Privacy Policy

Information you provide directly:

• Account registration: your email address and password (stored as a salted hash — we never store your password in plain text).
• Billing information: payment details (card number, billing address) are collected and processed by our payment processor, Stripe. We store only a tokenized reference and the last four digits of your card — we never see or store your full card number.
• Communications: if you contact us by email or submit a support request, we retain that correspondence.
• User-generated content: saved products, alert preferences, and any other data you create within the Service.

Information collected automatically:

• Usage data: pages viewed, features used, search queries within the platform, and interactions with product cards. This is used to improve the Service and is not sold to third parties.
• Log data: IP address, browser type, operating system, referring URL, and timestamps. Logs are retained for up to 90 days for security and debugging purposes.
• Cookies and local storage: we use session cookies for authentication and small amounts of local storage to remember your UI preferences (such as filter and sort settings). We do not use advertising or tracking cookies.

We use the information we collect to:

• Provide, operate, and improve the Service
• Process payments and manage your subscription
• Send transactional emails (account confirmation, billing receipts, password reset)
• Send product update and feature announcement emails — you can opt out at any time
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations
• Respond to your support requests and communications

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

If you are located in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

• Contract performance: processing necessary to provide the Service you signed up for
• Legitimate interests: fraud prevention, security, product improvement, and communications about your account
• Legal obligation: compliance with applicable law
• Consent: marketing emails (you can withdraw consent at any time)

We share personal data only in the following limited circumstances:

• Service providers: trusted vendors who process data on our behalf under confidentiality agreements, including Stripe (payments), Supabase (authentication and database), Render (cloud hosting), and SendGrid (transactional email). These providers may only use your data to perform services for us.
• Legal requirements: if required by law, court order, or governmental authority, we may disclose information to comply with that obligation.
• Business transfers: if Kitsunoko is acquired, merged, or undergoes a change of control, your information may be transferred as part of that transaction. We will notify you by email before your data is subject to a different privacy policy.
• With your consent: for any other purpose with your explicit permission.

We retain your account data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymize your personal data within 90 days, except where we are required to retain it for legal or regulatory compliance (such as billing records, which are kept for 7 years under tax law).

Aggregated, anonymized analytics data that cannot identify you may be retained indefinitely.

We use industry-standard security measures including HTTPS encryption in transit, bcrypt password hashing, row-level security in our database, and access controls that restrict data access to authorized personnel only.

No system is completely secure. In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law.

We use only the following cookies and storage mechanisms:

• Authentication session cookie: keeps you logged in. Expires when you log out or after 30 days of inactivity. Required for the Service to function.
• UI preference storage: remembers your dashboard filter and sort settings using browser local storage. No personal data is stored.

We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies. There is no cookie consent banner because we do not set any non-essential cookies.

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Correction: request correction of inaccurate data
• Deletion: request deletion of your personal data (“right to be forgotten”)
• Portability: request your data in a structured, machine-readable format
• Objection: object to processing based on legitimate interests
• Restriction: request that we restrict processing of your data
• Withdraw consent: opt out of marketing emails at any time via the unsubscribe link or your account settings

To exercise any of these rights, email us at legal@kitsunoko.com. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are in the EEA or UK and believe we are processing your data unlawfully, you have the right to lodge a complaint with your local data protection authority.

The Service is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If we become aware that a child has provided us with personal information, we will delete it promptly. Contact us at legal@kitsunoko.com if you believe we have inadvertently collected data from a minor.

Kitsunoko is based in the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

For users in the EEA or UK, we rely on Standard Contractual Clauses approved by the European Commission to govern transfers of personal data to the United States.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice in the Service at least 14 days before the changes take effect. The “Effective date” at the top of this page reflects the date of the most recent revision.

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at: legal@kitsunoko.com.

We aim to respond to all privacy-related inquiries within 5 business days.