Privacy Policy

Kakaw AI is a Bring-Your-Own-Key (BYOK) application. We do not host LLM models or store your database content. Kakaw reads only your database schema (table names, column names, relationships) to generate SQL queries — never your actual row data. Your API keys are transmitted directly from your browser to your chosen LLM provider and are never sent to or stored on Kakaw's servers.

We collect the minimum necessary to provide the service: • Account information: your email address and a hashed password, stored via Better Auth for authentication purposes. • Usage metadata: which features you use, when you log in, and general usage patterns. This data is used to improve the product and is never sold to third parties. • Database connection metadata: your connection parameters (host, port, database name, username) are stored encrypted so you don't need to re-enter them. Passwords are encrypted at rest.

• Your database rows or any data contained in your database tables. • Your API keys. These are held in your browser session only and sent directly to the LLM provider. • The content of your LLM conversations beyond what is necessary to maintain conversation context in your active session. • Any information from your database beyond the schema structure required to generate SQL queries.

Authentication data (email, hashed password, session tokens) is stored locally via Better Auth using SQLite. Session data is stored in secure HTTP-only cookies. We do not use third-party analytics services that store personal data. No personal data is transferred to third parties for marketing purposes.

When you use Kakaw, your questions and schema context are sent to the LLM provider you configured (Anthropic, OpenAI, Google, or a local model via Ollama/LM Studio). The handling of that data is governed by the privacy policy of your chosen provider. We recommend reviewing their policies: • Anthropic: anthropic.com/privacy • OpenAI: openai.com/privacy • Google: policies.google.com/privacy Local models (Ollama, LM Studio) process data entirely on your machine — no data leaves your device.

You may request deletion of your account and associated data at any time by contacting us. Upon deletion, your email, hashed password, database connection metadata, and session data will be permanently removed.

Questions about this privacy policy? Reach us at privacy@kakaw.ai. Last updated: April 2026