Privacy Policy

Last updated: February 2026

1. Introduction

Kurral ("we", "us", "our") respects your privacy. This policy explains how we collect, use, and protect your information when you use our AI proxy and security testing platform ("the Service").

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication data through our provider Clerk. We do not store passwords directly.

Usage Data

We collect metadata about your API proxy usage including: model names, token counts (input/output), request latency, timestamps, cost calculations, and HTTP status codes.

Request Content

Depending on your retention settings, we may log full request and response content for observability purposes. You can configure your retention mode to control what content is stored. When retention is disabled, only metadata is logged.

Security Scan Data

When you run security scans, we store scan configurations, results, and evidence (including tool call payloads and responses) in your account.

3. Information We Do Not Collect

We do not store your AI provider API keys. When you use the proxy, your provider keys are used only for the duration of the request and are never persisted on our servers.

4. How We Use Your Information

  • To provide and maintain the Service
  • To display usage analytics and cost dashboards
  • To generate security scan reports
  • To communicate with you about your account and service updates
  • To detect and prevent abuse of the Service

5. Data Sharing

We do not sell your personal information. We share data only with the following third-party services that are essential to operating the Service:

  • Clerk — Authentication and user management
  • Neon — Database hosting (stores your usage data and scan results)
  • Render — Backend API hosting (processes proxy requests)
  • Vercel — Frontend hosting (serves the web application)

We may also disclose information if required by law or to protect the rights and safety of our users.

6. Data Retention

Account information is retained for the duration of your account. Usage metadata is retained according to your plan's retention period. You can delete your account and all associated data at any time. Upon account deletion, all data is removed within 30 days.

7. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest. Access to production systems is restricted and monitored.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data and account
  • Export your usage data and scan results
  • Opt out of non-essential communications

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or through the Service.

11. Contact

For privacy-related questions, contact us at support@kurral.com.