AI that works for you, not on you

When you use the AI command bar, read operations (searching, viewing data) execute immediately. But write operations (creating a client, sending an invoice, updating a status) are always staged as a plan for you to review.

Nothing touches your database until you click “Confirm.” You can review every proposed action, remove individual items, or cancel entirely. This is not an AI guardrail added after the fact. It is the core architecture.

We have signed Data Processing Agreements with every AI provider we use: Anthropic (Claude), OpenAI (GPT), and Google (Gemini). All three contractually guarantee that your data is never used to train, fine-tune, or improve their models.

Your prompts and responses are processed in real time and not retained by providers beyond what is needed to deliver the response.

AI features only activate when you use them. Your data is never sent to AI providers in the background. When you use the AI command bar, only the data relevant to your request is sent to the provider, scoped to your workspace.

Kiaro includes a data sanitization layer that strips sensitive fields (Stripe IDs, authentication tokens, file URLs, and banking details) from AI context. We are continuously expanding the set of fields excluded from AI processing to minimize data exposure.

Every AI query is scoped to your workspace. The AI can only access data belonging to your tenant. There is no cross-tenant data leakage because every database query filters by your tenant ID at the query layer. This is enforced in every Server Action and API route, not just the AI features.

Kiaro routes AI requests to the most appropriate model for the task. Complex generation (proposals, contract analysis) uses a powerful model like Claude Sonnet. Simple lookups and classification use a fast, cost-effective model like GPT-4o-mini.

You pay a single subscription price with unlimited AI commands on paid plans. You never need to think about which model is used or worry about per-token costs.

There is no background AI processing. Kiaro does not send emails, create invoices, modify projects, or perform any action without your explicit instruction and confirmation. The proactive business briefing on your dashboard analyzes your data to surface insights, but it is read-only and cached. It never takes action on your behalf.

AI providers process data in their standard infrastructure regions. Anthropic and OpenAI process in the United States. Google processes in the region closest to your request origin. Your database is hosted on Neon PostgreSQL in the EU (Frankfurt). Files are stored on Cloudflare R2 with encrypted storage.

AI endpoints are rate-limited to prevent abuse. The AI command bar is limited to 20 requests per minute per workspace. Read-only AI operations count as half a command. All AI usage is logged for billing and auditing purposes, with logs automatically purged after 90 days.