Privacy Policy

Last Updated: November 27, 2025

Effective Date: November 27, 2025

This Privacy Policy describes how Kveeky, a Delaware company ("we," "us," "our," or "Kveeky"), collects, uses, discloses, and protects your personal information when you use our website, applications, and services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

1. Information We Collect

1.1 Information You Provide Directly

Account Information When you create an account, we collect:

• Email address
• Password (encrypted)
• Name (if provided)
• Profile information you choose to add

Payment Information When you subscribe to our Services, we collect:

• Billing name and address
• Payment method details (credit card, debit card)

Note: Payment information is processed and stored by our third-party payment processor (e.g., Stripe). We do not store complete credit card numbers on our servers. We only retain the last four digits of your card, card type, and expiration date for reference purposes.

Communication Information When you contact us, we collect:

• Email correspondence
• Support ticket content
• Feedback and survey responses

User Content When you use our Services, we collect:

• Content you input into our AI-powered tools
• Files you upload
• Outputs generated through the Services
• Usage preferences and settings

1.2 Information from Third-Party Authentication Providers

We offer the ability to register and sign in using third-party authentication services. When you choose to authenticate through these services, we receive certain information from them as described below.

Social Login and Authentication Providers

We may offer authentication through the following third-party providers:

• Google (Google Sign-In)
• Apple (Sign in with Apple)
• Facebook (Facebook Login)
• LinkedIn (LinkedIn Sign-In)
• X (formerly Twitter)
• Phone Number / SMS Authentication
• WhatsApp Authentication

Information Received from Authentication Providers

When you authenticate using a third-party provider, we may receive the following information depending on the provider and your privacy settings with that provider:

• Google: Email address, name, profile picture, locale, email verification status
• Apple: Email address (real or relay), name (if provided), user identifier
• Microsoft: Email address (real or relay), name (if provided), user identifier
• Facebook: Email address, name, profile picture, user ID
• LinkedIn: Email address, name, profile picture, headline, public profile URL
• X (Twitter): Email address (if available), username, name, profile picture
• Phone/SMS: Phone number, verification status
• WhatsApp: Phone number, name (if available), verification status

Important Notes About Third-Party Authentication:

• The information we receive is determined by the third-party provider and your privacy settings with that provider
• We do not control what information these providers share with us
• We do not receive or store your passwords for these third-party services
• Your relationship with these providers is governed by their respective privacy policies and terms of service
• You can manage the information shared with us through your privacy settings on each provider's platform
• Revoking our access through the provider's settings may affect your ability to sign in to our Services

Third-Party Provider Privacy Policies:

We encourage you to review the privacy policies of any authentication providers you use:

• Google
• Apple
• Microsoft
• Facebook/Meta
• LinkedIn
• X (Twitter)
• WhatsApp

1.3 Information Collected Automatically

Usage Data We automatically collect information about your interaction with our Services, including:

• Features used and actions taken
• Date and time of access
• Duration of sessions
• Error logs and performance data

Device and Technical Information

• IP address
• Browser type and version
• Operating system
• Device type and identifiers
• Screen resolution
• Language preferences

Authentication and Security Data

• Login timestamps and frequency
• Authentication method used
• Session identifiers
• Security events (failed logins, password resets)
• Device fingerprints for fraud prevention

Cookies and Similar Technologies We use cookies, pixels, and similar tracking technologies to collect information. See Section 8 for more details.

1.4 Information from Third-Party Services

We may receive information about you from:

• Payment processors (transaction confirmations, fraud alerts)
• Analytics providers
• Third-party authentication services (as described in Section 1.2)
• Identity verification services (if applicable)
• Fraud prevention services

2. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery

• Provide, operate, and maintain our Services
• Process your inputs and generate AI-powered outputs
• Authenticate your identity and manage your account
• Process payments and manage subscriptions

Authentication and Security

• Verify your identity when you sign in
• Maintain secure access to your account
• Detect and prevent fraudulent or unauthorized access
• Protect against account takeover and identity theft
• Comply with authentication provider requirements

Service Improvement

• Analyze usage patterns to improve our Services
• Develop new features and functionality
• Fix bugs and troubleshoot issues
• Conduct research and analysis

Communication

• Send transactional emails (receipts, confirmations, account alerts)
• Respond to your inquiries and support requests
• Send service updates and announcements
• Send marketing communications (with your consent, where required)

Legal and Security

• Comply with legal obligations
• Enforce our Terms of Service
• Detect, prevent, and address fraud, abuse, and security issues
• Protect the rights, property, and safety of Kveeky and our users

3. AI Data Processing

3.1 How We Process Your Content

Our Services use artificial intelligence to process your inputs and generate outputs. When you use our AI-powered features:

• Your inputs are sent to our servers and may be processed by third-party AI providers (such as OpenAI, Anthropic, or similar services) to generate outputs
• Processing is done in real-time to provide the Services
• We implement technical safeguards to protect your content during processing

3.2 AI Training

We do not use your personal inputs to train our AI models without your explicit consent. Your content is processed solely to provide the Services you requested.

We may use anonymized, aggregated data that cannot be linked back to you for:

• Improving our Services
• Developing new features
• Research and analysis

3.3 Third-Party AI Providers

Our AI processing may involve third-party providers. These providers:

• Process data according to their own privacy policies and terms
• Are contractually bound to maintain confidentiality
• May retain data for their operational purposes as described in their policies

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Payment Processing: Processing subscriptions and payments (e.g., Stripe, PayPal)
• Cloud Hosting: Storing and serving our application (e.g., AWS, Google Cloud, Azure, Cloudflare)
• AI Processing: Generating AI-powered outputs (e.g., OpenAI, Anthropic, Google Gemini)
• Analytics: Understanding usage patterns (e.g., Google Analytics, Mixpanel)
• Email Services: Sending transactional and marketing emails (e.g., SendGrid, Mailchimp, Mailazy)
• Customer Support: Managing support tickets (e.g., Zendesk, Intercom, Freshdesk)
• Authentication: Verifying user identity (e.g., Auth0, Firebase Auth, MojoAuth, SSOJet)
• Identity Verification: Preventing fraud and verifying identity
• SMS/Phone Verification: Phone number authentication (e.g., Twilio, MessageBird, AWS)

These providers are contractually obligated to use your information only for the purposes of providing services to us and in accordance with this Privacy Policy.

4.2 Authentication Providers

When you use third-party authentication (Google, Apple, Facebook, LinkedIn, X, Phone/WhatsApp), certain information flows between us and these providers as necessary to authenticate your identity. This is governed by both this Privacy Policy and the respective provider's privacy policy.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, government requests)
• Requests from law enforcement agencies
• To protect our rights, privacy, safety, or property
• To protect against legal liability

4.4 Business Transfers

If Kveeky is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your personal information.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Retention

5.1 Retention Periods

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account Information: Duration of account + 90 days after deletion
• Payment/Billing Records: 7 years (legal/tax requirements)
• User Content/Inputs: Duration of account + 30 days after deletion
• Usage Data: 24 months
• Support Communications: 3 years
• Marketing Preferences: Until consent withdrawn
• Authentication Logs: 12 months
• Security/Fraud Prevention Data: Up to 7 years

5.2 Deletion

When you delete your account:

• Your profile and account information will be deleted within 90 days
• Your user content will be deleted within 30 days
• Certain information may be retained as required by law (billing records)
• Anonymized, aggregated data may be retained indefinitely
• Connections to third-party authentication providers will be severed, but you may need to revoke access separately through those providers

5.3 Third-Party Authentication Data

When you disconnect a third-party authentication provider or delete your account:

• We will delete the data we received from that provider
• We cannot delete data held by the third-party provider—you must manage that directly with them
• Some data may be retained for security, fraud prevention, or legal compliance

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

Technical Safeguards

• Encryption of data in transit (TLS/SSL)
• Encryption of sensitive data at rest
• Secure password hashing
• Regular security assessments and penetration testing
• Multi-factor authentication support
• Secure token handling for third-party authentication

Authentication Security

• OAuth 2.0 / OpenID Connect protocols for social logins
• Secure session management
• Automatic session expiration
• Brute force protection and rate limiting
• Suspicious activity detection

Organizational Safeguards

• Access controls and authentication
• Employee training on data protection
• Incident response procedures
• Vendor security assessments

Limitations No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. The security of your account also depends on maintaining the security of your third-party authentication accounts.

7. International Data Transfers

Kveeky is based in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our servers and service providers are located.

7.1 Transfer Mechanisms

For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States, we rely on:

• Standard Contractual Clauses approved by the European Commission
• Your explicit consent where applicable
• Other lawful transfer mechanisms as appropriate

7.2 Third-Party Authentication Providers

When you use third-party authentication services, your data may also be transferred internationally by those providers according to their own transfer mechanisms and privacy policies.

7.3 Adequate Protection

We ensure that any international transfers of personal data are subject to appropriate safeguards as required by applicable data protection laws.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

• Essential Cookies: Required for basic functionality (authentication, security, session management) - Session / Persistent
• Functional Cookies: Remember your preferences and settings - Persistent
• Analytics Cookies: Understand how you use our Services - Persistent
• Marketing Cookies: Deliver relevant advertisements (if applicable) - Persistent
• Authentication Cookies: Maintain your logged-in state - Session / Persistent

8.2 Third-Party Cookies

We may allow third-party service providers to place cookies on your device for analytics and advertising purposes. These third parties have their own privacy policies.

Authentication providers may also set cookies when you use social login features.

8.3 Managing Cookies

You can control cookies through your browser settings:

• Block all cookies
• Block third-party cookies
• Delete cookies when you close your browser
• Receive alerts before cookies are placed

Note: Disabling certain cookies may affect the functionality of our Services, including authentication features.

8.4 Do Not Track

Our Services do not currently respond to "Do Not Track" signals. However, you can manage your tracking preferences through the cookie settings described above.

9. Your Rights and Choices

9.1 Account Controls

You can access, update, or delete your account information at any time through your account dashboard:

• Update profile information
• Change password
• Manage notification preferences
• Connect or disconnect third-party authentication providers
• Download your data
• Delete your account

9.2 Authentication Provider Connections

You can manage your connected authentication providers:

• View which providers are connected to your account
• Disconnect providers (note: you must maintain at least one login method)
• Add new authentication methods

To fully revoke access, you should also remove our application from your connected apps in each provider's settings.

9.3 Communication Preferences

You can opt out of marketing communications by:

• Clicking "unsubscribe" in any marketing email
• Updating your preferences in account settings
• Contacting us at [email protected]

Note: You cannot opt out of transactional communications related to your account and subscription.

9.4 Data Portability

You may request a copy of your personal data in a structured, commonly used, machine-readable format.

10. Region-Specific Rights

10.1 European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

• Right to Access You have the right to request access to your personal data and obtain a copy of the information we hold about you.
• Right to Rectification You have the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten") You have the right to request deletion of your personal data when:
  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent (where processing is based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation
• Right to Restriction of Processing You have the right to request restriction of processing in certain circumstances.
• Right to Data Portability You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to Object You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe our processing of your personal data violates applicable law.

Legal Basis for Processing We process your personal data based on the following legal grounds:

• Contract: Processing necessary to perform our contract with you (providing the Services)
• Legitimate Interests: Processing necessary for our legitimate business interests (improving Services, fraud prevention, security)
• Consent: Processing based on your consent (marketing communications, optional third-party authentication)
• Legal Obligation: Processing necessary to comply with legal requirements

Third-Party Authentication Under GDPR When you choose to authenticate via third-party providers, this is based on your consent. You may withdraw this consent by disconnecting the provider from your account, though this may affect your ability to access our Services.

