kyra docs

Privacy & Data

How Kyra handles your data.

Privacy & Data

What Kyra receives

When your SDK calls evaluate, Kyra receives:

  • The tool call name and parameters
  • Agent and session identifiers
  • The userId you provide
  • Any additional context you include

PII stripping

All three SDKs strip PII from captured LLM HTTP traffic before it leaves your infrastructure. The following patterns are detected and replaced with [REDACTED]:

  • Email addresses
  • Phone numbers
  • Credit card numbers
  • National ID numbers
  • IP addresses

userId is preserved — it is a governance identifier for audit tracing.

Stripping runs on your machine, inside the SDK, before any network call to Kyra.

To disable (if you handle PII stripping upstream):

KyraClient(api_key="...", pii_stripping=False)         # Python
new KyraClient({ apiKey: '...', piiStripping: false }) // TypeScript
kyra.NewClient(kyra.WithPIIStripping(false))            // Go

Data retention

Audit events are retained according to your org's retention policy. Contact hello@kyratech.io to configure custom retention for Enterprise plans.

GDPR / DPDPA

Kyra acts as a data processor. Your organization is the data controller. A Data Processing Agreement (DPA) is available on request at legal@kyratech.io.

Questions

Contact legal@kyratech.io.

Dashboard Guide

How to use the Kyra dashboard.

On this page

Privacy & DataWhat Kyra receivesPII strippingData retentionGDPR / DPDPAQuestions