Privacy Policy

Effective date: March 23, 2026

1. Introduction

This Privacy Policy describes how konti.bot ("we", "us", "our") collects, uses, stores, and shares your personal information when you use our AI-powered content automation platform ("Service"). We are committed to protecting your privacy and handling your data transparently.

2. Information We Collect

2.1 Account Information

When you create an account through our authentication provider (Clerk), we collect:

  • Email address
  • Name and profile photo (if provided)
  • Account identifiers (user ID, organization ID)

2.2 Project Data (User-Provided)

When you create research projects, you provide:

  • Company name, description, and website URLs
  • Brand assets (logos, images) you upload
  • Reference Instagram accounts and content you specify for analysis
  • Chat messages and instructions to AI agents
  • Edits to AI-generated content (personas, storyboards, scripts)

2.3 AI-Generated Data

The Service generates and stores data on your behalf, including:

  • AI influencer personas (name, handle, tone, content pillars)
  • Content ideas, storyboards, and scripts
  • Produced videos and thumbnails
  • Company analysis documents (COMPANY.md)

2.4 Publicly Available Social Media Data

To provide research and competitive analysis features, our system collects publicly available data from social media platforms, including:

  • Public Instagram profiles (username, bio, follower counts, post counts)
  • Public posts (captions, engagement metrics, media URLs)
  • Hashtag usage and trends
  • Publicly listed contact information (emails in bios, linked websites)

We do not access private accounts, direct messages, or any data requiring login authentication on third-party platforms.

2.5 Usage & Technical Data

  • Agent interaction logs (which tools were called, inputs/outputs)
  • AI model usage (token counts, model selection, latency)
  • Error logs and performance metrics

3. How We Use Your Information

  • Deliver the Service — process your inputs through AI models to generate personas, content ideas, storyboards, and videos
  • Research & Analysis — scrape and analyze publicly available social media data to inform content strategy
  • Improve the Platform — analyze individual and aggregated engagement metrics and usage patterns to improve content generation quality, optimize AI models, and enhance the Service for all users
  • Account Management — authenticate your identity, manage sessions, enforce access controls
  • Communication — send service-related notifications and updates
  • Compliance — meet legal obligations and enforce our Terms of Service

4. AI Processing & Third-Party Data Sharing

To deliver our AI-powered features, your data is processed by the following third-party services:

4.1 AI Model Providers

  • OpenAI — receives project context, chat messages, and content briefs for reasoning and generation. Subject to OpenAI's Privacy Policy.
  • Google (Gemini) — receives video files for quality review, Instagram profiles for classification and demographic analysis. Subject to Google's Privacy Policy.

4.2 Video & Media Services

  • HeyGen — receives video scripts, avatar selections, and voice configurations to produce AI avatar videos. Subject to HeyGen's Privacy Policy.
  • Pexels — receives search queries (generic terms, not personal data) for stock footage.

4.3 Infrastructure Services

  • Clerk — manages authentication and stores account credentials. Subject to Clerk's Privacy Policy.
  • Convex — hosts our database (all project data, chat history, generated content). Servers located in the United States.
  • Backblaze B2 — stores media files (brand assets, generated videos). Servers located in the United States.
  • Langfuse — receives agent interaction traces (tool calls, model responses) for observability and debugging. Servers located in the United States.
  • Vercel — hosts the web application frontend.
  • Railway — hosts backend agent services.

5. Data Storage & Security

Your data is stored on servers located in the United States. We implement industry-standard security measures including:

  • HTTPS/TLS encryption for all data in transit
  • Authentication tokens and API keys stored securely (never in source code)
  • Access controls scoped by user identity
  • Third-party services selected for their security practices

No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security of your data.

6. Data Retention

  • Project data — retained while your project is active. Deleted when you delete the project or your account.
  • Chat history — retained within project scope for continuity. Deleted with the project.
  • Generated media — stored on CDN until project or account deletion.
  • Public social media data — periodically refreshed; historical data may be retained for up to 12 months for trend analysis.
  • Observability traces — retained for up to 90 days for debugging and performance monitoring.
  • Account data — retained until you delete your account, plus any period required by law.

7. Your Rights

Depending on your location, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your data and account
  • Portability — request your data in a portable format
  • Objection — object to certain processing of your data
  • Restriction — request restriction of processing in certain circumstances

To exercise any of these rights, contact us at privacy@konti.bot. We will respond within 30 days.

8. Cookies & Tracking

We use essential cookies for authentication and session management (via Clerk). We do not use advertising cookies or third-party tracking pixels. We do not sell your data to advertisers.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.

10. International Data Transfers

Your data is processed and stored in the United States. If you are located outside the United States, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer. We rely on standard contractual clauses and service provider agreements to safeguard international transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy with a new effective date. Your continued use of the Service after changes constitutes acceptance.

12. Contact

For privacy-related inquiries, contact us at privacy@konti.bot.