Privacy Policy

At KnowThem, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information when you use our relationship management platform.

1. Information We Collect

• Account Data: When you register, we collect your email address, display name, and authentication credentials (either directly or via OAuth providers like Google).
• Contact Data: The people you add, including their names, contact details, tags, photos, and notes.
• Interaction Data: The interaction logs and reminders you create within the platform.

2. How We Use Your Information

We use the collected information exclusively to provide, maintain, and improve the KnowThem service. This includes synchronizing your reminders to Google Calendar (if you opt-in), processing and hosting contact photos, and providing analytics on your networking habits. We never sell your data to third parties.

3. Third-Party Services

• Cloudflare R2: Used for secure, high-performance hosting of the profile images you upload. Images are optimized and stored securely.
• Google Calendar API: If you connect your Google Calendar, KnowThem uses the API to push reminders to your calendar. Our app only creates and modifies events it has generated; it does not read your pre-existing personal calendar events.
• Google People API (Contacts): If you connect Google Contacts, KnowThem reads your contact list once (or on manual refresh) to let you selectively import contacts into KnowThem. This is strictly read-only — we never create, edit, or delete your Google contacts. After import, the selected contact data is stored in KnowThem's own database; we do not retain a live connection to your Google Contacts list.
• Supabase: Serves as our primary database and authentication provider. All data is encrypted at rest and in transit.

4. Google API Data & Limited Use

KnowThem's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What Google data we access and why:

• Google Calendar Events (calendar.events scope): When you opt-in to Calendar Sync, KnowThem creates, updates, and deletes calendar events in your primary Google Calendar — exclusively for reminders you have created inside KnowThem. We never read, access, or store your pre-existing personal calendar events.
• Google Contacts (contacts.readonly scope): When you opt-in to Google Contacts Import, KnowThem reads your Google Contacts list to let you choose which contacts to import. Access is strictly read-only — we do not write to, modify, or delete any Google contact. The contacts you choose to import are then stored in KnowThem's own database. We do not continuously sync or monitor your Google Contacts after the import.
• Google Account Email (userinfo.email scope): After you connect Google Calendar or Google Contacts, we read your Google account's email address once and store it solely to display “Connected as your@email.com” in your Integrations Settings, so you can confirm which account is linked.

How we use Google data — strict limitations:

• Google data is used only to provide the specific feature you opted into (Calendar Sync or Contacts Import) — visible within the KnowThem app.
• We do not use any Google user data to serve advertisements, personalise ads, or for retargeting of any kind.
• We do not sell, transfer, or share your Google data with any third parties, except as necessary to provide the service (e.g., Supabase stores your encrypted refresh token).
• We do not allow any human to read your Google account data unless you have given explicit consent, it is required to investigate a reported security incident, or it is required by applicable law.
• We do not use Google data for any purpose beyond the features you explicitly requested (Calendar Sync or Contacts Import).

Google data retention & token security:

• Your Google OAuth refresh tokens (Calendar and Contacts) are stored encrypted at rest in our Supabase database and are never exposed in client-side code or API responses.
• Refresh tokens are deleted immediately and permanently when you disconnect the corresponding integration from your Integrations Settings page.
• You may also revoke KnowThem's access at any time directly from your Google Account Permissions page.

5. Data Security

We implement industry-standard security measures to protect your data. All data is encrypted in transit via TLS/HTTPS. Data at rest is encrypted by Supabase using AES-256. Access to your data is governed by Supabase Row Level Security (RLS) policies, which ensure no user can access another user's data. Google OAuth tokens are stored server-side and never transmitted to the browser.

6. Data Deletion & Your Rights

You retain full ownership of your data. You can delete any contact, interaction, or reminder at any time. When deleted from the Trash, this data is permanently erased from our active databases. You may disconnect Google Calendar or Google Contacts at any time from your Integrations Settings, which immediately revokes and deletes the corresponding stored Google refresh token. If you wish to delete your entire account and all associated data, please contact our support team at support.knowthem@gmail.com.

7. Contact Us

If you have any questions about this Privacy Policy or our Google data practices, please contact us at support.knowthem@gmail.com.