Privacy Policy

Last updated: May 7, 2026

1. Information We Collect

Account Information

When you register, we collect your name, email address, and organization name. If you upgrade to a paid plan, payment information is processed by Stripe — we do not store credit card numbers.

Platform Credentials

When you connect social media, newsletter, or blog platforms, we store OAuth access tokens encrypted with AES-256-GCM. These tokens are used solely to publish content on your behalf. We never store your platform passwords.

Content Data

We store the content you create (posts, newsletters, articles), scheduling data, analytics snapshots, and engagement items (comments, replies) pulled from connected platforms.

Usage Data

We collect log data including IP addresses, browser type, pages viewed, and feature usage for service improvement and security monitoring.

2. How We Use Your Information

• To provide and maintain the Service
• To publish content to your connected platforms on your behalf
• To generate AI-powered content suggestions using your brand voice settings
• To display analytics and engagement data from connected platforms
• To send transactional emails (team invitations, password resets, billing receipts)
• To improve the Service based on usage patterns

3. AI Content Processing

When you use AI features, your prompts and brand voice settings are sent to our AI provider (currently via OpenRouter). We do not use your content to train AI models. AI-generated content is created on-demand and associated with your organization.

4. Data Sharing

We do not sell your personal information. We share data only with:

• Connected platforms — to publish content you authorize
• Stripe — for payment processing
• AI providers — for content generation (prompts only, no personal data)
• Email service — for transactional emails

We may disclose information if required by law or to protect our rights.

5. Data Security

We implement industry-standard security measures including:

• AES-256-GCM encryption for platform access tokens
• Bcrypt hashing for passwords and API keys
• Row-level security (RLS) for multi-tenant data isolation
• HTTPS encryption for all data in transit
• Immutable audit logs for all sensitive operations

6. Data Retention

We retain your data while your account is active. After account deletion, we permanently delete your data within 30 days. Analytics snapshots and audit logs may be retained in anonymized form for up to 12 months.

7. Your Rights

You have the right to:

• Access and export your data at any time
• Correct inaccurate information
• Delete your account and all associated data
• Disconnect any connected platform at any time
• Opt out of non-essential communications

8. Cookies

We use essential cookies for authentication (session tokens). We do not use third-party tracking cookies or advertising cookies.

9. Children's Privacy

The Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification.

11. Contact

For privacy inquiries, contact us at privacy@kontentkannon.com.