Privacy Policy

Last updated: January 19, 2025

Kynthar ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document intelligence platform.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, company name, and billing information when you create an account
• Document Data: Documents (invoices, receipts, purchase orders) you upload for processing
• Communications: Messages you send us via support, chat, or email
• Payment Information: Billing details processed securely through our payment processor (Stripe)

1.2 Information We Collect Automatically

• Usage Data: Pages visited, features used, time spent, and interaction patterns
• Device Information: Browser type, operating system, IP address, and device identifiers
• Cookies and Tracking: We use cookies and similar technologies (see Section 5)
• Log Data: Server logs, error reports, and performance metrics

2. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: Process documents, extract data, and deliver our core AI-powered document intelligence service
• Account Management: Create and manage your account, authenticate users, and provide customer support
• Model Training: Improve our AI models and extraction accuracy (documents are anonymized and aggregated)
• Billing and Payments: Process payments, manage subscriptions, and send invoices
• Communications: Send service updates, security alerts, and respond to your inquiries
• Analytics: Understand usage patterns, improve our service, and develop new features
• Security: Detect fraud, prevent abuse, and protect against security threats
• Legal Compliance: Comply with applicable laws, regulations, and legal processes

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

3.1 Service Providers

We work with third-party service providers who perform services on our behalf:

• Cloud Infrastructure: AWS (Amazon Web Services) for hosting and storage
• Payment Processing: Stripe for secure payment processing
• AI Services: OpenAI (GPT models) and xAI (Grok models) for document processing. These providers may retain API data temporarily per their policies.
• Analytics: Google Analytics for usage analytics (anonymized)
• Email Services: For transactional emails and notifications

3.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights and safety.

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access controls and principle of least privilege
• Authentication: Secure password hashing (bcrypt) and session management
• Monitoring: Continuous security monitoring and vulnerability scanning
• Backups: Regular encrypted backups with disaster recovery procedures

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

4.1 Security Breach Notification

In the event of a data breach affecting your information, we will notify you via email within 72 hours of discovery and report to relevant authorities as required by law.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: Google Analytics to understand usage patterns (you can opt out via browser settings)
• Performance Cookies: Monitor service performance and errors

You can control cookies through your browser settings. Disabling essential cookies may limit service functionality.

6. Data Retention

• Active Accounts: We retain your data while your account is active
• Deleted Accounts: Data is deleted within 30 days of account deletion, except where legally required to retain
• Document Data: Processed documents are retained for 30 days, then automatically deleted
• Backups: Backup copies are retained for 30 days and securely destroyed thereafter
• Aggregated Data: Anonymized, aggregated analytics may be retained indefinitely

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Portability: Export your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing emails (service emails are required)
• Restriction: Request limited processing of your information

To exercise these rights, email us at privacy@kynthar.com.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) for data transfers outside the EU/EEA
• Compliance with GDPR, CCPA, and other applicable data protection laws
• Use of service providers with robust data protection practices

9. Children's Privacy

Our service is not directed to children under 13 (or 16 in the EU). We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice in the application

Your continued use of the service after changes become effective constitutes acceptance of the updated policy.

11. Third-Party Links

Our service may contain links to third-party websites (e.g., accounting software integrations). We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

12. Contact Us

13. Specific Regional Rights

13.1 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information (with certain exceptions)
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising CCPA rights

13.2 European Residents (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Legal basis for processing: Contract performance, legitimate interests, or consent
• Right to lodge a complaint with your local data protection authority
• Right to object to processing based on legitimate interests
• Right to withdraw consent at any time (where processing is based on consent)

Our EU representative: Contact privacy@kynthar.com