Silker AISilker AI
Get started
Back

Privacy Policy

Effective date: June 2026

1. Overview

This policy explains what data the Silker AI SDK (@silker-ai/agent) and the Silker AI dashboard collect and process when you use our runtime security product, why we process it, how long we keep it, and the rights you have. Silker AI provides runtime threat detection that runs inside your own application or proxy; we receive only the security telemetry described below.

2. What the SDK Collects

The SDK inspects traffic locally inside your application. It transmits telemetry to Silker AI primarily for flagged or suspicious traffic, including:

  • HTTP request metadata: method, path, status code, timing, and route classification
  • Network identifiers: IP addresses and user agents
  • Request context for flagged traffic: relevant request bodies and headers associated with a detected threat
  • Detection results: what was flagged, the rule that matched, and the action taken

PII sanitization is applied client-side inside the SDK before telemetry leaves your servers. Sensitive values (such as emails, tokens, card numbers, and other personal data) are redacted prior to transmission.

3. How We Use Data

  • Detecting, classifying, and blocking threats in real time
  • Providing security analytics and dashboards to you, the customer
  • Maintaining, securing, and improving the reliability of the service
  • Investigating abuse and responding to security incidents

4. Storage

Security telemetry is stored on secure, EU-hosted cloud infrastructure with access controls and encryption in transit. Tenant data is isolated so that each customer can access only their own data.

5. Data Retention

Retention of security event data depends on your plan:

  • Starter: 7 days
  • Pro: 30 days
  • Business: 90 days

After the retention window, event data is deleted or anonymized. Account and billing records are kept only as long as required for legal and accounting purposes.

6. Sharing & Subprocessors

We do not sell personal data. We share data only with subprocessors that help us deliver the service:

  • Cloud hosting: EU-hosted infrastructure for storage and processing
  • Stripe: billing and payment processing
  • OpenAI: AI analysis of flagged threats

7. Customer Responsibilities

When you deploy Silker AI to monitor traffic to your application, you are responsible for disclosing this monitoring in your own privacy policy and for obtaining any consent required under applicable law. As the controller of your end-users' data, you determine what traffic is processed.

8. Your GDPR Rights

Subject to applicable law, you have the right to access, correct, delete, restrict, or port your personal data, and to object to processing. To exercise these rights, contact us and we will respond in line with our obligations.

Requests for access or deletion can be made via support at privacy@silkerai.com.

9. Changes

We may update this policy from time to time. Material changes will be reflected by updating the effective date above.

10. Contact

Questions about this policy? Contact us at privacy@silkerai.com.