Privacy Policy

Last updated: March 28, 2026

1. Introduction

Kizna.ai ("we", "our", or "the Service") is an AI-powered automation platform. This Privacy Policy explains how we collect, use, share, and protect your personal data, and describes your rights under applicable laws including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Japan's Act on the Protection of Personal Information (APPI).

2. Data We Collect

  • Account data: Email address and authentication credentials.
  • OAuth tokens: Access tokens for third-party services you connect (e.g., Gmail, Slack, Notion), stored securely via Nango.
  • Flow data: Automation workflows and execution logs you create.
  • Billing data: Payment and subscription information processed by Stripe. We do not store card numbers.
  • Usage data: Technical logs (IP address, timestamps, API calls) for security and service improvement.

3. Legal Basis for Processing (GDPR)

  • Contract performance: Processing necessary to provide the Service you signed up for.
  • Legitimate interests: Security monitoring, fraud prevention, and service improvement.
  • Legal obligation: Compliance with applicable laws.
  • Consent: Where you have explicitly provided consent (e.g., connecting a third-party service).

4. Google User Data

When you connect Gmail, we request only the permissions required to execute your automation flows (reading and sending emails). We do not store email content beyond execution. Your Google user data is never used for advertising, never sold, and never shared with third parties except as required to execute your flows. Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Processors

We use the following trusted sub-processors to operate the Service:

  • Supabase — Database and authentication (US)
  • Nango — OAuth token management (US)
  • Stripe — Payment processing (US)
  • Vercel — Hosting and infrastructure (US)
  • Anthropic / OpenAI / Google — AI model providers (US)

International data transfers to the US are conducted under appropriate safeguards (Standard Contractual Clauses or equivalent frameworks).

6. Data Retention

We retain your data for as long as your account is active. Execution logs are retained for 90 days. Upon account deletion, your personal data is deleted within 30 days, except where retention is required by law.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your personal data ("right to be forgotten").
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection / Restriction: Object to or restrict certain types of processing.
  • Withdraw consent: Revoke connected service access at any time from Settings.
  • CCPA (California): Right to know, delete, and opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at privacy@kizna.ai. We will respond within 30 days.

8. Security

We use TLS encryption for data in transit and encryption at rest. OAuth tokens are managed by Nango and never exposed in plaintext. Access to production systems is restricted and monitored.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via the Service. Continued use of the Service after changes constitutes acceptance.

10. Contact

For privacy-related inquiries or to exercise your rights:
privacy@kizna.ai

Kizna.ai