Hi all — I run a small paid service, Lumen (ttps://lumen.lavaee), that bridges
a user’s own Gemini account to Claude (via an MCP connector) for image generation,
and I want to confirm it’s within the Gemini API Additional Terms before going further.
How it works:
- Each user supplies THEIR OWN Gemini API key. We encrypt it at rest and use it only
to call gemini-2.5-flash-image (generateContent) on that user’s behalf when they
request an image. - All usage is billed by Google directly to the user’s own account/project. We charge
only a separate subscription for the bridge/UI — we do not resell inference. - Strictly one user, one of their own keys. Keys are never pooled or shared.
- (We’ll also guide users to use keys restricted to the Gemini API, per the recent notice.)
Two questions:
- Does the Gemini API Additional ToS permit a third-party service to store a user’s
own API key (encrypted) and call the API on their behalf under this BYOK model? - Re: the requirement that paid services be used when making API clients available to
users in the EEA, Switzerland, and the UK — we plan to restrict those regions to
paid-tier keys (or block them). Does that satisfy the term, or is there a preferred
approach?
Context: we’d like to list in Anthropic’s Claude Connectors Directory, whose review
asks for the API provider’s consent to integrate, so a documented answer here helps.
Thanks!