension or proxy that injects the key for the pdfmavericks domain, and rotates the key monthly. The summarizer accepts whatever key the browser hands it. Pattern B: per-user keys. Each employee creates a personal key tied to the enterprise account, charged to the enterprise billing. Both work; pattern A is operationally simpler.
Audit is easier than in tool-vendor models. Because the only outbound destination is the LLM provider's API, the corporate egress proxy can log every call — prompt, response, page count, model — without depending on the tool vendor's logging. This is the data the audit team actually wants and they own it.
For broader context on browser-local tools and the verification process, see the no-upload PDF tool overview and the zero-knowledge PDF tools guide.
Your PDF never leaves your browser
Text extraction runs locally via pdf.js. Only the extracted text plus your prompt is sent to your chosen LLM API using your own key — pdfmavericks is not on the data path.
Frequently asked questions
What is a byok pdf summarizer and how is it different from chatpdf?
A byok pdf summarizer — bring your own key — is a tool where the user supplies their own API key for Claude or OpenAI and the tool sends the PDF text directly from the user's browser to that API endpoint. The PDF itself never traverses the tool vendor's servers. Tools like chatpdf.com and askyourpdf.com use a different model: the user uploads the PDF to the vendor, the vendor runs extraction and embedding on their own servers, the vendor calls an LLM with the chunks, and the vendor returns the response. The differences are visible to the user as data exposure: in the BYOK model, the only party that sees the PDF text is the user's chosen LLM provider (Anthropic or OpenAI under their published policies). In the upload model, the vendor sees the document, stores it for the conversation lifetime or longer, and adds a third party to the trust chain.
Where does my PDF actually go in the BYOK flow?
Three places, and none of them is pdfmavericks. First, the PDF file stays on the user's local disk — the browser reads it via the File API. Second, the text extraction runs in WebAssembly inside the browser tab using pdf.js (documented at mozilla.github.io/pdf.js), so the extracted text never leaves the page either. Third, when the user clicks Summarize, the browser sends only the extracted text plus the prompt to the LLM API endpoint the user configured — api.anthropic.com or api.openai.com. The pdfmavericks server is never on that path. You can verify this in DevTools Network tab: the only outbound requests during a summary call are to api.anthropic.com (Anthropic) or api.openai.com (OpenAI), depending on which key the user pasted.
How much will summarizing a 50-page PDF cost in API credits?
Depends on which model and which provider. As of the 2026-05 pricing documented at docs.anthropic.com/en/docs/about-claude/pricing for Anthropic and platform.openai.com/docs/pricing for OpenAI, the cost for a 50-page PDF (roughly 25,000 input tokens after text extraction, 1,500 output tokens for a structured summary) lands in the $0.04-$0.15 range depending on model tier. Claude Sonnet and GPT-4o mini are at the low end; Claude Opus and GPT-4o are at the high end. The pricing is published per provider and changes periodically — check the live pricing page before running large batches. The summarizer surfaces an estimated cost before the call so the user sees what each summary will charge against their key.
Is BYOK private if the LLM provider can still see the text?
Privacy in this context is a trust-chain question, not an absolute property. In a vendor-cloud summarizer (chatpdf, askyourpdf), the trust chain is: user → tool vendor → tool vendor's storage → LLM provider. In BYOK, the trust chain is: user → LLM provider. Removing the middle hop matters for three reasons. First, fewer copies of the document exist (no vendor storage). Second, the LLM provider's policies are public, audited, and contractually addressable (Anthropic and OpenAI publish data-handling docs and offer zero-retention options for enterprise customers). Third, the user's existing relationship with the LLM provider — including any enterprise data agreements they may have under Claude for Work or OpenAI's Enterprise tier — carries through. For the LLM provider's specific data policies, see Anthropic's privacy center at anthropic.com/legal/privacy and OpenAI's at openai.com/policies/privacy-policy.
Where do I get a Claude or OpenAI API key for the summarizer?
