Privacy Policy

Last updated 9 July 2026. We collect what the product needs and nothing more.

What we collect

  • Account data— your email address, and your organization’s name. Passwords are handled by our auth provider and never stored by us in readable form.
  • Telemetry you send us — the host, event and pipeline data your agents and integrations report. You choose what to send.
  • Design-partner applications — the email, company, team size, infrastructure details and answers you submit on our form.
  • Operational logs — request logs kept briefly to debug and to limit abuse.

We do not run third-party advertising or analytics trackers on this site, and we do not sell or share your data with data brokers.

Why we collect it

To operate your account, show you your own infrastructure, keep the service secure, and decide who to invite as a design partner. Nothing else.

Who can see it

Members of your organization, and no one else. Isolation is enforced by the database, not by our application code — see our security page. A small number of our engineers can access production data when required to operate or debug the service.

Processors we rely on

  • Supabase — database and authentication. Your data is stored in the EU (eu-central-1).
  • Vercel — application hosting and edge delivery.

How long we keep it

Telemetry and account data for as long as your organization exists. Delete your organization and its rows are deleted with it. Design-partner applications are kept until we launch, then removed unless you became a customer.

Your rights

If you are in the UK or EU, you may ask for a copy of your data, ask us to correct it, or ask us to delete it. Email privacy@knoxed.ai and we will act within 30 days. You may also complain to your local data protection authority.

Cookies

One session cookie, set when you sign in, so the site knows it is you. It is httpOnly and strictly necessary. We set no advertising cookies, so there is no consent banner to dismiss.

Changes

If we change this policy materially we will email account holders rather than quietly editing this page.

Note: drafted for clarity, not by a lawyer. Have counsel review it before you process data for paying customers, and name your data controller entity and jurisdiction.