Privacy Policy

Last updated: 22 June 2026

knurl builds developer tools designed to be private by construction. This policy explains, plainly, what each surface of the knurl Secret & Config Scanner does and does not do with your data.

The short version

• We process the text you provide solely to scan it and return findings.
• We do not store, log, or transmit the content of your requests (the config/code you scan).
• We request no chat transcripts, no broad "just in case" context, and no sensitive personal data.
• On the web, scanning runs entirely in your browser — your input never reaches our servers at all.

The web scanner (knurl.tools)

When you use the scanner on this website, the analysis runs client-side in your browser. The text you paste is never uploaded; there is no network request carrying your input. You can verify this in your browser's developer Network panel. We do not place advertising or third-party tracking cookies, and we do not build a profile of what you scan.

The assistant connector (ChatGPT, Claude, Cursor, and other MCP clients)

When you invoke the knurl scanner through an AI assistant, the assistant sends the specific text you asked it to scan to our scanning endpoint (mcp.knurl.tools). On our server:

• The request body is used only to run the scan and produce the response, in memory, for that one request.
• Request bodies are never written to logs or storage. We do not retain the content you submit.
• We collect only minimal, content-free operational metadata — timestamp, response status, and request size — to keep the service running and prevent abuse. This metadata contains none of your scanned content.
• We do not request or receive your wider chat history; the assistant sends only the text passed to the tool.

Data minimization

The scanner is intentionally narrow. It asks for the least it needs (the text to scan) and nothing more — no account, no broad permissions, no background access. Findings are returned with secrets redacted; the tool is built so that it never needs, and never asks for, a live production credential.

No sale or sharing of data

We do not sell, rent, or share your data with third parties. We have no advertising business.

Payments

Paid tiers, when available, are processed by a third-party Merchant of Record. Payment details are handled by that processor under its own privacy policy; knurl does not receive or store your full card details.

Changes

If this policy changes materially, we'll update the date above and the content here. Continued use after a change constitutes acceptance.

Contact

Questions about privacy: contact us or email support@knurl.tools.