Kynthar ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document intelligence platform.
1. Information We Collect
1.1 Information You Provide
Account Information: Name, email address, company name, and billing information when you create an account
Document Data: Documents (invoices, receipts, purchase orders) you upload for processing
Communications: Messages you send us via support, chat, or email
Usage Data: Pages visited, features used, time spent, and interaction patterns
Device Information: Browser type, operating system, IP address, and device identifiers
Cookies and Tracking: We use cookies and similar technologies (see Section 5)
Log Data: Server logs, error reports, and performance metrics
2. How We Use Your Information
We use your information for the following purposes:
Service Delivery: Process documents, extract data, and deliver our core AI-powered document intelligence service
Account Management: Create and manage your account, authenticate users, and provide customer support
Model Training: Improve our AI models and extraction accuracy (documents are anonymized and aggregated)
Billing and Payments: Process payments, manage subscriptions, and send invoices
Communications: Send service updates, security alerts, and respond to your inquiries
Analytics: Understand usage patterns, improve our service, and develop new features
Security: Detect fraud, prevent abuse, and protect against security threats
Legal Compliance: Comply with applicable laws, regulations, and legal processes
3. How We Share Your Information
We do not sell your personal information. We share your information only in the following circumstances:
3.1 Service Providers
We work with third-party service providers who perform services on our behalf:
Cloud Infrastructure: AWS (Amazon Web Services) for hosting and storage
Payment Processing: Stripe for secure payment processing
AI Services: OpenAI (GPT models) and xAI (Grok models) for document processing. These providers may retain API data temporarily per their policies.
Analytics: Google Analytics for usage analytics (anonymized)
Email Services: For transactional emails and notifications
3.2 AI and Machine Learning Processing
Our document processing uses the following AI technologies:
Primary: xAI (Grok models) for document parsing and data extraction
Secondary: OpenAI for supplementary processing and validation
How AI Providers Handle Your Data:
Documents transmitted via encrypted API calls (TLS 1.2 or higher)
Data processed per provider enterprise API terms
Your documents are NOT used to train AI models
Data typically retained by providers for 30 days or less per their API terms
You may request human review of any AI-processed result by contacting support@kynthar.com.
3.3 Legal Requirements
We may disclose your information if required by law, court order, or government request, or to protect our rights and safety.
3.4 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
4. Data Security
We implement industry-standard security measures to protect your information:
Encryption: Data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256)
Access Controls: Role-based access controls and principle of least privilege
Authentication: Secure password hashing (bcrypt) and session management
Monitoring: Continuous security monitoring and vulnerability scanning
Backups: Regular encrypted backups with disaster recovery procedures
However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
4.1 Security Breach Notification
In the event of a data breach affecting your information, we will notify you via email within 72 hours of discovery and report to relevant authorities as required by law.
5. Cookies and Tracking Technologies
We use cookies and similar technologies to:
Essential Cookies: Required for authentication and core functionality
Analytics Cookies: Google Analytics to understand usage patterns (you can opt out via browser settings)
Performance Cookies: Monitor service performance and errors
You can control cookies through your browser settings. Disabling essential cookies may limit service functionality.
6. Data Retention
Active Accounts: We retain your data while your account is active
Deleted Accounts: Data is deleted within 30 days of account deletion, except where legally required to retain
Document Data: Processed documents are retained for 30 days, then automatically deleted
Backups: Backup copies are retained for 30 days and securely destroyed thereafter
Aggregated Data: Anonymized, aggregated analytics may be retained indefinitely
6.1 Document Processing Lifecycle
Upload: Documents received via web, email, or API
Storage: Original files stored in AWS S3 (encrypted AES-256)
Processing: Content sent to AI for extraction
Extracted Data: Stored in PostgreSQL database
Retention: Documents retained during subscription + 30 days post-termination
Deletion: Permanent deletion within 60 days of account termination
7. Your Rights and Choices
Depending on your location, you may have the following rights:
Access: Request a copy of your personal information
Correction: Update or correct inaccurate information
Deletion: Request deletion of your account and data
Portability: Export your data in a machine-readable format
Opt-Out: Unsubscribe from marketing emails (service emails are required)
Restriction: Request limited processing of your information
Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:
Standard Contractual Clauses (SCCs) for data transfers outside the EU/EEA
Compliance with GDPR, CCPA, and other applicable data protection laws
Use of service providers with robust data protection practices
9. Children's Privacy
Our service is not directed to children under 13 (or 16 in the EU). We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it immediately.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
Posting the updated policy on this page with a new "Last updated" date
Sending an email notification to your registered email address
Displaying a prominent notice in the application
Your continued use of the service after changes become effective constitutes acceptance of the updated policy.
11. Third-Party Links
Our service may contain links to third-party websites (e.g., accounting software integrations). We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.