koira
Security & Trust

Your logins never leave
your own machine.

Koira does the busywork by working the same sites you do - so it has to act as you. The part that touches your accounts runs locally, on your computer, not on our servers.

How it’s protected

Four things we got right by design.

Architecture decisions baked in before the first line of product code.

Local credential vault

Your passwords and active sessions live in your OS keychain, encrypted at rest. Koira reads them only to act - on your machine, in the moment.

Approval queue by default

Nothing is sent, posted or published until you tap approve. Autonomy is opt-in, per workflow, and reversible.

Scoped to what you connect

Koira can only touch the specific sites and apps you’ve handed it. Nothing else on your machine is in reach.

Full activity log

Every action recorded - what it did, on which site, when, and whether you approved it. A complete, reviewable trail.

The boundary

What Koira will and won’t do.

The simplest way to trust a tool that acts for you is to know exactly where the line is.

Koira will

  • Draft replies, posts and follow-ups in your voice and show them to you first
  • Act on the exact sites and accounts you connect, and nothing else
  • Log every action it takes for you to review
  • Stop and ask whenever a task hits something it isn’t sure about
  • Let you flip any workflow back to approval-required, instantly

Koira won’t

  • Send your passwords or sessions to our servers - they stay on your device
  • Send, post or publish without your explicit approval
  • Move money, change passwords, or delete data on its own
  • Reach into sites or files you didn’t connect
  • Sell, share, or train public models on your business data
Standards & data

Where we are on the formal stuff.

Straight answers, no badges we haven’t earned.

SOC 2 Type IIIn progress - audit underway
GDPR alignedEU data rights honored
EncryptionTLS in transit, AES-256 at rest
Common questions

The things owners actually ask.

If it runs on my computer, does my computer have to be on?
For workflows that act directly on your accounts, the Koira app needs to be running. Scheduling, drafting and cloud-side reasoning continue regardless. On higher tiers, dedicated always-on runners are available.
Where exactly do my passwords live?
In your operating system’s native secure store - Apple Keychain or Windows Credential Manager - encrypted at rest. Koira’s cloud never receives them.
Can Koira do something I didn’t approve?
On Free and Starter, no - every output waits in your approval queue. On higher tiers you can enable autonomy for specific workflows you trust, and revoke it anytime.
Do you train AI models on my business data?
No. Your data is used to do your work and tune your voice, for you, in your account. Never sold, shared, or used to train public models.
What happens to my data if I cancel?
Your local credentials never left your machine. Cloud configs can be exported, and we delete your account data on request. No lock-in.

Built to be trusted
with the keys.

Have a security question we didn’t answer here? Talk to us directly - a real person, usually same day.

Talk to security →