Privacy Policy
This Privacy Policy explains what data Kilasec ("we", "us") collects, how we use it, and the choices you have. It covers the Kilasec cloud console and APIs at kilasec.com (the "Service") and the on-premises Kilasec collector and related software (the "Software").
Kilasec is a network security product for AI/LLM traffic. Its defining design choice matters for your privacy: the collector runs on your own network, and the content of intercepted requests stays there. We built the data boundary to minimize what ever reaches our cloud.
The data boundary, in one line: the collector decrypts AI traffic on your network to make a decision, then sends only the decision metadata — not the prompt, response, or signing key — to the cloud. Sending request content is off by default and opt-in per collector.
1. What we collect
Account data. Your email, name, role; authentication data (password hash, and a TOTP secret if you enable two-factor).
Collector telemetry. For each decision: the verdict (allow/deny/redact/hold/log), matched rule and reason, agent or workload label, destination host/tool/model, source IP, request method and URL path, timestamps, and estimated token/cost. For a redaction we receive the field paths masked, never the values.
Identity mappings. If you wire identity, the IP→user and user→group mappings you feed us, so decisions can be attributed to people.
Collector & workspace metadata. Collector host fingerprint, IP, version, enrollment details; your policy and configuration; and admin audit records.
Never sent to us by default: prompt and response bodies, tool-call arguments, and the collector's TLS-signing private key. Secret/PII redaction is applied on the collector, before anything leaves. An operator can opt a collector in to sending request content (AGENTFW_SHIP_PROMPT_CONTENT=1) only where a compliance need requires it.
2. How we use it
- To provide the Service — evaluate policy, power dashboards, attribute traffic, alert on collector outages, estimate cost.
- To secure and operate the Service, and to support and communicate with you (invites, alerts).
- To improve the product, using aggregated and de-identified data.
3. Sub-processors
A small set of vendors help run the Service, each under confidentiality and data-protection terms: Oracle Cloud Infrastructure (hosting), Resend (transactional email), and GitHub Container Registry (collector image distribution). Material additions get notice.
4. Retention
Decision telemetry is kept for the event-retention window you set in Settings (a number of days, or keep-forever); reducing it purges older records. Identity mappings expire on their TTL. Account and workspace records are kept while your workspace is active and deleted on request or after closure, subject to legal and backup constraints.
5. Security
We encrypt data in transit (TLS). The collector's signing key is stored encrypted and bound to its host, so a copied key file is unusable elsewhere. Production access is restricted and audited. No method is perfectly secure — minimizing what crosses the boundary is our primary control.
6. Cookies
The Service uses a single strictly-necessary session cookie to keep you signed in. We don't use advertising or cross-site tracking cookies.
7. Your choices and rights
You may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. Much of the data we hold is controlled by your workspace admin (you are typically the controller and we the processor for collector telemetry), so route requests to your admin where appropriate, or contact us and we'll help. Email privacy@kilasec.com.
8. International transfers
The Service is operated from the United States. If you access it from elsewhere, you consent to processing in the US. For specific transfer mechanisms (e.g. SCCs), contact us.
9. Children
The Service is for organizations, not children, and is not directed to anyone under 16.
10. Changes
We may update this Policy; material changes get at least thirty (30) days' notice, and we'll update the version and date above. Continued use after the effective date is acceptance.
Questions or requests: privacy@kilasec.com