1. Who we are
Knoku is operated by MIKPA LLC, a Wyoming limited liability company with mailing address 169 Madison Ave STE 11534 Unit 337, New York, NY 10016, United States. For privacy questions, contact [email protected].
2. Roles
- For account holders (Customers): we act as the controller of your account information and the personal data you provide directly to us.
- For Visitors of customer-embedded widgets: the customer is the controller of conversation data submitted through the widget on their site; Knoku acts as their processor under the Data Processing Agreement.
3. Information we collect
Account information
When you sign up we collect:
- email address;
- first and last name;
- password (stored only as a salted hash) or OAuth identifier from Google or GitHub;
- email verification status; and
- your acceptance of the Terms, Privacy Policy, and DPA.
Customer Content
Through the dashboard and CLI you submit documentation sources (Markdown, MDX, reStructuredText, and similar formats). Knoku parses this content into a hierarchical tree structure and also generates vector embeddings (stored in our PostgreSQL database via pgvector) to support retrieval and search.
Conversations and analytics
When a Visitor uses the widget on a customer’s site, the following are stored against the customer’s project: the question and answer text, the documents cited in the answer, an opaque session identifier, message timestamps, and aggregate usage counters (number of messages, input/output tokens, cost in cents). If the customer has identified the Visitor through the optional identification flow, an associated user identifier and email may also be stored.
Approximate geographic location
At the start of each chat session, we derive an approximate geographic location from the Visitor’s IP address using a self-hosted MaxMind GeoLite2 database baked into our application image. The IP address itself is not stored; only the derived metadata (country, optionally city and approximate coordinates) is persisted on the session record. No third-party network request is made for this lookup. Customers can change the precision (country-level, city-level, or off) at any time in their project’s Settings → Privacy. This product includes GeoLite2 data created by MaxMind, available from maxmind.com.
Billing
Payment data (card details, billing address, tax identifiers) is collected and stored by Stripe, Inc. on our behalf. We receive only the customer ID, last four digits of the card, brand, and subscription status.
Operational data
We collect server logs and error traces needed to operate the Service. These are kept on Knoku’s own infrastructure and are not shared with any third-party error monitoring vendor.
Cookies and local storage
We use a small number of first-party cookies and browser storage entries; the full list is in the Cookie Policy.
4. How we use information
- to create your account, authenticate you, and provide the Service;
- to process payments and prevent fraud;
- to operate the widget, generate answers from your documentation, and surface analytics;
- to send transactional emails such as verification, password reset, billing receipts, and security notifications;
- to monitor stability, debug issues, and improve the Service (excluding the training of foundation models on Customer Content);
- to enforce our Terms, comply with law, and respond to lawful requests.
We do not sell personal data and we do not use Customer Content to train foundation models.
5. Legal bases (EEA / UK)
Where the EU/UK GDPR applies, we rely on (a) contract to provide the Service you request, (b) our legitimate interests in operating, securing, and improving the Service, (c) your consent for non-essential cookies, and (d) legal obligation for tax, accounting, and lawful requests.
6. Sharing and sub-processors
We share personal data only with vendors that help us operate the Service. The current list of sub-processors is published in the Data Processing Agreement; it includes:
- Stripe — payment processing;
- Resend — transactional email delivery;
- Anthropic and OpenAI — large language model and embedding inference for generating answers (accessed directly or via routing services such as OpenRouter);
- Fly.io — application hosting and managed PostgreSQL database (default region: Frankfurt).
We may also disclose information to comply with law, enforce our Terms, or protect the rights, property, or safety of Knoku, our users, or others.
7. International transfers
Knoku is operated from the United States and our infrastructure currently runs in the European Union (Fly.io Frankfurt region). Where personal data is transferred between jurisdictions, we rely on Standard Contractual Clauses or another lawful transfer mechanism with our sub-processors.
8. Retention
- Account data is retained while your account exists and for a reasonable period after closure to comply with legal obligations.
- Customer Content and conversations are retained for as long as the associated project or organization exists. Deleting a project or organization deletes the related Customer Content from active systems; backups are rotated within 35 days.
- Billing records are retained for the period required by tax and accounting law.
- Server logs are retained for up to 90 days unless needed for ongoing investigation.
9. Security
We use TLS 1.2+ for data in transit, encrypt data at rest at the database level, encrypt session cookies with AES-GCM, hash passwords with bcrypt, scope database credentials, apply least-privilege access controls, and log administrative actions. No system is perfectly secure; please notify [email protected] if you suspect a security issue.
10. Your rights
Depending on where you live you may have rights to access, correct, delete, port, restrict processing of, or object to processing of your personal data, and to lodge a complaint with your supervisory authority. To exercise rights related to your account, use the in-app settings (you can delete your organization from the settings page) or email [email protected]. Visitors of a customer site should contact that customer (the controller) first; if a Visitor contacts us directly, we will forward the request to the relevant customer and assist them in responding.
California residents may have additional rights under the CCPA/CPRA. We do not sell or share personal information for cross-context behavioural advertising.
11. Children
The Service is not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal data from children.
12. Changes to this policy
We may update this Privacy Policy. The “Last updated” date at the top will reflect the most recent revision. Material changes will be announced in-app or by email.
13. Contact
MIKPA LLC, 169 Madison Ave STE 11534 Unit 337, New York, NY 10016, United States. Privacy contact: [email protected]. General support: [email protected].