Teams & Security
The two-level structure
Section titled “The two-level structure”Kelet has two levels of tenancy: orgs and projects.
Org — maps to your company. All data isolation happens at the org level. No data ever crosses org boundaries — strict row-level security at the database. Users and API keys belong to an org.
Project — represents a single agentic flow. One customer support agent, one coding assistant, one document processor. Prod and staging are separate projects. Use one project per agentic flow per environment.
Projects
Section titled “Projects”A project is not just an environment tag — it’s a unit of ownership and responsibility. Two agent flows are separate projects if they have distinct ownership, a clear interface boundary, and independent development.
Examples:
customer_support_prodandcustomer_support_stag→ two projects (same flow, different environments)- Your app calling an external agent → two projects (separate ownership at the boundary)
- Two independent internal agents → two projects
Agents within a project are auto-discovered from traces. You don’t register them manually.
Set the project in the SDK:
KELET_PROJECT=my-agent-prodOr pass it directly to configure() / kelet.configure().
API keys
Section titled “API keys”Two key types — never mix them:
| Key | Prefix | Where to use |
|---|---|---|
| Secret key | sk_... | Server-side only. Sends traces and signals. Never expose in frontend code. |
| Publishable key | pk_... | Frontend-safe. Used in KeletProvider (React SDK) to send signals only. Cannot send traces. |
Get both from Settings → API Keys in the console.
API keys are org-scoped — one key authenticates to the whole org. Project is specified separately via KELET_PROJECT.
Project-scoped keys are planned for the future.
Users & teams
Section titled “Users & teams”Users are granted access to an org — that gives them access to all projects within it. Add teammates from Settings → Team in the console.
Current model: org-level access only. Per-project permissions are planned.
Security
Section titled “Security”Your production data is sensitive. Here’s exactly how Kelet handles it.
SOC 2 certified. Kelet is SOC 2 compliant — independently audited controls covering security, availability, and confidentiality.
Your data never trains public models. Kelet automatically fine-tunes private models for your account to improve root-cause analysis over time. Those models are yours, trained on your traces, and never shared or used to improve anyone else’s system. No public model training. Ever.
Hard tenant isolation. Every org is a hard tenant. Data is isolated at the database level with strict row-level security — no query can cross org boundaries. There is no “soft” separation that could leak under load or misconfiguration.
Retention and compliance. Kelet enforces strict data retention periods aligned with enterprise security standards. Data is purged on schedule — you don’t have to manage it.
Need a DPA, custom retention policies, or enterprise SLAs? Contact us to discuss the enterprise plan.