Personal Sources

How Ballast protects personal source data.

Personal sources allow users to connect their individual accounts (Gmail, personal Google Drive, etc.) with enhanced privacy protections.

What Are Personal Sources?

Personal sources are data connections that belong to individual users rather than the organization:

  • Personal Gmail account
  • Personal Google Drive (My Drive)
  • Personal Slack DMs
  • Personal calendar

Privacy Model

User-Level Encryption

Personal source data is encrypted with keys derived from the user’s authentication. This means:

  • Only the user can access their personal data
  • Admins cannot see personal source content
  • Other users cannot search personal sources

Search Behavior

When a user searches:

  1. Shared sources - Results visible to anyone with collection access
  2. Personal sources - Results only visible to the user who connected them

Results from both are merged seamlessly in the user’s view.

Connecting Personal Sources

Users connect personal sources individually:

  1. Go to collection settings
  2. Click Connect Personal Source
  3. Choose the source type (Gmail, Drive, etc.)
  4. Complete OAuth authorization
  5. Data syncs to your personal index

Access via API

Personal source data is only accessible via user-scoped API keys:

// This key can access John's Gmail
bk_user_john_key_123

Organization-scoped and collection-scoped keys cannot access personal data, even if they have admin permissions.

MCP Access

For Claude to search personal sources via MCP:

  1. Create a user-scoped API key
  2. Use that key in Claude Desktop config
  3. Claude can now search your personal data

Disconnecting Personal Sources

Users can disconnect personal sources at any time:

  1. Go to collection settings
  2. Find your personal source
  3. Click Disconnect

This removes:

  • OAuth tokens
  • Indexed data
  • All personal content from search

Admin Visibility

Admins can see:

  • Which users have connected personal sources
  • Last sync times
  • Connection status

Admins cannot see:

  • Personal source content
  • Search results from personal sources
  • OAuth tokens

Security Considerations

  • Personal sources are as secure as your Ballast account
  • Use strong passwords and 2FA
  • Review which personal sources you’ve connected periodically
  • Disconnect sources you no longer need