Privacy Policy

Stable Mischief LLC ("Company," "we," "us," or "our") operates the kowerk platform, a modern AI-powered chat and productivity application accessible at kowerk.ai and related domains. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use the kowerk service ("Service").

By accessing or using kowerk, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use the Service.

This policy applies to all users of kowerk, including individual account holders and members of organizational workspaces. We are committed to protecting your privacy and handling your data transparently.

We collect the following categories of information when you use kowerk:

Account Information

When you create an account, we collect information through our authentication provider, Clerk. This includes your name, email address, profile image, and authentication credentials. If you sign up through a third-party provider (e.g., Google), we receive the profile information you authorize that provider to share.

Conversations and Messages

We store the messages you send and receive within kowerk, including text content, attachments, and metadata such as timestamps. This data is necessary to provide the core functionality of the Service, including conversation history, search, and continuity across sessions.

Knowledge Base Documents

If you upload documents to your knowledge base, we store those files and their processed content (including generated embeddings) to enable AI-assisted retrieval and contextual responses within your conversations.

Payment Information

When you subscribe to a paid plan, payment processing is handled entirely by Stripe. We do not store your full credit card number or banking details. We receive and retain limited billing information from Stripe, including your subscription status, plan type, billing cycle, and the last four digits of your payment method.

Usage Data

We automatically collect information about how you interact with the Service, including features used, conversation volume, timestamps of activity, and general usage patterns. This data helps us improve the Service and diagnose technical issues.

Device and Technical Information

We collect standard technical information transmitted by your browser or device, including IP address, browser type and version, operating system, device type, screen resolution, referring URLs, and general location data derived from your IP address.

We use the information we collect for the following purposes:

• Providing the Service: Processing your messages through AI models, maintaining conversation history, and enabling knowledge base retrieval.
• Account Management: Creating and managing your account, authenticating your identity, and managing organizational memberships.
• Billing and Payments: Processing subscription payments, managing plan changes, and maintaining billing records as required by law.
• Service Improvement: Analyzing aggregated usage patterns to improve features, performance, and user experience. We do not use your conversation content for this purpose.
• Technical Operations: Monitoring system performance, diagnosing and resolving errors, and ensuring the security and stability of the platform.
• Communications: Sending you essential service notifications, security alerts, and (with your consent) product updates and announcements.
• Legal Compliance: Fulfilling our legal obligations, responding to lawful requests from authorities, and enforcing our Terms of Service.

kowerk uses the Google Gemini API to process your messages and generate AI responses. When you send a message in a conversation, your message content and relevant context (such as prior messages in the conversation thread and applicable knowledge base content) are transmitted to Google's Gemini API for processing.

Your data is not used to train AI models. Under our agreement with Google, data submitted through the Gemini API is processed solely to generate responses and is not used by Google to train, improve, or develop their general AI models. Your conversations remain private and are not incorporated into any training datasets.

We maintain a Data Processing Agreement (DPA) with Google that governs how your data is handled during AI processing. This agreement includes commitments regarding data security, confidentiality, and limitations on data use.

AI-generated responses may not always be accurate or complete. You should independently verify any critical information provided by the AI. We are not liable for decisions made based on AI-generated content.

We use the following third-party services to operate kowerk. Each provider processes data in accordance with their own privacy policies and our contractual agreements with them:

• Google Gemini API — Processes conversation messages to generate AI responses. Data is not used for model training. Governed by our DPA with Google.
• Clerk — Provides user authentication, session management, and identity services. Processes account credentials, profile information, and session tokens.
• Stripe — Handles all payment processing, subscription management, and billing operations. Stripe is PCI DSS Level 1 certified and processes payment information in compliance with applicable financial regulations.
• Sentry — Monitors application errors and performance issues. Sentry receives technical error data, stack traces, and limited contextual information to help us diagnose and resolve issues. We configure Sentry to minimize the collection of personal data.
• Hosting Provider (Vercel / Infrastructure) — Provides the cloud infrastructure on which kowerk runs. Processes standard web request data including IP addresses, request headers, and server logs as part of normal operations.

We do not sell your personal information to any third party. Data shared with our service providers is limited to what is necessary for them to perform their designated functions on our behalf.

We retain your data for the following periods, after which it is securely deleted or anonymized:

During the 30-day post-deletion period, your data is retained solely to allow account recovery if the deletion was made in error. After this period, all personal data is permanently and irreversibly deleted from our systems and backups.

Depending on your jurisdiction, you may have specific rights regarding your personal information. We honor the following state privacy laws:

California Consumer Privacy Act (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose about you.
• Request deletion of your personal information.
• Opt out of the sale of your personal information (note: we do not sell personal information).
• Non-discrimination for exercising your privacy rights.

Tennessee Information Protection Act (TIPA)

If you are a Tennessee resident, you have the right to:

• Access the personal information we have collected about you.
• Request correction of inaccurate personal information.
• Request deletion of your personal information.
• Obtain a copy of your personal information in a portable format.
• Opt out of the processing of your personal information for targeted advertising, the sale of personal information, or profiling.

To exercise any of these rights, please contact us at support@kowerk.ai. We will respond to your request within the timeframe required by applicable law (typically 45 days). We may ask you to verify your identity before processing your request.

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS 1.2+ for all connections.
• Encryption of sensitive data at rest using AES-256 or equivalent encryption standards.
• Regular security assessments and monitoring of our infrastructure.
• Access controls limiting employee access to personal data to those with a legitimate business need.
• Secure authentication through Clerk with support for multi-factor authentication (MFA).
• Workspace isolation ensuring that personal workspace data is not visible to organization administrators.

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. If we become aware of a security breach affecting your personal data, we will notify you in accordance with applicable law.

kowerk is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we learn that we have collected personal information from a person under 18, we will take steps to delete that information as promptly as possible. If you believe a minor has provided us with personal information, please contact us at support@kowerk.ai.

kowerk uses a limited set of cookies and similar technologies that are essential to the operation of the Service:

Essential Cookies

• Clerk session cookies: Required for user authentication and maintaining your logged-in session. These cookies are strictly necessary and cannot be disabled.
• Preference cookies: Store your display preferences such as theme selection (light/dark mode) and font size settings.

Analytics

We may use privacy-respecting analytics tools to understand aggregated usage patterns. These tools do not use third-party tracking cookies and do not create user profiles for advertising purposes. We do not use any advertising trackers or retargeting technologies.

kowerk is operated from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence. We ensure that all international data transfers are conducted with appropriate safeguards, including contractual protections consistent with applicable law.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Notify you through an in-app notification or email for significant changes that affect your rights or how we process your data.
• Provide a reasonable period for you to review the changes before they take effect.

Your continued use of kowerk after the effective date of any updated Privacy Policy constitutes your acceptance of the revised terms.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• General Support: support@kowerk.ai
• Privacy & Data Requests: admin@kowerk.ai
• Company: Stable Mischief LLC

We aim to respond to all inquiries within 5 business days. For privacy rights requests subject to CCPA or TIPA, we will respond within the legally required timeframe.