Privacy Policy

1. Information We Collect

We collect information you provide directly to us, information generated as you use the Service, and in some cases information from third parties. Specifically:

Account and profile information

• Full name and email address when you register for an account
• Business name, website, and industry when you set up your organization
• Profile photo if you choose to upload one
• Billing address and payment method details (processed securely by Stripe — we never store raw card numbers)

Data you create or import

• Contact records (names, emails, phone numbers, notes) that you add or import
• Form definitions and form submission responses collected via your embedded forms
• Appointment and scheduling data, including event types, availability rules, and booked appointments
• Notes, tags, pipeline stages, and other CRM data you enter for your contacts

Usage and technical information

• IP address, browser type, operating system, and referring URL
• Pages visited, features used, and actions taken within the Service
• Error logs and performance diagnostics to help us identify and fix problems
• Session tokens used to keep you authenticated

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service — including processing form submissions, booking appointments, and managing contacts on your behalf
• Send transactional notifications such as appointment confirmations, form submission alerts, and account activity emails
• Process payments and manage your subscription through Stripe
• Respond to your support requests and communicate with you about your account
• Detect and prevent fraud, abuse, and security incidents
• Analyze aggregate usage patterns to improve and develop the Service
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data or your customers' data for advertising.

3. Data Storage and Security

Your data is stored on infrastructure provided by Supabase and Amazon Web Services (AWS), which are hosted in the United States. All data is encrypted in transit using TLS 1.2 or higher and encrypted at rest using AES-256 encryption.

We implement industry-standard security controls including role-based access control, audit logging, and regular security reviews. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

4. Third-Party Services

We share limited information with the following trusted third-party providers solely to operate the Service:

• Stripe — payment processing. Stripe receives your billing information and processes payments on our behalf. Stripe's use of your data is governed by the Stripe Privacy Policy.
• Resend — transactional email delivery. Resend receives recipient email addresses and message content to deliver emails we send on your behalf (appointment reminders, form notifications, etc.).
• Google — OAuth authentication. If you sign in with Google, we receive your name, email address, and profile picture from Google. If you enable Google Calendar sync, we access your calendar events with your explicit permission.
• Supabase / AWS — infrastructure and database hosting. These providers store your data on our behalf and are bound by data processing agreements.

We do not share your information with any other third parties unless required by law or with your explicit consent.

5. Google User Data

When you connect your Google account to Konnecs, we access specific Google user data only with your explicit permission through OAuth 2.0 consent. This section describes how we handle Google user data in compliance with the Google API Services User Data Policy.

Data accessed

• Google Calendar events — event titles, dates, times, attendees, and meeting links (scope: calendar.events). Used to sync appointments between Konnecs and your Google Calendar.
• Gmail messages — email content and metadata (scopes: gmail.readonly, gmail.send). Used to read incoming messages and send emails on your behalf through workflow automations and sequences.
• Google Contacts — contact names, email addresses, and phone numbers (scope: contacts.readonly). Used to import your existing contacts into Konnecs.
• Basic profile information — your name, email address, and profile picture. Used for authentication when you sign in with Google.

How we use Google user data

• Google Calendar data is used exclusively to create, read, and sync appointment events between Konnecs and your Google Calendar. We do not modify or delete events that were not created by Konnecs.
• Gmail data is used exclusively to send emails on your behalf as part of workflow automations you configure, and to read incoming messages for sequence tracking. We do not scan or analyze email content for advertising or any purpose unrelated to the features you use.
• Google Contacts data is used exclusively for a one-time import of your contacts into Konnecs. After import, the data is stored in your Konnecs account and we do not re-access your Google Contacts unless you initiate another import.

Data sharing

We do not share Google user data with any third parties. Google user data is only processed on our servers to provide the features described above. We do not use Google user data for advertising, market research, or to train machine learning / AI models.

Data storage and protection

• Google OAuth tokens (access tokens and refresh tokens) are encrypted at rest using AES-256-GCM with a dedicated encryption key before being stored in our database.
• Google user data is stored on Supabase / AWS infrastructure in the United States, protected by TLS 1.2+ in transit and AES-256 encryption at rest.
• Access to Google user data is restricted to authenticated users within the organization that authorized the connection. No other Konnecs users or organizations can access your Google data.

