Privacy and safety in Kaer rest on a few plain commitments: your data is not used to train models, the agent's work runs in isolated environments, and the actions that could affect the outside world are gated on your approval.
This page explains each commitment, and where the controls live.
Your data and model training
Your data is not used to train models. Threads, files, connected mailboxes, and everything the agent reads while working for you stay in service of your work — they do not become training material.
Isolated execution
Agent work runs in isolated, per-session execution environments. Each session starts in a clean environment, does its work there, and does not share that environment with other sessions or other customers.
Approvals: the gate on actions
Safety with a capable agent is less about what it can think and more about what it can do. Destructive and external actions — sending mail, deploying, anything that leaves a mark outside the workspace — are gated behind your approval. The agent proposes; you approve; only then does it act.
The Operator covers how approvals appear during a turn, and Mail AI applies the same rule to email: no send without sign-off, by default.
Scopes: the boundary on access
The other half of control is what the agent can reach at all. Connectors use scoped, revocable tokens — the operator holds exactly the access you granted to each service and nothing more, and disconnecting revokes the token immediately. See Connectors.
Scopes bound what can be touched; approvals gate when something is done. Together they mean the agent acts inside boundaries you drew.
Export and deletion
You can export your data or delete it from Settings — data controls are a product feature, not a support request. Export takes a copy out; deletion removes it, and is treated as the irreversible action it is.
A worked example
You ask the operator to clean up a mailing list and email the remaining subscribers. It plans, drafts the email, and then stops: sending is an external action, so it waits for your approval. You read the draft, spot a wrong date, edit it, and approve.
The send happens — using only the mailbox access you granted when connecting the account — and the whole run is logged in Activity with its full trail. Every layer showed up: scoped access, an approval gate, and an audit record.
Reporting an issue
If something looks wrong — a safety concern, unexpected behaviour, a privacy worry — report it in-app. That route reaches the team directly.
Good to know
- Is my data used to train models? No.
- Can the agent act without me? Not on destructive or external actions — those wait for approval by default.
- Who controls what the agent can access? You do, per service, through connector scopes — revocable at any time from Settings → Connectors.
- Where is the audit trail? Activity logs every run; each entry opens into its full trail.
- Where are the day-to-day controls? Access and roles on Team, scopes in Connectors, caps and data controls in Settings.