Security

Koraku is built for real work: connected accounts, agent actions, and cloud workspace files. Security is part of product design — not an afterthought.

• Sign-in through established OAuth providers (Google, GitHub) — we do not store your provider password.
• Session handling via secure, HTTP-only cookies where applicable.
• Organization and tenant boundaries for team workspaces when enabled.

Koraku is designed to confirm before high-impact external actions such as sending messages, sharing files, or changing records in connected apps. Review proposed actions in the app before they run.

Automations inherit the same approval expectations. Scope automations narrowly and avoid high-stakes workflows without human review.

Koraku stores chat history, personalization, automation definitions, and automation run history in your account. Active chat sessions and in-progress runs may also be held temporarily on Koraku servers.

Workspace paths, tool policies, and server-side checks help constrain what agents can access. Do not store secrets in chat or memory.

Third-party connections use industry-standard OAuth where supported. You can revoke access from Koraku Settings or from the provider’s security settings. Koraku only uses the scopes needed to fulfill your instructions.

If you discover a security issue, please report it privately to meet.sonawane2015@gmail.com. Do not file public issues for vulnerabilities. Include a description, impact, and steps to reproduce. We aim to acknowledge reports within 72 hours.