Privacy Policy

1. Introduction

Kona Sense ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI security platform.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, company name, and authentication credentials.

2.2 Usage Data

We collect anonymized telemetry about AI interactions, including:

• AI destinations accessed (e.g., ChatGPT, Claude)
• Policy violations and actions taken (redact, block, coach)
• Timestamps and frequency of AI usage
• Data sensitivity classifications (PII detected, secrets found, etc.)

2.3 What We Don't Collect

Important: By default, we do NOT collect or store:

• Your raw prompts or AI responses
• Unredacted sensitive content (PII, credentials, customer data)
• File contents uploaded to AI services

Exception: If you enable "Incident Capture" for security investigations, we may store redacted versions of flagged content for up to 90 days.

3. How We Use Your Information

We use collected information to:

• Provide and improve our AI security services
• Detect and prevent data leaks and security threats
• Generate usage analytics and security dashboards
• Meet compliance and audit requirements
• Communicate with you about service updates

4. Data Storage and Security

All data is encrypted in transit (TLS 1.3+) and at rest (AES-256). We store data in SOC2-certified data centers with configurable data residency (US, EU, UK).

5. Data Retention

You control retention periods (30 days to 7 years). Data is automatically deleted after the retention window expires.

6. Data Sharing

We do NOT sell your data. We may share anonymized, aggregated data for research or security purposes. We may disclose data if required by law or to protect rights and safety.

7. Your Rights (GDPR/CCPA)

You have the right to:

• Access your data
• Request data deletion
• Export your data (data portability)
• Opt out of certain data collection
• Lodge a complaint with a supervisory authority

8. Cookies and Tracking

We use essential cookies for authentication and strictly necessary functionality. Analytics cookies are optional and can be disabled.

9. Third-Party Services

We use limited third-party services (e.g., authentication providers, cloud infrastructure) that are SOC2/ISO certified and GDPR-compliant.

10. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect data from children.

11. International Transfers

Data may be transferred to and processed in countries outside your jurisdiction. We use Standard Contractual Clauses (SCCs) for EU data transfers.

12. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or service notification.

13. Contact Us

For privacy questions or to exercise your rights, contact us at: privacy@konasense.com