What gets sent. What doesn't.
When you use AI features in Koyl, the following may be transmitted to our backend and to our model provider:
- → The Python source you are editing
- → The IR derived from that source
- → Open file context selected by the tool (configurable)
- → Your prompt text
- → Metadata required to run the request (request ID, model, token counts)
The following are never transmitted:
- × Credentials, API keys, or environment files
- × Vendor project files (`.L5X`, `.SimaticML`, `.tsproj`) unless you explicitly attach them in a chat turn
- × Files outside your project root
- × Telemetry, keystrokes, or local network state
Compile, simulate, and round-trip operations do not require any network call. They run entirely on your machine. AI features are the only path that leaves your environment, and they are opt-in per request.
No training. No retention.
Your code is not used to train models. Not ours, not our model provider's, not anyone's.
We use the Anthropic API, not consumer Claude.ai. These are different products with different terms. The Anthropic API has never trained on customer inputs by default. Consumer Claude.ai has different defaults, and that distinction matters because most of what your IT department has read about "AI training on user data" applies to consumer products, not the API.
We are pursuing Zero Data Retention (ZDR) with Anthropic for the enterprise tier. Under ZDR, request and response payloads are processed in memory and not written to disk on Anthropic's side. Status:
- ● Today: Anthropic API standard terms; no training, default 30-day abuse-monitoring retention
- ○ In progress: signed ZDR attestation for enterprise customers; request-body retention drops to zero
We will publish the signed attestation here once executed. We will not claim ZDR before the agreement is in place. "No training" and "no retention" are different commitments. We make both. Some vendors make only the first.
Where your code lives
Koyl backend services run on US infrastructure. Data residency is single-region today. EU residency is on the roadmap and will be opt-in per workspace.
The full subprocessor list (purpose, data category, and region for each) is published here as contracts are executed. We will not add a subprocessor without updating this page first. If your MSA requires advance notice on subprocessor changes, that clause is honored.
● Subprocessor list pending publication.
Bring your own key
For customers whose IP or NDA posture rules out our cloud carrying request payloads at all, Koyl supports BYO Anthropic API key. In this mode:
- → Your Anthropic key is supplied by you and stored in your workspace, never on our servers
- → Koyl backend acts as a thin proxy, forwarding requests to Anthropic under your key and account
- → Request bodies are not logged on our side
- → Billing for inference flows directly between you and Anthropic; we never see token counts or cost data
BYO-key is the strongest available trust posture and is the recommended configuration for defense, pharma, and large OEM accounts.
Logs and metadata
We log what we need to operate the service and nothing else. Specifically:
- ● Logged: request IDs, timestamps, model name, token counts, error categories, latency
- × Not logged: prompt text, response text, source code content, file contents, IR contents
If a request fails, the error message is logged without the payload that produced it. This is unusual (most backends log full request bodies on error) and it is a deliberate choice. It makes some classes of debugging harder. The privacy properties are worth it.
Compliance and contracts
Today
- ● Anthropic API standard terms; no model training on inputs
- ● Custom DPA available on request, covering GDPR, processing scope, retention windows, and subprocessors
- ● BYO Anthropic key for customers whose policy precludes shared infrastructure
- ● Single-tenant data isolation per workspace
On the roadmap
- ○ Anthropic ZDR attestation: in progress with Anthropic enterprise
- ○ SOC 2 Type I: targeting completion within 6 months of GA
- ○ SOC 2 Type II: 12-month observation period begins after Type I
- ○ EU data residency: opt-in per workspace
- ○ On-prem / VPC deployment: for the top tier of accounts; available on request
We will not claim a certification or attestation we have not earned. This page reflects what is true today, and we update it the day a status changes.
Questions your IT team will ask
Are you using ChatGPT or consumer Claude?
No. We use the Anthropic API. Consumer Claude.ai and the Anthropic API are different products with different defaults. Nothing your engineers do in Koyl flows through a consumer chatbot.
What if Anthropic gets breached?
The same surface that any company using a frontier model API has. We mitigate it with: ZDR (in progress) which removes payload retention entirely; BYO key which keeps payloads off our infrastructure; logging that excludes request bodies. None of these eliminate the risk fully (no SaaS posture does) but they reduce the blast radius materially compared to default cloud-API integration patterns.
What about prompt-injection attacks against the model?
A genuine concern when AI consumes file content. Koyl's IR-aware tool design isolates structured operations (compile, lint, IR diff) from free-text generation, which limits what an injected prompt can actually cause. We are not claiming a comprehensive defense; anyone who is, is overstating it. We treat prompt-injection as an evolving threat model and update the IR tool boundary as new patterns appear.
Can we audit your infrastructure?
Once SOC 2 Type II is complete, the report is the audit. Before then, we offer architecture walkthroughs and access to our vendor questionnaire responses for prospective customers under MSA.
What happens if you get acquired?
The DPA includes a successor clause: any acquirer is bound by the same data-handling commitments, or the customer may terminate without penalty and require deletion of all customer data within 30 days.
Disclosure
We will tell you, fast, if anything material changes. Specifically: a confirmed breach, a subprocessor change, a regulatory request that touches your data, or a policy change to this page. Notification goes to your designated security contact within 24 hours of internal confirmation, and a public log of policy changes is maintained at the bottom of this page.
Policy change log
- Initial publication.
Contact
Questions, vendor questionnaires, DPA requests, or specific concerns from a customer's security team:
security@koyl.ai →We answer personally. There is no ticket queue between you and the people responsible.