knownodeknownode
← knownode

Privacy Policy

Effective date: April 2026

This Privacy Policy explains what personal data knownode.ai collects, how we use it, who we share it with, and what rights you have. We've written it in plain English. If anything's unclear, email river@knownode.ai.

If you're in the EU, UK, or another GDPR jurisdiction, this policy is structured to cover your rights under that law.

1. Who's responsible for your data

knownode.ai operates this service. For GDPR purposes, we're the data controller for your personal data. You can reach us at river@knownode.ai.

We don't have an EU representative yet. If we need one as we grow, we'll appoint one and update this page.

2. What we collect

We collect only what we need to make the product work and improve it.

When you create an account:

  • Email address
  • Name
  • Password (hashed, never stored in plaintext) — or a Google OAuth identifier if you sign in with Google

When you use the service:

  • Session content — the questions the AI asks you and your answers
  • Mastery progress — which concepts you've worked on and how well you understand them
  • Streak data — how consistently you use the product
  • Referral data — the links you share and who signed up through them

Automatically:

  • Basic log data (IP address, browser type, timestamp of requests) — used for security, debugging, and preventing abuse
  • Minimal cookies (see section 7)

We do notcollect payment information (we're free during beta), precise location, contacts, or anything from other apps on your device.

3. How we use it

  • To run the service — authenticate you, save your progress, generate AI responses to your sessions
  • To improve the product— understand which features work, fix bugs, identify where users get stuck (in aggregate; we don't read individual sessions for product decisions)
  • To communicate with you— send account-related emails, beta updates, and responses to your support requests. We'll ask before adding you to any marketing email list
  • To prevent abuse — detect fake accounts, referral abuse, scraping, and security incidents
  • To comply with the law — respond to valid legal requests

GDPR legal bases: We process your data under (a) contract — running the service you signed up for; (b) legitimate interest — improving the product and preventing abuse; and (c) consent — for anything optional you explicitly opt in to.

We don't sell your data. We don't use your session content to train AI models. We don't share data with advertisers.

4. Who we share it with

We use a small number of trusted third-party services to run knownode.ai. Each gets only the data it needs to do its job.

ServiceWhat it doesWhat it gets
Anthropic (Claude API)Generates the AI's Socratic questions and responsesThe content of your current session — sent in real time, not retained by Anthropic for training per their API terms
SupabaseStores your account, session data, and progressEverything in section 2 above, encrypted at rest
VercelHosts the application and serves it to your browserRequest metadata (IP, user agent, timestamps)
Google (OAuth, optional)Lets you sign in with a Google accountYour Google email and a user ID, only if you choose to sign in with Google

Each of these processors is bound by their own privacy terms and applicable data protection law. When we send data from the EU to the US, we rely on Standard Contractual Clauses and each provider's GDPR commitments.

If we add a new processor, we'll update this table before the change takes effect.

5. How long we keep it

  • Account data (email, name) — for as long as your account is active. If you delete your account, we remove it within 30 days
  • Session content and mastery progress — for as long as your account is active, so you can review and continue your learning. Deleted when you delete your account
  • Referral data — kept until you delete your account, so the referral system keeps working
  • Logs (IP, request metadata) — up to 90 days, then deleted or anonymized
  • Anonymized aggregated data — we may keep this indefinitely, because it can no longer be tied to you

Some data we may need to keep longer if the law requires it. When that applies, we keep only what's necessary and delete it when the obligation ends.

6. Your rights

Under GDPR (and similar laws like CCPA), you have the right to:

  • Access — ask us what data we have about you
  • Correct — fix anything that's wrong
  • Delete— ask us to remove your data (“right to be forgotten”)
  • Export — get a copy of your data in a portable format
  • Restrict or object — tell us to stop processing your data for specific purposes
  • Withdraw consent — where we rely on consent, you can withdraw it any time
  • Complain — lodge a complaint with your local data protection authority

To exercise any of these rights, email river@knownode.ai. We'll respond within 30 days (usually faster — it's a small team). We won't charge you or make you jump through hoops.

7. Cookies

We keep cookies minimal.

  • Essential cookies— required to keep you signed in and keep the site secure. You can't turn these off without breaking the site
  • No third-party advertising cookies
  • No cross-site tracking

If we add analytics later, we'll use a privacy-respecting option (like Plausible or similar — no cookies, no personal identifiers) and update this page.

8. Security

We use standard security practices:

  • Passwords hashed with bcrypt or equivalent
  • Data encrypted in transit (TLS) and at rest (Supabase default encryption)
  • Access to production systems limited to people who need it
  • Regular review of third-party service configurations

No system is perfectly secure. If there's a breach that affects your data, we'll tell you — and the relevant authority, where the law requires — within 72 hours of discovering it, as GDPR requires.

9. International data transfers

knownode.ai is operated from the United States and uses service providers in the US and EU. If you're in the EU or UK, your data may be transferred outside your jurisdiction. We rely on Standard Contractual Clauses and equivalent safeguards for those transfers.

10. Children

knownode.ai is for adults (18+). We don't knowingly collect data from anyone under 18. If you think a child has created an account, email us and we'll delete it.

11. Changes to this policy

We may update this policy as the product evolves or the law changes. If we make material changes, we'll email you or post a notice in the app at least 14 days before they take effect. The “effective date” at the top always shows the current version.

12. Contact

Privacy questions, data requests, concerns, or complaints: river@knownode.ai