Privacy summary

Keren Analytics queries your Azure telemetry with delegated access and renders analytics dashboards. Raw telemetry rows are not persisted outside your tenant. The service persists setup metadata and aggregated dashboard outputs so your configuration survives restarts.

Data we process

• Authentication/session data (Entra delegated sign-in state in session cookie).
• Resource selection and setup state (scan snapshots, mappings, validations, readiness summaries).
• Aggregated analytics payloads sent to the dashboard UI.

What we do not persist

• No long-term storage of raw App Insights log rows outside your tenant.
• No credentials committed in repository files.
• No third-party tracking cookies by default on the landing page.

Retention and backups

Setup metadata is stored in SQLite (`data/keren.db`). In production, operators can enable periodic encrypted snapshots to Azure Blob storage. Backup retention is configurable.

Contact

Questions or privacy requests: garniel6@gmail.com. Security reports should follow SECURITY.md.