To exercise your GDPR rights, please contact us at [email protected] or [email protected].

10.2 California (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know You have the right to request information about:
  • Categories of personal information collected
  • Specific pieces of personal information collected
  • Categories of sources from which information is collected
  • Purposes for collecting or selling personal information
  • Categories of third parties with whom information is shared
• Right to Delete You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing You have the right to opt out of the sale or sharing of your personal information. We do not sell your personal information.
• Right to Limit Use of Sensitive Personal Information You have the right to limit the use and disclosure of sensitive personal information.
• Right to Non-Discrimination You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA rights.

Categories of Personal Information Collected (Past 12 Months)

• Identifiers: Name, email, IP address, phone number, social media identifiers - Collected: Yes
• Commercial Information: Subscription history, transaction records - Collected: Yes
• Internet/Network Activity: Browsing history, usage data, authentication logs - Collected: Yes
• Geolocation Data: General location from IP address - Collected: Yes
• Professional Information: Company name (if provided) - Collected: Yes
• Inferences: Preferences derived from usage - Collected: Yes

Verification To protect your privacy, we may need to verify your identity before responding to your request. We may ask you to provide information that matches our records.

To exercise your CCPA/CPRA rights, please contact us at [email protected] or [email protected].

10.3 Other Jurisdictions

If you are located in other jurisdictions with data protection laws (including Brazil's LGPD, Canada's PIPEDA, Australia's Privacy Act, etc.), you may have similar rights under applicable local laws. Please contact us to exercise your rights.

11. Third-Party Authentication Disclaimer

11.1 No Control Over Third-Party Providers

We use third-party authentication providers for your convenience. However:

• We do not control these providers or their data practices
• We are not responsible for the availability, security, or functionality of these services
• We cannot guarantee the accuracy or completeness of information received from these providers
• Changes to these providers' terms, features, or data sharing practices may affect our Services

11.2 Your Responsibility

When using third-party authentication, you are responsible for:

• Maintaining the security of your accounts with these providers
• Reviewing and understanding the privacy policies and terms of these providers
• Managing your privacy settings with each provider
• Revoking access through the provider's settings if you no longer want to use their authentication

11.3 Provider Outages and Changes

We are not liable for:

• Outages or unavailability of third-party authentication providers
• Changes to authentication provider APIs or features
• Data breaches at third-party authentication providers
• Termination of your account with a third-party provider
• Loss of access to our Services due to issues with third-party authentication

11.4 Account Security

If you believe your account or any connected authentication provider has been compromised:

• Immediately change your passwords
• Revoke access to our application from the provider's settings
• Contact us at [email protected]
• Contact the affected authentication provider

12. Children's Privacy

Our Services are not intended for individuals under the age of 18 (or under 16 in the European Union). We do not knowingly collect personal information from children.

If we learn that we have collected personal information from a child without verification of parental consent, we will take steps to delete that information promptly.

If you believe we may have collected information from a child, please contact us immediately at [email protected].

13. Third-Party Links and Services

Our Services may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices.

We encourage you to review the privacy policies of any third-party services you access through our Services, including authentication providers.

14. Automated Decision-Making

14.1 How We Use Automated Processing

We may use automated systems for:

• Fraud detection and prevention
• Account security monitoring
• Usage limit enforcement
• Content moderation
• Service optimization

14.2 Your Rights

If you are subject to a decision based solely on automated processing that significantly affects you, you may have the right to:

• Request human review of the decision
• Express your point of view
• Contest the decision

To exercise these rights, contact us at [email protected].

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

Notification of Changes

• We will post the updated Privacy Policy on this page with a new "Last Updated" date
• For material changes, we will notify you by email and/or prominent notice on our Services before the changes become effective
• Your continued use of the Services after the effective date constitutes acceptance of the updated Privacy Policy

We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Privacy-Specific Inquiries: [email protected]

Response Time We aim to respond to all inquiries within 30 days. For GDPR and CCPA requests, we will respond within the timeframes required by applicable law.