Your code. Your machine. Your data.

1. Overview: Local-First Architecture

Kernora ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how the Nora engine, hooks, MCP server, dashboard, and the Kernora website collect, use, and protect your information.

The Nora system runs entirely on your machine. Stop hooks in your IDE (Claude Code, Cursor, Kiro, Copilot) spool transcripts via a local unix socket to daemon.py. The analyzer, the P1→P2→P3 agent pipeline, the canonical promotion gate, the dashboard, and the MCP server all execute locally. Verified facts are written as markdown into <your-project>/.nora/ (git-tracked). Runtime state is cached in SQLite at ~/.kernora/echo.db.

"Team mode" in v2.4.0 is git-native: kernora dashboard-init <org> scaffolds an <org>/nora-team-dashboard repo in your GitHub org with an Action that aggregates .nora/ from your project repos every six hours and serves static HTML on Pages. Kernora never stores, accesses, or touches this data — it lives in your org's compute.

2. What Data Does Nora Collect?

Local Data (Stored on Your Machine)

• AI session transcripts captured by Stop hooks in your IDE (Claude Code, Cursor, Kiro, Copilot, Cline, and any tool with a registered hook)
• Extracted typed facts (14 types: pattern, anti_pattern, decision, bug, tenet, learning, process, constraint, open_question, heuristic, rule, insight, contradiction, reasoning_trace)
• The living factbook at .nora/kernora-factbook.yaml + per-fact markdown files
• Append-only agent_safety log (date-rotated JSONL at ~/.kernora/logs/agent_safety/{YYYY-MM-DD}.jsonl)
• API configuration (stored locally in ~/.kernora/config.toml)

This data never leaves your machine unless you explicitly git push the factbook or, in Team mode, the GitHub Action runs in your org.

How Hooks Capture Data

Each Stop hook captures the session transcript from its respective AI tool and sends it to daemon.py via a local Unix socket (~/.kernora/daemon.sock). This communication is entirely local — it never crosses a network boundary. Hooks do not transmit data to Kernora or any external server. The hook source is in the open-source repo.

Pre-commit PII Guardrail

Before any markdown lands in .nora/, the pre-commit hook runs a 15-rule regex catalog (8 critical key formats including AWS, OpenAI, Anthropic, Google, Stripe, Slack, GitHub PAT, OpenSSH; 3 high-severity tokens including bearer tokens, JWTs, URL-embedded credentials; 4 medium PII patterns including SSN, credit-card, email). The guardrail is AST-audited zero-network. Exit 1 on critical/high. Detail in the Security page.

API Keys and Credentials

Your LLM API keys (for Claude, GPT-4, Gemini, Grok, Bedrock, Llama, Mistral, or Ollama) are stored locally in your config.toml file. These keys are never transmitted to Kernora servers. You control your own API costs and provider relationships.

Team Mode (Optional, Git-Native)

If you turn on Team mode via kernora dashboard-init <org>, Nora scaffolds an <org>/nora-team-dashboard repo in your GitHub org. A GitHub Action in that repo aggregates .nora/ from your project repos every six hours and serves static HTML via Pages. The Action runs in your org's compute. You control the repo, the Action's permissions, and Pages access. Kernora has no access to your repo or any data in it.

3. Website Analytics

The Kernora website (kernora.ai) uses Google Analytics (Firebase) to collect aggregated usage statistics, including:

• Page views and navigation patterns
• Referral sources
• General geographic region
• Browser and device type

This data is anonymized and does not identify you personally. Google Analytics is subject to Google's Privacy Policy.

4. Data We Do NOT Collect

• Personal identification data (name, email, IP address — in solo mode)
• Usage telemetry from the CLI tool itself
• Browsing history or behavioral tracking
• Biometric data
• Location data (beyond website analytics)

5. Third-Party Services

LLM Providers

When you use Nora, you provide your own API keys to third-party LLM providers (Anthropic, OpenAI, Google, xAI, AWS Bedrock, and others). Your interactions with these services are governed by their respective privacy policies. Kernora does not process, store, or have access to your API communications.

GitHub (Team Mode Only)

Team mode uses an Action in your own GitHub org to aggregate .nora/ data and serve a static dashboard via Pages. You control the repo's permissions, branch protection, Action secrets, and Pages access. GitHub's Privacy Statement applies to that repo.

6. Data Security

Your local data is protected by your device's file permissions and encryption. The pre-commit PII guardrail blocks 15 secret patterns from landing in .nora/ before commit. The zero-network invariant is verifiable via kernora network-check and re-run on every kernora install --on-prem. --on-prem additionally locks the LLM provider to Ollama (no API egress). Detail in the Security page.

Nora does not implement end-to-end encryption locally — security relies on your device and operating system protections.

7. Data Retention & Right-to-Be-Forgotten

Per-table TTL is configured in ~/.kernora/config.toml under [retention]: short-lived intermediate artifacts (clean signals, reasoning traces) auto-purge at 90 days by default; session history at 365 days. Verified facts in .nora/ are not auto-purged — they are tracked files you delete with git rm.

On-demand purge: kernora purge --project <name> (one project) or kernora purge --all (everything). Add --no-archive to skip the pre-purge archive, --yes to skip the interactive confirm, --dry-run to preview. Every purge writes a line to the agent_safety log. In Team mode, data lives in your GitHub org — you delete it from your repo. Kernora retains no copies.

8. Children's Privacy

Nora is not designed for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately via our GitHub Issues page.

9. No Selling or Sharing of Data

Kernora does not sell, trade, or share your data with third parties. Period. Your data is yours alone.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be effective when posted to this page. Continued use of Nora constitutes acceptance of updated terms.

11. Your Rights

Since Nora is local-first and we do not store your data, data access and deletion requests are straightforward: delete your echo.db file and config.toml to remove all local data. For Team mode, manage your S3 bucket directly.