Legal

Privacy Policy

How we collect, use, secure, and process personal data when you use Kenvy.ai services.

Effective Date

December 3, 2025

Last Updated

December 3, 2025

1. Introduction

This Privacy Policy describes how we collect, use, and protect information when you use our AI-powered content generation and scheduling platform (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Phone number (used as primary identifier)
  • Password (encrypted and stored securely)
  • Session data (authentication tokens, login timestamps)

2.2 Content and Media

We collect and store content you create or upload:

  • Images uploaded for AI processing or reference
  • AI-generated images created through our Service
  • Text prompts and captions provided for content generation
  • Scheduled posts and their associated metadata
  • Asset library content (stored images and their properties)

2.3 Social Media Credentials

When you connect social media accounts, we collect:

  • OAuth access tokens for Instagram, Facebook, and Twitter/X
  • Social media account identifiers (user IDs, page IDs)
  • Token expiration timestamps

2.4 Payment Information

Payment processing is handled by Stripe. We store:

  • Stripe customer ID
  • Subscription status and tier
  • AI credit balance and usage history
  • Payment-related actions and timestamps

We do not store credit card numbers or payment details. All payment information is securely processed and stored by Stripe in accordance with PCI DSS standards.

2.5 Usage Data

We automatically collect:

  • API requests and responses
  • Feature usage statistics
  • Error logs and system diagnostics
  • IP addresses and request metadata

3. How We Use Your Information

We use the collected information for:

  • Service Provision: To provide, maintain, and improve our AI content generation and scheduling services
  • Content Processing: To generate, store, and publish content on your behalf to connected social media platforms
  • Authentication: To verify your identity and manage your account access
  • Billing: To process payments and manage subscriptions
  • Support: To respond to inquiries and provide customer support
  • Analytics: To analyze usage patterns and improve service quality
  • Security: To detect, prevent, and address technical issues and fraudulent activity

4. Data Storage and Security

4.1 Storage Infrastructure

Your data is stored on secure cloud infrastructure:

  • Database: PostgreSQL with encrypted connections
  • Object Storage: S3-compatible storage with encryption at rest
  • Geographic Location: EU Central region (Frankfurt, Germany)

4.2 Security Measures

We implement industry-standard security practices:

  • TLS/SSL encryption for all data in transit
  • Bcrypt password hashing with salt
  • Session-based authentication with secure HTTP-only cookies
  • Content Security Policy (CSP) headers to prevent XSS attacks
  • HSTS (HTTP Strict Transport Security) enforcement
  • Regular security updates and vulnerability patches

5. Third-Party Services

We integrate with third-party services to provide functionality:

  • Google Gemini AI: For image generation and AI processing
  • Stripe: For payment processing and subscription management
  • Instagram/Facebook Graph API: For social media publishing
  • Twitter/X API: For social media publishing
  • WhatsApp Business API: For messaging features

Each third-party service operates under its own privacy policy. We recommend reviewing their respective policies for information on how they handle your data.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • With Your Consent: When you authorize publishing to social media platforms
  • Service Providers: With third-party services necessary to operate our platform (payment processing, cloud hosting, AI services)
  • Legal Requirements: When required by law, court order, or government regulation
  • Protection of Rights: To protect our rights, property, or safety, or that of our users or the public
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

7. Your Rights and Choices

7.1 Access and Control

You have the right to:

  • Access your personal data stored in our system
  • Update or correct inaccurate information
  • Delete your account and associated data
  • Export your content and data
  • Revoke social media account connections at any time

7.2 Data Retention

We retain your data:

  • Account data: Until you delete your account
  • Generated content: Until you manually delete it
  • Usage logs: 90 days for operational purposes
  • Payment records: As required by tax and financial regulations (typically 7 years)

Upon account deletion, we will permanently remove your personal data within 30 days, except where retention is required by law.

8. International Data Transfers

Our services are hosted in the European Union (EU Central region). By using our Service, you consent to the transfer and processing of your data in accordance with this Privacy Policy and applicable data protection laws, including GDPR.

9. Children's Privacy

Our Service is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately, and we will take steps to delete such information.

10. AI-Generated Content

Content generated using our AI services:

  • You retain ownership of your prompts and uploaded reference images
  • Generated images are provided to you for your use and are stored in your account
  • We may temporarily process your content through third-party AI services (Google Gemini) as necessary to provide the Service
  • You are responsible for ensuring your use of AI-generated content complies with applicable laws and platform policies
  • We do not claim ownership of AI-generated content created using our Service

11. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

  • THE SERVICE IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND
  • WE ARE NOT LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES
  • WE ARE NOT RESPONSIBLE FOR CONTENT PUBLISHED TO THIRD-PARTY PLATFORMS
  • WE ARE NOT LIABLE FOR SERVICE INTERRUPTIONS, DATA LOSS, OR SECURITY BREACHES BEYOND OUR REASONABLE CONTROL
  • YOU AGREE TO INDEMNIFY AND HOLD HARMLESS THE SERVICE PROVIDER FROM ANY CLAIMS ARISING FROM YOUR USE OF THE SERVICE

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Sending an email notification to your registered phone number (if applicable)
  • Displaying a prominent notice on our Service

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

13. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us through our website contact form.

© 2025. All rights reserved.