Privacy Policy

Kernora ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how our Nora CLI tool and website collect, use, and protect your information.

1. Overview: Local-First Architecture

Nora is designed with privacy as a core principle. In solo mode, Nora runs entirely on your machine with zero data transmission to Kernora servers. All data remains stored in your local SQLite database (echo.db) on your computer.

When you use Team mode, sanitized data is synced to your own Amazon S3 bucket. Kernora never stores, accesses, or touches this data—you maintain full control.

2. What Data Does Nora Collect?

Local Data (Stored on Your Machine)

• Claude Code session transcripts (JSONL files)
• Extracted engineering patterns and decisions
• Identified bugs and anti-patterns
• Your custom analysis and annotations
• API configuration (stored locally in config.toml)

This data never leaves your machine unless you explicitly enable Team mode.

API Keys and Credentials

Your LLM API keys (for Claude, GPT-4, Gemini, Llama, or Mistral) are stored locally in your config.toml file. These keys are never transmitted to Kernora servers. You control your own API costs and provider relationships.

Team Mode (Optional)

If you enable Team mode, Nora syncs sanitized session data to your own S3 bucket. You control the bucket configuration, encryption, and access. Kernora has no access to your S3 bucket or any data in it.

3. Website Analytics

The Kernora website (kernora.ai) uses Google Analytics (Firebase) to collect aggregated usage statistics, including:

• Page views and navigation patterns
• Referral sources
• General geographic region
• Browser and device type

This data is anonymized and does not identify you personally. Google Analytics is subject to Google's Privacy Policy.

4. Data We Do NOT Collect

• Personal identification data (name, email, IP address — in solo mode)
• Usage telemetry from the CLI tool itself
• Browsing history or behavioral tracking
• Biometric data
• Location data (beyond website analytics)

5. Third-Party Services

LLM Providers

When you use Nora, you provide your own API keys to third-party LLM providers (OpenAI, Anthropic, Google, etc.). Your interactions with these services are governed by their respective privacy policies. Kernora does not process, store, or have access to your API communications.

S3 Storage (Team Mode Only)

Team mode requires you to configure an Amazon S3 bucket. You control this bucket and are responsible for its security, encryption, and access policies. Amazon's AWS Privacy Policy applies to your bucket.

6. Data Security

Your local data is protected by your device's file permissions and encryption. In Team mode, you control S3 encryption settings. We recommend enabling S3 bucket encryption and access logging for sensitive data.

Nora does not implement end-to-end encryption locally—security relies on your device and operating system protections.

7. Data Retention

All local data persists in your echo.db file until you delete it. You have full control over when and what data to retain or remove.

In Team mode, data remains in your S3 bucket indefinitely unless you delete it. Kernora retains no copies.

8. Children's Privacy

Nora is not designed for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at privacy@kernora.ai.

9. No Selling or Sharing of Data

Kernora does not sell, trade, or share your data with third parties. Period. Your data is yours alone.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be effective when posted to this page. Continued use of Nora constitutes acceptance of updated terms.

11. Your Rights

Since Nora is local-first and we do not store your data, data access and deletion requests are straightforward: delete your echo.db file and config.toml to remove all local data. For Team mode, manage your S3 bucket directly.