Purpose: these are inbound-help tools
The Connector and the Agent exist to bring your own Kowalah programme data to you and help you act on it. They are not data-collection tools.Claude Connector
Lets a user ask about and explore their Kowalah data from inside Claude, and raise a new idea. It answers questions; it does not gather information about your organization.
Kowalah Agent
Coaches your team on applying AI to their real work, in Slack or Teams. It uses skills (a coach, a use-case advisor, and a workflow designer) to be a sparring partner — its value is the help it gives, not data it takes.
The direction of data flow
Almost everything flows from Kowalah to your user — the tools read your programme data and present it in the conversation. There is exactly one path in the other direction.The only way data goes back to Kowalah
The connector exposes three tools, and exactly one of them writes anything:| Tool | Direction | What it does |
|---|---|---|
| Get an update | Read | Returns your programme status. Nothing is written. |
| Find an accelerator | Read | Searches the library. Nothing is written. |
| Raise an opportunity | Write (create only) | Creates one new opportunity record, only when the user explicitly asks to. |
- No tool that uploads, exports, syncs, or copies your data to Kowalah
- No tool that reads your files, email, drives, calendars, or source code
- No background process that harvests conversations or scans your workspace
- No ability to edit or delete existing data
What each surface can reach
- Claude Connector
- Kowalah Agent
The Connector can reach only the three Kowalah tools. It has no access whatsoever to anything else on the user’s machine or in your environment — no files, no email, no other applications. There is no private data for it to exfiltrate, because it cannot see any private data outside Kowalah in the first place.
What the Agent remembers
To be a useful coach across a conversation, the Agent keeps short-lived context for the thread and a per-user/per-organization memory. This is held in Anthropic’s managed infrastructure (a named subprocessor), scoped to the individual user and their organization, and is never pooled across customers or used to train models. It is processing to help the user in the moment, not collection into Kowalah’s systems. Conversation content is not written into Kowalah’s customer database unless the user raises an opportunity.How to validate this yourself
You don’t have to take our word for any of the above. Here’s how your security team can verify it independently.Enumerate the tool surface
The connector advertises its full tool list over the standard MCP protocol (
tools/list), and it’s documented at available tools. Confirm for yourself that there are three tools, that two are read-only, and that none can upload, export, or read anything outside Kowalah.Audit the OAuth scopes in your own admin console
For the Agent, your Slack or Teams admin console shows exactly which permissions the app requested and was granted. Confirm there are no file, drive, email, or external-data scopes. See chat platform security for the full list and the reason for each.
Monitor egress with your existing tooling
The Connector and Agent only communicate with
mcp.kowalah.com and Anthropic. Your CASB, DLP, or network egress monitoring will confirm there are no other destinations and no bulk data transfers.Inspect everything that was created
Because the only write is an opportunity, you can see exactly what has ever been sent to Kowalah: every opportunity appears in your own workspace with an
OPP-XXXX number, the submitter, and the full content. Nothing reaches Kowalah without leaving this audit trail.Confirm it only acts when addressed
Your Slack or Teams audit log records when the app was invoked. Confirm the Agent only acts when directly addressed — an
@mention or a direct message — and never passively.