Privacy Policy

01Information We Collect

Information you provide directly. We collect information you submit voluntarily, including:

• Name, email address, phone number, and business name submitted via our contact form, booking page, or onboarding form
• Responses to pre-qualification questions submitted when booking a discovery call
• Platform credentials, brand assets, and business information submitted through our client onboarding process
• Communications you send us via email or other channels

Information collected automatically. When you visit our website, we may collect:

• Pages visited, time spent on pages, and referring URLs
• Browser type, device type, and operating system
• IP address and approximate geographic location derived from it

Website analytics are collected using a privacy-first, self-hosted analytics platform that does not use cookies and does not track visitors across websites. No personally identifiable information is collected through website analytics..

Information collected through service delivery. In the course of providing automation services, we may access and process data from the third-party platforms you connect to your automation workflows. This data is processed solely for the purpose of configuring and operating your systems and is not retained beyond what is necessary for that purpose.

02How We Use Your Information

We use the information we collect for the following purposes:

• To respond to inquiries and schedule discovery calls
• To deliver, configure, maintain, and improve the automation services you have engaged
• To send transactional communications related to your engagement, including onboarding confirmations, workflow updates, monthly operations reports, and billing notifications
• To maintain internal records of client engagements for operational and accounting purposes
• To analyze website usage in aggregate to improve our content and user experience
• To comply with applicable legal obligations

We do not use your information for advertising, behavioral tracking, or sale to third parties. We do not send unsolicited marketing communications.

03Disclosure of Your Information

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

Service providers. We engage a limited number of third-party service providers who process data on our behalf to operate our business, including providers for transactional email delivery, payment processing, appointment scheduling, cloud infrastructure hosting, encrypted offsite data backup, and electronic document signing. These providers have access only to the information necessary to perform their specific function and are contractually obligated to protect it.

Legal requirements. We may disclose your information if required to do so by law or in response to a valid legal process, such as a court order or government request.

Business transfers. In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change via email or prominent notice on our website.

Protection of rights. We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or situations involving potential threats to safety.

04Data Storage and Retention

Most data collected through our operations is stored on KnightLab's private self-hosted infrastructure, hosted on cloud servers located in the United States.

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting obligations. Specifically:

• Prospect and inquiry data is retained for up to 24 months following last contact
• Client engagement data is retained for a minimum of 7 years for accounting and legal purposes
• Website analytics data is retained in aggregate form with no personally identifiable information
• Platform credentials submitted during onboarding are transferred to encrypted storage and removed from form response history within 7 days of setup completion

Payment information is processed exclusively by our payment processor and is not stored on KnightLab systems.

05Security

We implement reasonable administrative, technical, and physical safeguards to protect your information from unauthorized access, disclosure, alteration, or destruction. Specific measures include:

• All data in transit is encrypted using TLS/SSL
• Self-hosted infrastructure is secured with access controls and regular software updates
• Database backups are encrypted at rest and stored offsite
• Platform credentials are handled through encrypted secure sharing tools and not retained in plain-text systems beyond setup
• Access to client data is restricted to KnightLab personnel on a need-to-know basis

No method of transmission over the internet or electronic storage is completely secure. While we use commercially reasonable measures to protect your information, we cannot guarantee absolute security. If you believe your information has been compromised, please contact us immediately at [email protected].

06Cookies and Tracking

Our website does not use advertising cookies, behavioral tracking cookies, or third-party analytics cookies. Our self-hosted Umami analytics platform uses a cookie-free approach to collect aggregate, anonymized usage statistics. No cross-site tracking occurs.

Third-party services embedded on or linked from our site — including Cal.com for appointment booking — may set their own cookies governed by their respective privacy policies.

07Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information. These may include:

• Access. The right to request a copy of the personal information we hold about you.
• Correction. The right to request correction of inaccurate or incomplete information.
• Deletion. The right to request deletion of your personal information, subject to certain legal exceptions.
• Portability. The right to receive your personal information in a structured, machine-readable format.
• Objection. The right to object to certain processing activities, including direct marketing.
• Restriction. The right to request that we restrict processing of your information in certain circumstances.

To exercise any of these rights, please contact us at [email protected]. We will respond to verifiable requests within 30 days. We may need to verify your identity before fulfilling a request.

California residents. If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to know whether personal information is sold or disclosed and to whom, the right to opt out of the sale of personal information, and the right to non-discrimination for exercising your privacy rights. KnightLab does not sell personal information.

European residents. If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have rights under the General Data Protection Regulation (GDPR) or equivalent legislation. Our legal basis for processing your personal information is typically the performance of a contract (service delivery), compliance with a legal obligation, or our legitimate interests in operating and improving our business.

08Third-Party Links

Our website may contain links to third-party websites or services that are not operated by KnightLab. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites. We encourage you to review the privacy policy of any site you visit.

09Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will take steps to delete it.

10Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify active clients via email.

Your continued use of our website or services after any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

11Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

This Privacy Policy was drafted for informational purposes and does not constitute legal advice. KnightLab recommends periodic review by a qualified attorney to ensure continued compliance with applicable laws and regulations.