Legal
Privacy Policy
Last updated: April 2026
Kyew is operated by Jordan Cauley, an individual developer. This policy explains what data Kyew collects, how it is stored, and what control you have over it.
What data is collected
Authentication data
When you sign in with Google, Kyew receives your email address, display name, and Google account ID. When you sign in with email, Kyew stores your email address and a bcrypt-hashed password. These are used solely for authentication and identifying your account.
For sign-in, Kyew requests only the openid, email, and profile OAuth scopes from Google.
Managed connections (Google, GitHub)
Kyew offers managed OAuth connections that let you connect external services to your tools. When you create a managed connection, you choose which scope bundles to enable. Kyew only requests the scopes you select — you are never granted access to services you did not opt into.
Google scope bundles:
| Bundle | Access granted | Sensitivity |
|---|---|---|
| Analytics | Google Analytics 4 — traffic, conversions, audience data | Sensitive |
| Search Console | Search Console — SEO queries, rankings, indexing | Sensitive |
| Ad Manager | Google Ad Manager — inventory, ad performance, revenue reporting | Sensitive |
| YouTube Analytics | YouTube — video metrics, audience, engagement | Sensitive |
| YouTube Revenue | YouTube — revenue, ad earnings | Sensitive |
| Gmail (read) | Gmail — read and search inbox | Sensitive |
| Gmail (send) | Gmail — send emails | Sensitive |
| Calendar | Google Calendar — read and write events | Sensitive |
| Drive (read) | Google Drive — read documents and files | Sensitive |
| Sheets | Google Sheets — read and write spreadsheet data | Sensitive |
| Tasks | Google Tasks — read and write tasks | Sensitive |
| Contacts | Google Contacts — people lookup | Sensitive |
GitHub scope bundles:
| Bundle | Access granted |
|---|---|
| Repos | Full access to private and public repositories |
| Repos (public) | Public repositories only |
| Actions | GitHub Actions — trigger, manage, and view workflows |
| Packages | GitHub Packages — read and publish |
| Profile | User profile and email address |
| Orgs | Organization membership and teams |
| Gists | Create and manage gists |
| Notifications | Read and manage notifications |
| Projects | Project boards (read-only) |
Connection credentials (OAuth tokens, API keys) are encrypted at rest using AES-256 before storage. See How data is stored for infrastructure details.
You can revoke any managed connection at any time from the dashboard or via the connection MCP tool. Revoking a connection deletes the stored credentials and Kyew can no longer access that service on your behalf.
User-created content
Everything you create through Kyew's MCP tools is stored on your behalf:
- Memories -- observations, notes, and context you store via the
memorytool - Skills -- reusable patterns and knowledge you create or approve
- Custom tools -- HTTP proxy tools, transform tools, chain tools, and code tools you define
- Connections -- external API configurations you set up for custom tools
- Organizations -- team structures, membership records, tool kits, and audit logs
Billing data
When you subscribe to a paid plan, Kyew uses Stripe to process payments. Kyew stores your Stripe customer ID and subscription metadata (plan tier, billing interval, subscription status). Kyew does not store or have access to your credit card number, bank account, or other payment method details -- these are handled entirely by Stripe. See Stripe's privacy policy for details.
Request metadata
Kyew logs basic request metadata (timestamps, request counts) for rate limiting enforcement. This data is not tied to the content of your requests and is not used for analytics or tracking.
How data is stored
Infrastructure
- Database: Neon Postgres (primary), encrypted at rest
- Sessions: Cloudflare KV, used for OAuth session management
- Processing: Cloudflare Workers on Cloudflare's global edge network
- File storage: Cloudflare R2 for user-uploaded content
- Code execution: Cloudflare Sandbox containers with per-user isolation
User isolation
All data is scoped per user using your unique userId (derived from your authentication provider account ID). The storage layer enforces this scoping on every database query. There is no mechanism for one user to access another user's data outside of explicitly shared organization resources.
Organization data
If you create or join an organization, certain resources (tools, memories, tool kits) can be shared among organization members according to the permissions set by organization administrators. Only organization members with the appropriate role can access shared resources.
Google API Services User Data Policy
Kyew's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- Kyew only uses Google user data to provide the features you explicitly request (e.g., querying Analytics data through a custom tool you created)
- Google user data is not used for advertising, sold to third parties, or used to train AI models
- Google user data is not shared with any third party except as necessary to execute requests you initiate (e.g., proxying an API call to a Google service on your behalf)
- Access to Google user data is limited to actions you explicitly configure through your connections and tools
Cookies
Kyew uses a single cookie:
mcp_session-- an HttpOnly, Secure cookie used for authentication. It contains your session identifier and is set withSameSite=Lax. No tracking cookies, advertising cookies, or third-party cookies are used.
Third-party services
Stripe (payments)
Kyew uses Stripe to process paid subscriptions. When you subscribe, your payment information is collected and processed directly by Stripe. See Stripe's privacy policy.
Postmark (email)
Kyew uses Postmark to send transactional emails (magic link sign-in, organization invitations). Only your email address is shared with Postmark for delivery purposes.
External API integrations
If you create custom tools that call external APIs, those requests are initiated by you and go directly to the external service. Kyew acts as a proxy but does not retain or share the data from those requests beyond executing them on your behalf.
Data export
You can export all of your data at any time using the system MCP tool with the export action. This returns a complete JSON export of your memories, skills, and related data.
Data deletion
- Individual memories: Use the
memorytool with theforgetaction to delete specific memories. - API keys: Revoke API keys from the dashboard Settings page.
- Full account deletion: Contact [email protected] to request complete deletion of your account and all associated data. Upon account deletion, all personal data, memories, skills, tools, and organization memberships will be permanently removed.
Data retention
- Memories and skills persist until you delete them.
- Sessions expire after 30 days of inactivity.
- OAuth state tokens expire after 10 minutes (used only during the sign-in flow).
- Subscription data is retained as long as your account exists. Cancelled subscriptions enter a 7-day grace period before downgrade.
Data location
Your data is processed on Cloudflare's global network and stored in Neon Postgres (US East region). Cloudflare may process requests across its edge locations for performance and reliability. See Cloudflare's privacy policy and Neon's privacy policy for details.
Analytics and tracking
Kyew collects anonymized usage data for internal product improvement purposes. This includes:
- Tool usage frequency -- which MCP tools are called and how often (not the content of those calls)
- Feature adoption -- which capabilities are being used across the user base
- Error rates -- aggregate failure patterns to identify and fix issues
- Request volume -- request counts used for rate limiting and capacity planning
This data is aggregated and anonymized. It does not include the content of your memories, skills, prompts, or any other user-created data. No third-party analytics services, tracking pixels, or behavioral profiling tools are used.
Children's privacy
Kyew is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.
Changes to this policy
Changes to this privacy policy will be posted on this page with an updated date. If significant changes are made, we will make reasonable efforts to notify active users.
Contact
For questions about this privacy policy or your data, contact [email protected].