Privacy Policy

1. Information We Collect

We collect information you provide directly to us, information generated as you use the Service, and in some cases information from third parties. Specifically:

Account and profile information

• Full name and email address when you register for an account
• Business name, website, and industry when you set up your organization
• Profile photo if you choose to upload one
• Billing address and payment method details (processed securely by Stripe — we never store raw card numbers)

Data you create or import

• Contact records (names, emails, phone numbers, notes) that you add or import
• Form definitions and form submission responses collected via your embedded forms
• Appointment and scheduling data, including event types, availability rules, and booked appointments
• Notes, tags, pipeline stages, and other CRM data you enter for your contacts

Usage and technical information

• IP address, browser type, operating system, and referring URL
• Pages visited, features used, and actions taken within the Service
• Error logs and performance diagnostics to help us identify and fix problems
• Session tokens used to keep you authenticated

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service — including processing form submissions, booking appointments, and managing contacts on your behalf
• Send transactional notifications such as appointment confirmations, form submission alerts, and account activity emails
• Process payments and manage your subscription through Stripe
• Respond to your support requests and communicate with you about your account
• Detect and prevent fraud, abuse, and security incidents
• Analyze aggregate usage patterns to improve and develop the Service
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data or your customers' data for advertising.

3. Data Storage and Security

Your data is stored on infrastructure provided by Supabase and Amazon Web Services (AWS), which are hosted in the United States. All data is encrypted in transit using TLS 1.2 or higher and encrypted at rest using AES-256 encryption.

We implement industry-standard security controls including role-based access control, audit logging, and regular security reviews. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

4. Third-Party Services

We share limited information with the following trusted third-party providers solely to operate the Service:

• Stripe — payment processing. Stripe receives your billing information and processes payments on our behalf. Stripe's use of your data is governed by the Stripe Privacy Policy.
• Resend — transactional email delivery. Resend receives recipient email addresses and message content to deliver emails we send on your behalf (appointment reminders, form notifications, etc.).
• Google — OAuth authentication. If you sign in with Google, we receive your name, email address, and profile picture from Google. If you enable Google Calendar sync, we access your calendar events with your explicit permission.
• Supabase / AWS — infrastructure and database hosting. These providers store your data on our behalf and are bound by data processing agreements.

We do not share your information with any other third parties unless required by law or with your explicit consent.

5. Cookies

We use a small number of strictly necessary cookies to operate the Service:

• Session authentication cookies that keep you logged in during your visit. These cookies are essential to the functioning of the Service and cannot be disabled.
• A CSRF protection token to secure form submissions.

We do not currently use tracking cookies, advertising cookies, or analytics cookies from third parties. We do not use any pixel-based tracking. If this changes in the future, this policy will be updated and we will seek your consent where required by applicable law.

6. Data Retention and Deletion

We retain your account data for as long as your account is active or as needed to provide the Service. Specifically:

• If you delete your account, we will remove your personal data and organization data within 30 days, except where we are required to retain it for legal or tax compliance purposes.
• Backups may retain copies of your data for up to an additional 90 days after deletion, after which they are permanently purged.
• Form submission data, contact records, and appointment data are deleted as part of account deletion unless you export them first.

You can request deletion of your account at any time from Settings → Account, or by emailing us at hello@konnecs.com.

7. Your Rights

Depending on where you are located, you may have the following rights with respect to your personal information:

• Access — the right to request a copy of the personal information we hold about you
• Correction — the right to request that we correct inaccurate or incomplete data
• Deletion — the right to request that we delete your personal information
• Portability — the right to receive your data in a structured, machine-readable format
• Objection — the right to object to certain types of processing
• Restriction — the right to request that we restrict processing in certain circumstances

To exercise any of these rights, please contact us at hello@konnecs.com. We will respond to all requests within 30 days.

8. GDPR Compliance (EU / EEA Users)

If you are located in the European Union or European Economic Area, we process your personal data under the General Data Protection Regulation (GDPR). Our lawful bases for processing are:

• Contract performance — processing necessary to provide the Service you signed up for
• Legitimate interests — improving the Service, fraud prevention, and security
• Legal obligation — retaining records where required by law
• Consent — where we have asked for and received your explicit permission

As our servers are located in the United States, your data is transferred outside the EEA. We rely on Standard Contractual Clauses (SCCs) and our sub-processors' adherence to applicable transfer mechanisms to ensure adequate protection.

9. CCPA Notice (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you the right to know what personal information we collect, the right to delete it, the right to opt out of the sale of personal information, and the right to non-discrimination for exercising your rights.

We do not sell personal information as defined under CCPA. To submit a request to know or delete, contact us at hello@konnecs.com.

10. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from anyone under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice in the app at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

The date at the top of this page indicates when this policy was last revised. We encourage you to review it periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: