Security
Security & data handling
ResolveKit is designed with security and data control as core requirements, not afterthoughts.
Open-source transparency
The ResolveKit SDK is released under the AGPL-3.0 license. You can inspect every line of code, audit data flows, and verify exactly what happens inside your app. No hidden telemetry. No opaque analytics.
Self-host option
Run the entire ResolveKit stack on your own infrastructure. Your data never leaves your environment unless you explicitly configure it to communicate with external LLM providers.
LLM provider data
Session data sent to LLM providers (OpenAI, Anthropic, or self-hosted models) is limited to what is needed for the support interaction. We recommend using enterprise API agreements that guarantee zero data retention for training purposes.
Approval boundaries
The approval system ensures that sensitive actions cannot execute without explicit consent. Policies define what auto-runs, what requires user approval, and what is always blocked — enforced at the SDK level.
Session trace logging
Every support session is logged with full context: what the agent saw, what it proposed, what approvals were granted, and what actions executed. This creates an auditable trail for compliance and debugging.
AGPL compliance
ResolveKit is licensed under AGPL-3.0. If you modify and distribute the SDK, you must also make your modifications available under the same license. Commercial licenses are available for teams that need different terms.