Skip to main content
kRouter

Legal

Privacy

kRouter runs entirely on your machine. We do not operate any service that receives your data, prompts, completions, or auth tokens.

Last updated: 27 June 2026

What kRouter does NOT do

  • kRouter does not phone home with telemetry.
  • kRouter does not transmit your prompts, completions, or tokens anywhere except the upstream AI provider you configure.
  • kRouter does not have a billing system. Nothing is ever charged to you.
  • kRouter does not include analytics scripts, third-party trackers, ad networks, or fingerprinting code.

Data that stays on your machine

  • SQLite database (~/.krouter/db/data.sqlite): your providers, combos, API keys, request history, settings.
  • OAuth refresh tokens: stored in the same SQLite, encrypted at rest with a per-machine salt.
  • MITM root CA (when MITM mode is enabled): trusted only by your machine.

To delete everything, run rm -rf ~/.krouter. That is the entire reset procedure.

This documentation website

The site you are reading is served as static HTML from a Kodelyth-managed nginx server. We do not run any backend that captures your visit, IP, browser, or anything else. There are no cookies set by the site.

We may add a privacy-respecting analytics layer in the future (Plausible or Umami self-hosted). If we do, this page will be updated with the exact scope of what is collected and how to opt out. Until then, the answer is: nothing is collected.

Upstream providers

When you connect a provider in kRouter, your prompts go directly from your machine to that provider over HTTPS. We are not in the middle. The provider's own privacy policy applies to that traffic. We recommend reviewing the privacy policy of each provider you connect.

Contact

Privacy concerns? Open an issue on GitHub. The repository is the canonical place for everything.