Privacy Policy

• Account data. When you create an account, our authentication provider (Clerk) stores your email address and authentication identity. We use this to sign you in and to contact you about your account.
• Pseudonymous content. The Knots, Knacks, replies, Needs, and messages you post are stored under your alias. Our policy filters out personal identifiers (email addresses, phone numbers, and URLs) from posts and messages, so this content is intended to stay alias-only.
• Payment data. Founders never pay. Payments apply only to Allies (vetted, paid service providers). When an Ally subscribes, payment is processed by Stripe. We never see or store full card numbers — Stripe handles card data directly. We retain non-sensitive billing records (e.g. subscription status, plan, country).
• Usage and log data. We and our hosting provider record technical data such as IP address, browser/user-agent, request timestamps, and error diagnostics. This is used to operate the service, prevent abuse, and debug problems.

• To operate the forum and let you sign in, post, and read.
• To run platform features — for example, surfacing similar Knots and ordering replies by usefulness.
• To moderate content and enforce our acceptable-use rules, including automated checks for harmful or AI-replicable content.
• To send transactional and (where you have opted in) digest emails about activity relevant to you.
• To bill Allies and manage their subscriptions.
• To protect the service against fraud, spam, and abuse, and to comply with legal obligations.

We do not sell your personal data, and we do not run advertising or ad-tracking.

Where the EU/UK GDPR or similar laws apply, we rely on these legal bases to process your personal data:

• Contract — to provide the service you signed up for (authentication, posting, reading, and billing Allies).
• Legitimate interests — to keep the service secure, prevent abuse and spam, moderate content, and improve features, balanced against your rights.
• Consent — for optional digest emails and any processing that asks for it. You can withdraw consent at any time.
• Legal obligation — to meet accounting, tax, and other legal requirements.

We use automated systems to help run the service — for example, scoring replies for AI-replicability, ordering replies by usefulness, matching similar Knots, and flagging content for moderation. These systems inform, but do not solely determine, significant decisions: content removal, account suspension, and similar actions involve human review and an appeals path. The filter that strips email addresses, phone numbers, and URLs from posts and messages runs automatically.

We rely on a small set of vendors to run the service. Each processes data only as needed to provide its function:

• Clerk — authentication; stores your email and sign-in identity.
• Stripe — payment processing for Ally subscriptions; handles card data.
• Resend — sends transactional and digest email on our behalf.
• Neon — hosted Postgres database where platform data is stored.
• Vercel — application hosting; processes request and log data.
• Anthropic — provides the Claude model used to score replies for AI-replicability. Reply text is sent for this assessment.
• OpenAI — generates content embeddings (for similar-Knot matching) and runs content moderation. Post text is sent for these purposes.

We use reasonable technical and organizational measures to protect your data, including encryption in transit, access controls, and reputable infrastructure providers. Minimizing what we collect is itself a safeguard — there is less to expose. That said, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

We use a minimal set of cookies and similar local storage. There are no advertising or cross-site tracking cookies.

• Session cookies set by Clerk to keep you signed in.
• Theme preference stored locally so the site remembers light/dark mode.

We keep account and content data for as long as your account is active. Logs and diagnostic data are retained for a limited period for security and debugging. Billing records are retained as long as required for accounting and legal compliance. When you delete your account, we delete or anonymize your personal data, subject to records we are legally required to keep. Because posts are alias-only, content you have published may persist where it forms part of a thread, with personal identifiers removed.

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise any of these, contact us at contact@knotsnknacks.com. We will respond within the timeframe required by applicable law, and we will not discriminate against you for exercising a right.

EEA / UK. If the GDPR applies to you, you also have the right to withdraw consent and to lodge a complaint with your local data protection authority. The data controller is [LEGAL ENTITY NAME].

California. If the CCPA/CPRA applies to you, you have the right to know what we collect, to request deletion, and to opt out of the sale or sharing of personal information. We do not sell or share personal information, and we do not use it for cross-context behavioral advertising.

Privacy is structural here, not an afterthought. You participate under a stable alias, and our PII filter actively removes email addresses, phone numbers, and URLs from posts and messages. We minimize the personal data we hold so that what you share as a founder stays separated from your real-world identity.

Our processors operate in multiple countries, so your data may be transferred to and processed in jurisdictions outside your own, including the United States. Where required, such transfers are made under appropriate safeguards (for example, standard contractual clauses). The governing law and jurisdiction for this policy are [GOVERNING LAW / JURISDICTION].

The service is intended for founders and is not directed to children. We do not knowingly collect personal data from anyone under 16 (or the minimum age required in your jurisdiction). If you believe a minor has provided us personal data, contact us and we will delete it.

We may update this policy as the service evolves. When we make material changes, we will update the effective date above and, where appropriate, notify you.

Questions about privacy? Contact [LEGAL ENTITY NAME] at contact@knotsnknacks.com, [REGISTERED ADDRESS].