A breach of Kavara reveals nothing about your data.
That's not a promise about how carefully we guard your secrets. It's a property of the system: we never hold them. Detection runs on-device, and our database has no place to put a raw value.
- Data category
- Event count
- Tool & action
- Hashed key prefix
- Prompt text
- AI responses
- Secrets / keys
- Raw PII
Six properties a security reviewer can verify.
No raw data, ever
Kavara's database has no column for raw values — no prompts, no responses, no secrets. We store a category and a count. A breach of Kavara tells an attacker nothing about your data.
Detection stays on the device
Sensitive content is identified in the browser. The decision about what's sensitive never depends on shipping your text to us.
Keys are hashed, never kept
API keys and enrollment codes are stored only as a peppered hash plus a short display prefix. A leaked row can't be replayed.
Strict tenant isolation
Every record is scoped to a tenant and enforced on every query. One customer's data is structurally unreachable from another's.
Append-only audit trail
Dashboard mutations are written to an append-only log with no update or delete path — the integrity a compliance review expects.
Built for the questionnaire
Data minimization, encryption in transit, least-privilege access, and a DPA on request. Designed from day one to pass security review.
What security teams ask first.
Does Kavara read or store our prompts?
No. Detection happens in the browser, and our database has no field for raw prompts, responses, or secrets. We persist a category and a count — never the content itself.
Will it slow my team down?
Tokenization happens locally and the AI tool still gets a usable prompt, so the workflow is unchanged. Most teams start in Monitor mode, which is completely invisible to employees.
Which AI tools and browsers are supported?
Kavara covers ChatGPT, Claude, Gemini, Copilot, Perplexity, Mistral, Grok and more — 11+ assistants out of the box — and runs on Chrome, Edge, and Brave. New tools are added regularly.
Do we need MDM to try it?
No. You can pilot with self-serve enrollment codes in minutes. When you're ready to scale, Kavara supports managed deployment via MDM and Chrome Enterprise.
Is this employee surveillance?
No — and it's designed not to be. Usage insights are aggregate-first, rolled up by tool and department, and never tie prompt content to an individual.
Need a DPA, a security review, or to run our model past your team?
We built Kavara to pass the questionnaire. Reach out and we'll walk your security team through the architecture.