Privacy Policy

Last updated: 2026-04-25

Draft — under review

This document is a working draft. The final wording will be reviewed by counsel before public paid launch. If you need a binding response in the meantime, please contact hello@getkhavo.com.

This Privacy Policy describes how Khavo (“we”, “us”) collects, uses, and shares information when you use khavo.com / getkhavo.com (the “Service”).

1. Information we collect

  • Account information. Your email address, used to send magic-link sign-in emails and to identify your account.
  • Usage information. Counts of Strategy Runs, plan and subscription state, and event logs (run started, succeeded, cap hit, plan upgraded, plan canceled). Used to enforce plan limits and to improve the Service.
  • Inputs you submit. Product URLs and any product details you provide. We process these to generate strategy outputs and may retain them to investigate quality issues.
  • Billing information. Payment is processed by Stripe. We do not store full card numbers. We store a Stripe customer ID and subscription status against your account.
  • Operational information. Standard server logs (IP address, user agent, request paths) for security and abuse prevention.

2. How we use information

  • To deliver, maintain, and improve the Service.
  • To authenticate your account via magic-link email.
  • To enforce usage limits and bill subscriptions.
  • To detect abuse, secure the Service, and respond to legal requests.
  • To send transactional emails (sign-in links, billing receipts).

3. Service providers

We share information with third parties strictly to operate the Service:

  • Stripe — payment processing and subscription management.
  • Resend — transactional email delivery (magic links).
  • Neon — managed Postgres hosting for account and usage data.
  • Anthropic — AI model provider for strategy generation. Inputs you submit are sent to Anthropic for processing.
  • Vercel — application hosting.

4. Data retention

Account and usage records are retained while your account is active. Upon cancellation we may retain billing-related records for accounting and legal purposes. Server logs are kept for a limited period sufficient for abuse-detection and operational needs.

5. Your rights

You may request access to, correction of, or deletion of your personal data by emailing hello@getkhavo.com. If you are in the EU/UK or another jurisdiction with applicable data-protection law, you have additional rights under that law.

6. Cookies

Khavo uses essential cookies for authentication (a session cookie issued after magic-link sign-in) and a small founder-mode bypass cookie used internally. We do not use third-party advertising cookies.

7. Security

We use industry-standard practices to protect data in transit and at rest, including TLS, signed session cookies, and managed-database encryption. No system is perfectly secure; you use the Service at your own risk.

8. Children

Khavo is not directed to children under 13 (or under 16 in jurisdictions where that is the relevant minimum). We do not knowingly collect personal data from children.

9. Changes

We may update this Privacy Policy. Material changes will be communicated by email or in-product notice.

10. Contact

Privacy questions: hello@getkhavo.com.

Founder review notes: placeholder text. Pending decisions: GDPR / UK GDPR Data Controller contact, EU representative if required, CCPA notices for California residents, specific data-retention windows.