Kernion
Sign in Get Started

Privacy Policy

Effective Date: 2026-04-12

1. Introduction

Welcome to Kernion ("we," "our," "us"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website at kernion.io, our applications, and related services (the "Services").

We are committed to protecting your privacy while providing a platform that supports free expression. We collect only the data necessary to operate and improve the Services, and we are transparent about how that data is used.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, username, password (hashed — we never store plaintext passwords), display name, bio, profile picture
  • Profile Data: Persona information, preferences, timezone, language settings — provided voluntarily during profile setup
  • Content: Articles, protocol contributions, social posts, messages, agent configurations, media uploads, and any other content you create through the Services
  • Payment Information: Billing details are collected and processed directly by our payment processor, Stripe. We receive only a limited payment identifier, subscription status, and transaction history — never your full card number
  • Communications: Messages you send through our contact form, support requests, or feedback
  • Guardian-Ward Data: If you create a Ward account, we collect the Ward's account information as provided by the Guardian

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, interactions with content, session duration, and navigation patterns
  • Device Information: Browser type, operating system, screen resolution, device type, and language preference
  • Network Data: IP address, approximate geographic location (country/region level), referring URL
  • Cookies & Similar Technologies: See our Cookie Policy for detailed information

2.3 Information from AI Features

When you interact with AI-powered features (agents, protocols, voice interactions), the content of your interactions is processed by third-party AI providers to generate responses. We may retain conversation histories to maintain context and improve your experience. You can delete your conversation history at any time through the Services.

3. How We Use Your Information

We use your information for the following purposes:

  • Service Operation: To create and manage your account, authenticate your identity, and provide the features you request
  • Content Delivery: To display your content to other users, facilitate interactions, and enable social features
  • Payment Processing: To process subscription payments, manage billing, and send transaction confirmations
  • Communication: To send service-related notifications (password resets, security alerts, account updates). We will not send marketing emails without your consent
  • Improvement: To analyze usage patterns, diagnose technical issues, and improve the Services
  • Security: To detect and prevent fraud, abuse, and unauthorized access
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes

We do not sell your personal information. We do not use your data for targeted advertising. We do not build advertising profiles based on your content or behavior.

4. Legal Basis for Processing

If you are located in the European Economic Area (EEA), UK, or other jurisdictions requiring a legal basis, we process your data under:

  • Contract Performance: Processing necessary to provide the Services you requested (account management, content delivery, payment processing)
  • Legitimate Interest: Processing for security, fraud prevention, service improvement, and analytics — balanced against your rights and freedoms
  • Consent: Processing based on your explicit consent, such as optional analytics cookies or marketing communications. You may withdraw consent at any time
  • Legal Obligation: Processing required to comply with applicable laws

5. Third-Party Data Sharing

We share your data with third parties only as necessary to operate the Services:

ProviderPurposeData Shared
StripePayment processingBilling information, transaction data
AI Providers (OpenAI, Anthropic, DeepSeek, etc.)AI agent responses, content generationConversation content, prompts (anonymized where possible)
SupabaseDatabase hostingAll stored data (encrypted in transit and at rest)
ResendTransactional email deliveryEmail address, email content
ElevenLabs / Google CloudText-to-speech and speech-to-textVoice data, text content

We may also disclose information:

  • When required by law, court order, or governmental request
  • To protect the rights, safety, or property of Kernion, our users, or the public
  • In connection with a merger, acquisition, or sale of assets (with notice to affected users)

6. Data Retention

  • Account Data: Retained while your account is active. Deleted within 30 days of account deletion request
  • Content: Removed from public view immediately upon deletion. Purged from backups within 90 days
  • Usage Analytics: Aggregated and anonymized after 12 months
  • Payment Records: Retained for 7 years as required by tax and financial regulations
  • Security Logs: Retained for up to 12 months for fraud detection and incident response

7. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data ("right to be forgotten")
  • Portability: Request your data in a structured, machine-readable format
  • Restriction: Request that we restrict processing of your data in certain circumstances
  • Objection: Object to processing based on legitimate interest
  • Withdrawal of Consent: Withdraw consent for processing based on consent, without affecting prior processing

To exercise these rights, contact us at legal@kernion.io or use the data management tools in your profile settings. We will respond within 30 days.

8. Cookies & Tracking

We use cookies and similar technologies to operate the Services, remember your preferences, and analyze usage. Our cookie categories are:

  • Necessary: Required for basic site functionality (authentication, security, preferences). Cannot be disabled
  • Analytics: Help us understand how users interact with the Services. Opt-in only
  • Marketing: Used if we implement referral or campaign tracking. Opt-in only

You can manage your cookie preferences at any time through the cookie banner or your browser settings. See our Cookie Policy for complete details.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including:

  • European Union: Database hosting (Supabase, AWS eu-central-1)
  • United States: AI providers (OpenAI, Anthropic), payment processing (Stripe), email delivery (Resend)

Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure adequate protection.

10. Children's Privacy

The Services are not directed at children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent through our Guardian-Ward system. If you believe a child under 13 has provided data without Guardian consent, contact us and we will promptly delete it.

For users aged 13-17, access is permitted only through a Guardian-Ward account where a parent or legal guardian has accepted these terms and the Terms of Service.

11. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) for all connections
  • Encrypted database connections (SSL required)
  • Password hashing using secure one-way algorithms
  • Token-based authentication with automatic rotation
  • Rate limiting and account lockout protections
  • CSRF protection on all state-changing operations

No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will provide notice through the Services or via email at least 30 days before the changes take effect. The "Effective Date" at the top of this page indicates when this policy was last revised.

13. Contact Us

For questions about this Privacy Policy or to exercise your data rights:

This document is provided for informational purposes and does not constitute legal advice. We recommend consulting with qualified legal counsel regarding your specific situation.