Privacy policy.

Data we collect

During early access, we collect: your Google or Microsoft sign-in profile (email, display name, avatar), documents you upload, metadata you attach, agent queries you make, and platform telemetry (error logs, performance metrics). If you connect a third-party source (Slack, Outlook, Gmail, SharePoint, OneDrive, Google Drive), we additionally store the OAuth refresh token (encrypted at rest with AES-256-GCM) and message / file metadata and extracted text needed to make those sources searchable. We never sell any of this data.

Where your data lives

• Postgres: Neon, us-east-1.
• Object storage: Cloudflare R2, us-east region.
• Compute: Vercel, us-east.
• Telemetry: in-house logs; no third-party ad trackers.

Who has access

Only KumoKodo employees with operational need, for the minimum duration required. Every production access is logged. No third party has blanket access to your documents.

Sub-processors

Current sub-processors: Neon Tech Inc (Postgres), Cloudflare Inc (R2 + edge), Vercel Inc (compute), Anthropic PBC (agent model calls), Inngest Inc (background workflow execution), Google LLC (OAuth + Gmail / Drive connectors when you opt in), Microsoft Corporation (OAuth + Outlook / SharePoint / OneDrive connectors when you opt in), Slack Technologies LLC (Slack connector when you opt in). Connector sub-processors are activated only by your explicit OAuth grant and can be revoked at any time, which triggers a typed-confirmation purge of all data ingested from that connector. We post changes to this list 30 days before they take effect.

Deletion & export

You can request a full export or deletion of your workspace at any time by emailing privacy@kumokodo.ai. We honor the request within 30 days.

Questions

Email privacy@kumokodo.ai.