Privacy Policy

Kavara is built so that a breach of our systems reveals nothing about your sensitive data — because we never hold it. Detection and tokenization run on-device, inside the browser extension. The content of your prompts and the AI's responses never leave the machine they were typed on, and there is no place in our database to store a raw value.

This policy explains the limited operational data we do process to run the service, why we process it, and the choices you have. It applies to the Kavara browser extension, the admin dashboard at app.kavara.io, and this website.

We collect the minimum needed to operate the service. Concretely, that is:

• Account information — the work email used to sign in, and the workspace (tenant) it belongs to. Sign-in is passwordless (magic link), so we never store a password.
• Event metadata — for each detection, a data category (for example "credentials" or "PII"), a count, the AI tool and action involved, the extension version, an anonymous install identifier, and a hashed key prefix. This is metadata about an event, not its content.
• Audit and operational logs — records of administrative actions in the dashboard (who changed a policy, issued a key, etc.) and standard server logs needed to run and secure the service.
• Billing information — if you subscribe, your plan, seat count, and subscription status. Card details are handled entirely by our payment processor (Stripe) and never touch Kavara's servers.

By design, the following never reach our servers. The extension tokenizes or discards them on-device before any event is sent:

• The text of your prompts.
• AI tool responses.
• Secrets, API keys, or credentials.
• Raw personal or customer data (PII).

If a future feature ever required collecting any of the above, it would be a fundamental change to this policy and to the product — and we would tell you before doing it.

• To provide the service — authenticate you, enforce your organization's policies, and show Shadow-AI usage insights in the dashboard.
• To secure the service — detect abuse, debug, and maintain an audit trail.
• To bill correctly — measure seats in use and manage your subscription.
• To communicate — send service and account messages. We do not sell your data, and we do not use it to train AI models.

We do not sell personal information. We share operational data only with the infrastructure subprocessors that run the service on our behalf, each under contract:

• Hosting and database — our cloud infrastructure provider, where the backend and database run.
• Authentication — our passwordless sign-in provider, which issues magic links.
• Payments — our payment processor, which handles subscriptions and card data directly.
• Website hosting — the platform that serves app.kavara.io and this site.

We will also disclose information if required by law, or to protect the rights and safety of Kavara, our customers, and the public. A current list of subprocessors is available on request.

Event metadata is retained for a configurable window — 90 days by default — after which it is automatically purged. Administrators can shorten this for their workspace in dashboard settings. Account and billing records are kept for as long as your workspace is active and as required for legal and tax obligations, then deleted.

Depending on where you live (including under the GDPR and CCPA/CPRA), you may have the right to access, correct, export, or delete personal information we hold about you, and to object to or restrict certain processing. Because Kavara is typically deployed by an employer, your organization is the controller of workspace data; we act as its processor and will route requests through the appropriate administrator. To exercise a right, contact us at the address below and we will respond within the time the law requires.

Our primary infrastructure is hosted in the Sydney, Australia region. If you access Kavara from elsewhere, your operational data may be processed across borders. Where required, we rely on appropriate safeguards for any such transfer.

The strongest protection is architectural: we don't hold your secrets, so they cannot be exfiltrated from us. Around the metadata we do hold, we apply encryption in transit, hashed credentials, strict tenant isolation so one workspace can never read another's data, an append-only audit trail, and least-privilege access controls.

Kavara is a workplace product intended for businesses and is not directed to anyone under 16. We do not knowingly collect personal information from children.

We may update this policy as the product evolves. We will post the new version here with a revised date, and for material changes we will give notice through the service before they take effect.

Questions about this policy or your data? Email us at hello@kavara.io and we will get back to you.