Data & Privacy

How Keshro handles your data. Source code and fetched file contents are processed transiently during analysis and discarded after the run. What persists is the planning and execution layer around the work: plans, tasks, notes, decisions, saved context, connected-account identifiers, and lightweight file metadata.

How Your Data Is Used

01

Plan Generation & Analysis

When you create a project or migration, Keshro generates plans, risk assessments, effort estimates, and task coordination data. We store plans, tasks, execution state, and related coordination metadata in your account. Raw source code is not Keshro's persistent memory layer.

02

Aggregate Learning

Completed analyses can contribute summaries, execution outcomes, and anonymized path-level benchmarks according to your personal or workspace learning mode. Aggregate-only is the default. Raw run details do not flow across organizations.

03

Team Workspaces

If you create or join an organization, migrations created inside that workspace are visible to members of that workspace. Personal migrations remain private to your account unless you explicitly choose a broader personal learning mode.

04

Codebase Discovery

When you use the CLI to create a project, an AI agent running locally on your machine scans your codebase to gather technical facts (framework versions, directory structure, dependencies, existing patterns). A structured summary of these facts may be sent to Keshro to improve plan quality. Long-term reuse comes from that summary and later execution metadata, not from retaining raw code files.

05

AI Processing & Third Parties

Keshro uses Anthropic's Claude API to generate plans and analysis. Your project descriptions and task context are sent to Anthropic under their commercial API terms, which prohibit using inputs for model training. During plan enrichment, connected-account data (repo structure, issue details) may be accessed via GitHub, Linear, or Jira APIs and used in prompts — not persisted separately. Web research queries are sent to Tavily for best-practice lookups using only your project description, not code.

Security

All data transmitted over HTTPS with TLS encryption
Authentication via Google OAuth 2.0 with JWT tokens
Email-based access control with configurable allowlists
File uploads validated client-side: 2 MB limit, code/config types only
No passwords stored — authentication delegated to Google
Organization-level access controls for team migrations
Raw run details are never shared across organizations

Retention and deletion

We retain active account data, migration runs, and connected-account snapshots until you delete them or request deletion. In-product deletion actions take effect immediately in active systems. Manual deletion follow-up requests are handled within 30 days.

Need stricter deployment? Talk to us.

The above describes Keshro's default SaaS posture. If your workspace needs Keshro inside your VPC, self-hosted in your cloud account, or fully air-gapped — for compliance, regulated workloads, or a security review that won't accept the SaaS path — we're aware of the gap and happy to talk through what your environment needs.

Talk to us about enterprise deployment →

Frequently Asked Questions