Claude API keys come from console.anthropic.com under API Keys after creating an Anthropic account and adding a payment method. OpenAI API keys come from platform.openai.com/api-keys after creating an OpenAI account separate from a ChatGPT subscription (the ChatGPT plus token does not work for API access). Both providers issue keys that start with provider-specific prefixes (sk-ant- for Anthropic, sk- for OpenAI) and bill against a balance the user funds. For a personal user summarizing a few PDFs per week, the monthly cost typically falls under $5. The summarizer stores the key in the browser's localStorage only — it is never sent to pdfmavericks. Clear localStorage to remove the key from the device.
Why does the summarizer extract text in the browser instead of sending the PDF binary?
Three reasons. First, neither Anthropic's nor OpenAI's standard text-completion endpoints accept PDF bytes directly — they accept text or, in vision-enabled modes, images. Extracting in the browser converts the PDF into the format the LLM API actually expects. Second, browser-side extraction means the source PDF (which may contain content the user does not want the LLM provider to see — embedded comments, hidden layers, redacted-but-not-flattened content) is reduced to visible text only. Third, browser-side extraction is faster than uploading a multi-megabyte PDF to a vendor and waiting for server-side extraction. Total round trip is dominated by the LLM inference time (5-15 seconds), not the extraction (typically under 2 seconds for a 50-page PDF).
What kinds of summaries can the byok pdf summarizer produce?
Four common modes are built into the tool. Executive summary — 200-word top-level overview, useful for triaging long reports. Key points — 10-15 bullet-pointed takeaways, useful for meeting prep. Structured extraction — pull out named entities, dates, numbers, and action items into a table, useful for legal and finance documents. Q&A — paste a specific question and get a grounded answer with page-number citations. Each mode is a different prompt template applied to the same extracted text; the user can switch modes without re-extracting. Custom prompts are also supported for advanced users — paste a prompt template and the tool combines it with the extracted text before sending to the API.
Can I use this for confidential documents (legal, medical, financial)?
Yes, with two honest caveats. First, the LLM provider you choose still sees the extracted text and is bound by their data-handling policy. For enterprise users with strict data-residency or zero-retention requirements, use the provider's enterprise tier (Claude for Work or OpenAI Enterprise) and supply a key from that tier — those tiers include zero-retention modes and contractual data-handling commitments. Second, the BYOK model does not change whatever obligations apply to the document itself — HIPAA, attorney-client privilege, GDPR processor agreements — those follow the data wherever it goes. The BYOK summarizer removes the tool vendor from the chain but does not absolve the user of the underlying compliance question. For documents subject to HIPAA, check that the LLM provider has a BAA on the key's account.
What if I do not want to use an LLM at all and just want a deterministic summary?
Several pdfmavericks tools cover the non-LLM extraction path. The extract-text-from-pdf tool produces the full plain text without any summarization — useful when the user wants to read or grep the content themselves. The pdf-to-markdown tool converts PDFs to structured Markdown preserving headings and lists, which is the right intermediate format for feeding into other tools (Notion, Obsidian, or a downstream RAG system the user runs locally). Both run in the browser without any LLM or upload. For LLM-driven summarization where the user wants the LLM but not the tool-vendor exposure, the BYOK summarizer is the right fit. For non-LLM workflows, the plain extraction tools are the right fit.
Are there enterprise considerations for adopting a byok pdf summarizer?
Yes. The two most common questions enterprise teams ask are key management and audit. For key management: rather than each employee creating personal API keys, IT teams typically provision a single enterprise key under their LLM provider account, configure a proxy or browser-extension that injects the key per-domain, and rotate the key on a schedule. The BYOK summarizer accepts any key the browser provides, so the IT-managed key flow works without changes. For audit: because the only outbound destination is api.anthropic.com or api.openai.com, the existing egress proxy can log every call with prompt and response, satisfying audit requirements that the tool itself does not (and should not) need to handle. This is qualitatively different from chatpdf-style tools where the audit boundary is the tool vendor's logs, which the enterprise does not own.