Data retention and deletion

• You can disconnect your Google account from Konnecs at any time via Settings → Integrations. When you disconnect, we immediately delete your stored OAuth tokens and stop accessing your Google data.
• If you delete your Konnecs account, all Google user data and OAuth tokens are permanently deleted within 30 days.
• Imported Google Contacts data remains in your Konnecs account as regular contact records. These are deleted when you delete the contacts or your account.

6. SMS / Text Messaging

When you book an appointment or submit a form through the Konnecs platform, you may provide your phone number and consent to receive transactional SMS text messages. These messages are limited to:

• Appointment confirmation messages sent immediately after booking
• Appointment reminder messages sent before your scheduled appointment
• Scheduling updates such as reschedules or cancellations initiated by the service provider

Message frequency: Typically 1–3 messages per appointment. Message frequency varies based on your appointment activity.

Message and data rates may apply. Your carrier's standard messaging rates apply to all SMS messages sent by Konnecs. Konnecs does not charge any additional fees for SMS messages.

Opt-out: You can opt out of SMS messages at any time by replying STOP to any message you receive from us. After opting out, you will receive a one-time confirmation message and no further SMS messages will be sent. You may opt back in at any time by replying START.

Help: For assistance, reply HELP to any SMS message, or contact us at hello@konnecs.com.

We do not use your phone number for marketing or promotional messages. We do not share your phone number with third parties for their marketing purposes. SMS messages are sent via Twilio, our trusted third-party messaging provider, solely to deliver the transactional messages described above. Carriers are not liable for delayed or undelivered messages.

7. Cookies

We use a small number of strictly necessary cookies to operate the Service:

• Session authentication cookies that keep you logged in during your visit. These cookies are essential to the functioning of the Service and cannot be disabled.
• A CSRF protection token to secure form submissions.

We do not currently use tracking cookies, advertising cookies, or analytics cookies from third parties. We do not use any pixel-based tracking. If this changes in the future, this policy will be updated and we will seek your consent where required by applicable law.

8. Data Retention and Deletion

We retain your account data for as long as your account is active or as needed to provide the Service. Specifically:

• If you delete your account, we will remove your personal data and organization data within 30 days, except where we are required to retain it for legal or tax compliance purposes.
• Backups may retain copies of your data for up to an additional 90 days after deletion, after which they are permanently purged.
• Form submission data, contact records, and appointment data are deleted as part of account deletion unless you export them first.

You can request deletion of your account at any time from Settings → Account, or by emailing us at hello@konnecs.com.

9. Your Rights

Depending on where you are located, you may have the following rights with respect to your personal information:

• Access — the right to request a copy of the personal information we hold about you
• Correction — the right to request that we correct inaccurate or incomplete data
• Deletion — the right to request that we delete your personal information
• Portability — the right to receive your data in a structured, machine-readable format
• Objection — the right to object to certain types of processing
• Restriction — the right to request that we restrict processing in certain circumstances

To exercise any of these rights, please contact us at hello@konnecs.com. We will respond to all requests within 30 days.

10. GDPR Compliance (EU / EEA Users)

If you are located in the European Union or European Economic Area, we process your personal data under the General Data Protection Regulation (GDPR). Our lawful bases for processing are:

• Contract performance — processing necessary to provide the Service you signed up for
• Legitimate interests — improving the Service, fraud prevention, and security
• Legal obligation — retaining records where required by law
• Consent — where we have asked for and received your explicit permission

As our servers are located in the United States, your data is transferred outside the EEA. We rely on Standard Contractual Clauses (SCCs) and our sub-processors' adherence to applicable transfer mechanisms to ensure adequate protection.

11. CCPA Notice (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the right to know what personal information we collect, the right to delete it, the right to opt out of the sale of personal information, and the right to non-discrimination for exercising your rights.

We do not sell personal information as defined under CCPA. To submit a request to know or delete, contact us at hello@konnecs.com.

12. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from anyone under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice in the app at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

The date at the top of this page indicates when this policy was last revised. We encourage you to review it periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: