Our Privacy Principles
Krait follows four guiding principles across all product workflows:Minimal Data Collection
Krait only collects the data required to perform vulnerability detection and deliver accurate security insights.We do not collect or store unnecessary personal data.
Customer Ownership and Control
All data scanned through Krait-repositories, cloud assets, container images and configurations-remains your property.You control:
- what gets scanned
- how long data is retained
- when resources or integrations are removed
- who has access inside your workspace
No Unauthorized Access
We never access your assets manually unless you grant temporary permissions. Automated scanning workflows happen inside secure processing environments, with strict access controls and audit trails.Transparency at Every Step
Krait offers clear visibility into what we collect and how it is used. No hidden tracking, no silent monitoring and no use of customer data for training external AI models. We do not train our models with your data. Your source code and analysis results remain private and are never used for model training purposes.What Data Krait Processes
Krait processes only the data required to identify security risks and support remediation. All data is used strictly for security analysis and platform functionality.Code & Repository Metadata
Krait analyzes limited structural information from your repositories to detect vulnerabilities, insecure dependencies and misconfigurations.- Only the minimum necessary metadata (such as dependency files or structural references) is processed.
- Your full source code is not stored.
- Krait never modifies your repositories and does not push commits or changes.
- Analysis is performed in isolated environments and discarded after completion.
Cloud Configuration & Resource Data
Krait reads configuration data from connected cloud accounts to evaluate security posture, including:- IAM policies and permissions
- Network and firewall rules
- Exposed services and cloud resources
Container Images & Packages
Container images and packages are analyzed to identify:- Known vulnerabilities in dependencies
- Build-time and runtime security risks
Integration Metadata
Krait processes limited metadata from integrations such as Jira, Linear, Git providers and cloud platforms. This data is used only to:- Scan resources to find vulnerabilities
- Link vulnerabilities to teams or projects
- Create and synchronize tickets
- Support remediation workflows
Data Security & Storage
Credential Handling
User credentials are securely hashed and never stored in plaintext. Krait avoids collecting or retaining personal data that is not required for security operations.Secure Storage
All processed data is stored in secure, access-controlled systems.- Sensitive information (such as tokens, keys, or secrets) is encrypted both in transit and at rest.
- Within Krait’s infrastructure, access is minimal, role-specific and tightly controlled.
Your Control
You remain in full control of your data.- Repositories, resources and entire workspaces can be deleted at any time.
- When deleted, all associated data is removed from Krait’s systems.
Data Retention
Krait follows industry best practices for data retention.- Logs and analysis results are retained only as long as necessary.
- Data is automatically purged according to defined retention policies.