Privacy & security · Cannula Robotics

Identity

You sign in with your @cannularobotics.com Google account through Cloudflare Access. The intranet never sees your password. Your email is attached to chat requests so we can attribute usage, not so we can profile you.

Model traffic

All chat traffic goes through cr-ai-proxy → Cloudflare AI Gateway → Anthropic. Anthropic Zero Data Retention is enabled on the CR org — your prompts and completions are not retained for training, not used to improve models, not stored beyond the request lifecycle.

If the AI Gateway is misconfigured, cr-ai-proxy falls through to api.anthropic.com directly so chat never breaks. The Anthropic API key lives only on the proxy as an encrypted Worker secret.

Retrieval

Notion, Granola, and Drive content is indexed into Cloudflare Vectorize inside the CR account. Embeddings are produced by Workers AI inside Cloudflare — text never leaves Cloudflare for embedding. Source links point back to the original system; the intranet doesn’t try to replace those systems’ permissions models.

Drive access uses a user OAuth refresh token, not a service account. That means files indexed reflect a specific user’s Drive permissions — if that user loses access to a file, indexing for that file falls off naturally.

What we log

Chat: model, token counts, latency, user email, request ID. Not the message content (after short debugging windows close).
Retrieval: query string, sources hit, latency. Source content is not logged — only metadata.
Ingest: counts and errors per run. Page IDs but not page contents.
Access: every page hit at the CF Access layer. Standard CF retention.

What you should not send

Patient-identifying data. Anything covered by an NDA we haven’t approved for indexing. Credentials of any kind. The model is a teammate, not a vault.

Secrets

All credentials are stored as Cloudflare Worker / Pages secrets encrypted at the edge. They are never written to the repository, never visible in logs, and never echoed in tool output. Account IDs and API tokens are treated as sensitive even when not strictly secret.