Privacy Policy

Konshus.ai (“Konshus,” “we,” “us,” “our”) operates the Konshus Vault — a service that lets you capture personal context, distill it into a portable representation of how you think (your “Konshus”), and export that representation. You can reach us at hello@konshus.ai.

This policy describes how we collect, use, store, share, and protect information when you visit konshus.ai, sign up for an account, or use the Vault. It applies to information collected through the service. It does not apply to third-party sites we link to.

Information you give us directly:

• Account information: email address, display name, and authentication credentials.
• Content you submit to your Vault: journal entries, pasted text, ChatGPT and Claude exports, uploaded documents, prompts, and any notes or metadata you add.
• Communications: messages you send to support, feedback you submit in-app, and responses to onboarding prompts.
• Billing information: name and email passed to our payment processor (Stripe).

Information we derive from your content:

• Extracted “atoms” (small structured units of meaning), patterns, themes, and persona artifacts that we generate when you ask us to distill your Vault.
• Voice corpus samples and stated-identity statements you confirm during distillation.

Information we collect automatically:

• Usage data: page views, feature events, approximate timestamps, browser type, device type, and referrer. We use this to operate and improve the service.
• Limited technical logs (IP address, request metadata) retained for security, abuse prevention, and debugging.

Google user data (only if you connect Google Calendar):

• Your Google account email address, used to label the connection and confirm which account is linked.
• An OAuth refresh token issued by Google, encrypted at rest and stored solely so we can pull calendar events on your behalf. We never request or store your Google password.
• Calendar event data accessed via the Google Calendar API under the https://www.googleapis.com/auth/calendar.readonly scope — event title, description, start/end time, location, and attendees — for events you choose to sync (by default, the most recent 90 days). Synced events become artifacts in your Vault and are subject to the same protections as everything else you store with us.
• Google user data is read only after you click Connect Google Calendar and approve Google's consent screen. You can disconnect at any time from the Calendar Sync settings; doing so revokes and deletes the refresh token and stops all further reads. Google user data is never sold, never shared with third parties beyond what is required to operate the integration, and never used to train any AI model — ours or anyone else's. Konshus's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Information we do not collect:

• Payment card numbers. Card details are handled directly by Stripe; we never see or store them.
• Precise location data.
• Data from third-party services unless you explicitly import it (e.g., uploading a ChatGPT export).

• To provide the Vault: store your content, render it back to you, and run the features you use.
• To distill your Konshus: extract atoms, surface patterns, and generate persona exports — only on artifacts you have not marked “exclude from distillation.”
• To process payments, send receipts, and manage your subscription.
• To send transactional email (account, billing, security, and product updates you opted into).
• To monitor performance, detect abuse, and protect the integrity of the service.
• To respond to your requests and provide support.
• To comply with legal obligations.

• Contract: to deliver the service you signed up for.
• Consent: for optional features such as distillation of a given artifact, marketing email, or human review of flagged content.
• Legitimate interest: for security, fraud prevention, and basic product analytics.
• Legal obligation: when we must retain or disclose information by law.

We rely on a small set of vendors to operate the service. Each is bound by contract to protect your data:

• Supabase — database, authentication, and file storage.
• Stripe — payment processing and subscription management.
• AI model providers (OpenAI, Google, and similar) — model inference for distillation and persona generation. Content is sent to these providers only when you take an action that requires it (e.g., distilling an artifact). Providers process content to return a response and, under their enterprise terms, do not use it to train their models.
• Google (Google Calendar API) — optional data source. When you connect Google Calendar, we use Google's APIs to read events from your account and store an encrypted refresh token to maintain the connection. Used only to power the Calendar Sync feature; not used to train any model.
• Email provider — transactional and account email delivery.
• Hosting and CDN — to serve the application.

We update this list as our infrastructure evolves. Material changes will be reflected here.

• We do not sell your personal information.
• We do not share your content with advertisers or data brokers.
• We do not use your content to train our own or any third party's foundation models.
• We do not read your private content for any purpose other than delivering the service to you, unless you explicitly request human help or we are required to investigate abuse or comply with law.

We share information only in these limited cases:

• With sub-processors listed above, to operate the service.
• If you direct us to (e.g., generating a persona export and sharing the resulting file yourself).
• To comply with valid legal process, when required by law.
• To protect the rights, safety, or property of Konshus, our users, or the public.
• In connection with a merger, acquisition, or asset transfer — with notice to you and the same protections continuing to apply.

• Your content is retained until you delete it or close your account.
• When you delete an artifact, we perform a hard delete with an audit record; the content is removed from active storage and from backups within a commercially reasonable window.
• When you close your account, we delete or anonymize your personal data within 30 days, except where we are required to retain limited information for legal, tax, or accounting purposes.
• Logs and analytics data are retained for a limited period (typically up to 12 months) and then aggregated or deleted.
• If you disconnect Google Calendar (or close your account), we revoke the Google OAuth refresh token with Google and delete it from our systems. Calendar events that were already synced into your Vault as artifacts remain there until you delete them or close your account, at which point they follow the same deletion rules as the rest of your content.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Export your Vault and derived data in a portable format.
• Correct inaccurate information.
• Delete your account and content.
• Withdraw consent for optional processing.
• Object to or restrict certain processing.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, email hello@konshus.ai. We respond within 30 days.

We protect your data with encryption in transit (TLS) and at rest, row-level access controls, and authenticated server-side enforcement. Two-factor authentication is available on your account. No system is perfectly secure; if we become aware of a breach affecting your data, we will notify you and the appropriate authorities as required by law.

We are based in the United States, and our sub-processors may store or process data in other countries. Where required, we rely on standard contractual clauses and equivalent safeguards to protect cross-border transfers.

Konshus is intended for users 18 and older. We do not knowingly collect information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.

We use a small number of first-party cookies and local storage to keep you signed in, remember preferences, and measure how the service is used. We do not use third-party advertising cookies.

We may update this policy from time to time. When we do, we will update the effective date above and, for material changes, notify you by email or in-app notice before the change takes effect.

Questions, concerns, or requests? Email hello@konshus.ai. A real human reads every message.