Legal
Privacy Policy
Last updated: July 5, 2026
1. Overview
BLAZLE ("we", "us", or "our") is an enterprise API security gateway operated by Kolerr Lab. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our platform, website located at blazle.io, and related services (collectively, the "Service").
By using our Service, you agree to the collection and use of information in accordance with this policy. If you disagree with any part of this policy, please discontinue use of our Service.
2. Information We Collect
Account Information When you register for a BLAZLE account, we collect your email address and a securely hashed version of your password. If you sign in via GitHub or Google OAuth, we receive your email address and public profile information from those providers.
Organizational Data We store your organization name, team membership records, and subscription status to enable multi-tenant access controls.
Usage & Telemetry We collect metadata about API requests routed through the BLAZLE gateway: timestamp, quota consumption, risk score, treatment action (allowed/blocked/redacted), and the SHA-256 hash of any blocked payload. We do not store the raw payload content.
Billing Information Billing and payment processing are handled entirely by Stripe. We receive only a Stripe customer ID and subscription status — we never see or store your full card number.
Log Data When you interact with our website, our servers may automatically record standard log data including your IP address, browser type, pages visited, and referring URLs.
Cookies We use essential cookies to maintain your authenticated session (stored as HttpOnly, Secure, SameSite=Strict cookies). With your consent, we use analytics cookies to understand how users navigate our product.
3. How We Use Your Information
We use the information we collect to:
• Provide, maintain, and improve the Service • Authenticate your identity and manage your session • Enforce quota limits and billing entitlements • Send transactional emails (password resets, billing receipts, security alerts) • Detect and prevent fraud, abuse, and security incidents • Respond to your support inquiries • Comply with legal obligations
We do not use your data to train machine learning models, sell it to third parties, or use it for advertising.
4. Zero-Knowledge Payload Handling
BLAZLE is designed with a zero-knowledge architecture for the data it intercepts:
• No payload storage: The content of any prompt, shell command, or code diff you submit to /intercept/* is processed entirely in-memory and never written to disk or any persistent store. • Hash-only deduplication: When a request is blocked, only the SHA-256 hash of the payload is stored to enable deduplication. The hash is cryptographically one-way and cannot be reversed to recover the original content. • Redaction in-flight: When the "redact" action is triggered by a rule, matched secrets are replaced with [REDACTED_*] tokens before any downstream forwarding. The original secret never leaves the gateway.
This architecture means that even in the event of a data breach, your intercepted payload content cannot be recovered by any party.
5. Data Sharing & Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share information in the following limited circumstances:
Service Providers We engage trusted third-party providers to operate our infrastructure: Resend (transactional email), Stripe (billing), and cloud hosting providers. These providers are contractually obligated to process data only as directed by us.
Legal Requirements We may disclose information if required to do so by law, subpoena, court order, or other governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Business Transfers If Kolerr Lab is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership.
6. Data Retention
We retain your account information for as long as your account is active or as needed to provide you services. Audit log records are retained for 7 days (Hacker plan), 90 days (Pro), or 1 year (Enterprise) from the date of creation.
You may request deletion of your account and associated data at any time by contacting us at lab.kolerr@kolerr.com. Upon deletion, personal data is purged within 30 days, subject to legal retention requirements.
7. Security
We implement industry-standard security measures to protect your information:
• All data in transit is encrypted via TLS 1.3 • Passwords are hashed using bcrypt (cost factor 12) and never stored in plaintext • JWT tokens are short-lived (24-hour access tokens) and stored in HttpOnly cookies inaccessible to JavaScript • Session tokens are revocable via a Redis-backed blocklist • Our backend is built in Rust, eliminating entire classes of memory-safety vulnerabilities
No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to using commercially acceptable means to protect your information.
8. Your Rights
Depending on your jurisdiction, you may have the following rights with respect to your personal data:
• Access: Request a copy of the personal data we hold about you • Rectification: Request correction of inaccurate or incomplete data • Erasure: Request deletion of your personal data (right to be forgotten) • Portability: Request your data in a machine-readable format • Objection: Object to certain processing activities • Restriction: Request that we limit how we use your data
To exercise any of these rights, contact us at lab.kolerr@kolerr.com. We will respond within 30 days.
If you are located in the European Economic Area, you have the right to lodge a complaint with your local data protection authority.
10. Children's Privacy
The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us at lab.kolerr@kolerr.com and we will take steps to delete such information.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we will also send an email notification to registered users. Your continued use of the Service after any changes constitutes your acceptance of the new policy.
12. Contact Us
If you have questions about this Privacy Policy, please contact us:
Kolerr Lab Email: lab.kolerr@kolerr.com Website: https://blazle.io/contact