Issue Type
Documentation / Privacy / UX
Summary
BrowserOS Connect Apps appears to use Klavis AI as the third-party integration provider for services like Gmail/GitHub/etc. However, it is not clear from the BrowserOS UI or docs what data is sent to Klavis, what is logged or retained, and whether users can disable that logging.
The current docs say things like “Credentials stay local”, but that does not clearly answer whether:
- tool calls go through Klavis servers,
- request/response payloads are logged,
- email/message content may be retained,
- metadata is stored,
- retention can be disabled,
- or whether zero-retention is available.
This is especially important for privacy-sensitive integrations like Gmail.
Why this matters
Users are being asked to authorize an app branded as “Klavis AI” during the OAuth flow, but BrowserOS does not clearly explain:
- why Klavis is involved,
- what role it plays,
- what data BrowserOS sends to it,
- and what logging/retention behavior applies.
For a privacy-sensitive product, this needs to be explicit.
Requested clarification
Please document, in plain language, the exact data flow for Connect Apps integrations such as Gmail:
- When BrowserOS uses Klavis-backed Connect Apps, what exact data is sent to Klavis servers?
- Are tool calls, request parameters, message bodies, search queries, metadata, or responses logged or stored by Klavis?
- Does “credentials stay local” only mean OAuth tokens/credentials stay local, or does it also mean content/tool payloads are not persisted remotely?
- What is the retention period for any logs, traces, or request/response data?
- Is there a zero-retention / no-logging mode?
- If so, can normal BrowserOS users enable it, or is it only available for enterprise / self-hosted setups?
- Is there a BrowserOS setting to disable Klavis-backed logging/retention for connected apps?
- If BrowserOS cannot guarantee no logging/retention, can the UI explicitly say so before users connect sensitive apps?
Suggested improvements
It would help to add one or more of the following:
- A docs page specifically covering:
- BrowserOS ↔ Klavis architecture
- data flow
- logging
- retention
- deletion
- self-hosted / no-logging options
- A warning/explainer in the connection flow such as:
- “This app connection is provided by Klavis AI”
- “Here is what data may be processed”
- “Here is how logging/retention works”
- “Here is how to use manual browser automation instead”
- A user-facing toggle or documented mode for:
- disable logging
- zero retention
- or local/manual-only fallback
Current ambiguity
Right now, users can reasonably read “credentials stay local” and assume the whole integration is local/private, even though the connection flow and code structure suggest there is still a Klavis-backed remote component involved.
That wording may be technically true but still incomplete in a way that matters for user trust.
Environment
- BrowserOS Connect Apps
- Especially relevant for Gmail and other sensitive integrations
Issue Type
Documentation / Privacy / UX
Summary
BrowserOS Connect Apps appears to use Klavis AI as the third-party integration provider for services like Gmail/GitHub/etc. However, it is not clear from the BrowserOS UI or docs what data is sent to Klavis, what is logged or retained, and whether users can disable that logging.
The current docs say things like “Credentials stay local”, but that does not clearly answer whether:
This is especially important for privacy-sensitive integrations like Gmail.
Why this matters
Users are being asked to authorize an app branded as “Klavis AI” during the OAuth flow, but BrowserOS does not clearly explain:
For a privacy-sensitive product, this needs to be explicit.
Requested clarification
Please document, in plain language, the exact data flow for Connect Apps integrations such as Gmail:
Suggested improvements
It would help to add one or more of the following:
Current ambiguity
Right now, users can reasonably read “credentials stay local” and assume the whole integration is local/private, even though the connection flow and code structure suggest there is still a Klavis-backed remote component involved.
That wording may be technically true but still incomplete in a way that matters for user trust.
Environment