Privacy Policy

1. Introduction

Kronova Intelligent Systems ("Kronova," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our enterprise AI platform, services, and related technologies (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

We collect several types of information from and about users of our Services:

2.1 Information You Provide

• Account Information: Name, email address, company name, job title, phone number, and billing information
• Customer Data: Assets, transaction data, operational information, and other content you upload or generate using our Services
• Communications: Information you provide when contacting our support team or participating in surveys
• Payment Information: Credit card details and billing addresses processed through secure third-party payment processors

2.2 Automatically Collected Information

• Usage Data: API calls, feature usage, performance metrics, error logs, and system diagnostics
• Device Information: IP addresses, browser types, operating systems, device identifiers, and time zones
• Cookies and Tracking: Session data, preferences, and analytics information (see Section 8)

2.3 Third-Party Sources

We may receive information about you from third-party services you connect to our platform, including Canton Network, Supabase authentication, and integrated blockchain services.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Services
• Process transactions and manage your account
• Develop and train our AI models and algorithms
• Provide customer support and respond to inquiries
• Send administrative information, updates, and security alerts
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations and enforce our Terms of Service
• Conduct research and development for new features
• Send marketing communications (with your consent)

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data and context:

• Contract Performance: Processing necessary to provide Services under our agreement with you
• Legitimate Interests: Improving Services, preventing fraud, and ensuring security
• Legal Compliance: Fulfilling regulatory requirements and legal obligations
• Consent: Marketing communications and optional features requiring explicit consent

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who perform services on our behalf:

• Cloud infrastructure providers (Vercel, Supabase)
• Payment processors (Stripe)
• Email service providers (Resend)
• Analytics and monitoring services
• Blockchain infrastructure providers (Canton Network)

5.2 Business Transfers

If Kronova is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5.3 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes or government requests
• Enforce our Terms of Service and other agreements
• Protect the rights, property, or safety of Kronova, our users, or others
• Prevent fraud, security breaches, or illegal activities

6. Data Security

We implement robust security measures to protect your information:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Authentication: OAuth 2.1 with PKCE flow and multi-factor authentication support
• Access Controls: Role-based access control (RBAC) and principle of least privilege
• Monitoring: Continuous security monitoring and intrusion detection
• Compliance: SOC 2 Type II certified security practices
• Incident Response: Documented procedures for security breach notification

While we strive to protect your information, no security system is impenetrable. You are responsible for maintaining the confidentiality of your account credentials.

7. Data Retention

We retain your information for as long as necessary to provide Services and fulfill the purposes outlined in this Privacy Policy. Retention periods vary based on:

• Account Data: Retained while your account is active plus 90 days after termination
• Customer Data: Retained according to your subscription agreement or data retention settings
• Transaction Records: Retained for 7 years to comply with financial regulations
• Logs and Analytics: Typically retained for 13 months for operational purposes

We may retain anonymized or aggregated data indefinitely for analytics and research purposes.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Required for authentication and basic functionality
• Analytics Cookies: Help us understand how users interact with our Services
• Preference Cookies: Remember your settings and customization choices

You can control cookies through your browser settings, but disabling certain cookies may limit functionality.

9. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information (subject to legal obligations)
• Portability: Request a copy of your data in a structured format
• Objection: Object to processing based on legitimate interests
• Restriction: Request restricted processing in certain circumstances
• Withdraw Consent: Withdraw consent for processing requiring consent

To exercise these rights, contact us at privacy@kronova.io. We will respond within 30 days.

10. International Data Transfers

Kronova is based in the United States. If you access our Services from outside the U.S., your information may be transferred to, stored, and processed in the United States and other countries.

We implement appropriate safeguards for international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA.

11. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

12. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information (subject to exceptions)
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising CCPA rights

To exercise these rights, email privacy@kronova.io or call 1-800-KRONOVA.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we will provide additional notice such as email notification.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: