Privacy Policy

Last updated: October 8, 2025

1. Information We Collect

We collect information you provide directly to us when you create an account, use our services, or communicate with us:

  • Email address and encrypted password
  • Date of birth and user type (student, professional, etc.)
  • Study sessions, questions, and AI-generated content
  • Browser extension usage data and page interactions
  • Payment information (processed securely through Stripe - we never store card details)
  • Referral codes and program participation
  • Contact form submissions and support communications

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our AI-powered study services
  • Process payments and manage subscriptions through Stripe
  • Generate AI responses, summaries, and study materials using OpenAI GPT-4
  • Send transactional emails (account verification, subscription updates, password resets)
  • Provide customer support and respond to inquiries
  • Analyze usage patterns to improve our product and user experience
  • Prevent fraud, abuse, and security incidents
  • Comply with legal obligations and enforce our Terms of Service

3. Data Storage and Security

We implement industry-standard security measures:

  • Passwords encrypted using bcrypt (10+ rounds)
  • Data stored in secure PostgreSQL databases with encryption at rest
  • All communications encrypted with HTTPS/TLS
  • JWT token-based authentication with 7-day expiry
  • Payment processing handled entirely by Stripe (PCI DSS Level 1 compliant)
  • Regular security audits and updates
  • Access controls and monitoring systems

Important: No security system is impenetrable. While we use commercially reasonable efforts to protect your data, we cannot guarantee absolute security and you use our service at your own risk.

4. Third-Party Services

We use the following third-party services, each with their own privacy policies:

  • OpenAI (GPT-4): For AI-powered question answering and text summarization. Your content may be processed by OpenAI's API.
  • Stripe: For payment processing. Stripe handles all payment card data - we never store or access your card information.
  • SendGrid: For transactional emails (welcome emails, password resets, subscription notifications).
  • Google Cloud Storage: For optional file storage (PDFs, syllabi, course materials).

By using Knote Flow, you acknowledge that your data will be processed by these third parties in accordance with their respective privacy policies. We are not responsible for the privacy practices of these third-party services.

5. Data Sharing and Disclosure

We do not sell your personal information to anyone.

We may share your information only in the following limited circumstances:

  • Service Providers: With third parties like OpenAI, Stripe, and SendGrid to operate our service
  • Legal Requirements: When required by law, subpoena, or legal process
  • Safety and Security: To protect rights, property, or safety of Knote Flow, our users, or the public
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)
  • With Your Consent: When you explicitly authorize us to share information

6. Your Rights and Choices

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Download your study sessions and content
  • Opt-Out: Unsubscribe from marketing emails (we send very few)
  • Cancellation: Cancel your subscription anytime from account settings

To exercise these rights, contact us at privacy@knoteflow.com. We will respond within 30 days.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Upon account deletion, we will delete or anonymize your personal data within 30 days, except where we must retain it for legal, tax, or regulatory purposes (e.g., transaction records for 7 years).

Study sessions and AI-generated content are deleted immediately when you delete your account, unless required for legal compliance.

8. Children's Privacy (COPPA Compliance)

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@knoteflow.com and we will delete it immediately.

9. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country of residence. By using Knote Flow, you consent to the transfer of your information to countries outside your country of residence, including the United States.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect, use, and disclose
  • Right to request deletion of your personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your CCPA rights

To exercise these rights, email privacy@knoteflow.com with "CCPA Request" in the subject line.

11. Cookies and Tracking

We use cookies and similar technologies for authentication, preferences, and analytics:

  • Essential Cookies: Required for authentication and security (cannot be disabled)
  • Preference Cookies: Remember your settings like dark mode
  • Analytics: Help us understand how users interact with our service

You can control cookies through your browser settings, but disabling essential cookies may limit functionality.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or prominent notice within the service. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of Knote Flow after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@knoteflow.com

General Inquiries: support@knoteflow.com