LEGAL DOCUMENT

Privacy Policy

Last updated: February 19, 2026Effective: February 19, 2026

This Privacy Policy explains how KLG Holdings LLC collects, uses, and protects your personal information when you use the Kyntek platform. We are committed to transparency and your privacy.

🚫
We don't sell your data
Your personal information is never sold to third parties, period.
🤖
No AI training on your code
Your prompts and generated code are never used to train AI models.
🔐
Encrypted at rest & transit
All data is encrypted using industry-standard protocols.
🗑️
Delete anytime
Request full account and data deletion at any time.

1. Introduction

KLG Holdings LLC ("KLG Holdings," "we," "us," or "our") operates the Kyntek AI-powered development platform ("Service"), available at kyntek.ai. This Privacy Policy explains what information we collect about you, how we use it, when we share it, and the choices you have.

This Privacy Policy applies to all visitors, registered users, and others who access or use the Service. By using the Service, you agree to the collection and use of your information as described in this Policy. If you do not agree, please do not use the Service.

This Policy is incorporated by reference into our Terms of Service. Capitalized terms not defined here have the meaning given to them in the Terms of Service.

2. Information We Collect

2.1 Information You Provide Directly

CategoryExamplesRequired?
Account InformationEmail address, name (or display name), password (hashed)Required
Profile InformationProfile photo, company name, job title, use case, experience level (collected during onboarding)Optional
Payment InformationCredit/debit card details, billing address (processed and stored by Stripe — KLG Holdings does not store raw card numbers)Required for paid plans
CommunicationsMessages sent to our support team, feedback submissions, bug reportsWhen provided

2.2 Content You Generate and Submit

CategoryDescription
Prompts & MessagesText prompts, instructions, and messages you submit to the AI chat interface
Project DataProject names, descriptions, settings, and metadata
Generated CodeHTML, CSS, JavaScript, and other code outputs produced by the AI in response to your prompts. This is stored to enable version history, project continuity, and deployment features.
Uploaded ImagesScreenshots, design files, or images uploaded for the Screenshot-to-Code feature

2.3 Information Collected Automatically

When you use the Service, we automatically collect:

  • Usage Data: Pages visited, features used, buttons clicked, time spent, AI generations performed, credits consumed, error events;
  • Device & Browser Information: Browser type and version, operating system, device type, screen resolution;
  • Network Information: IP address, approximate geographic location (country/city level) derived from IP, ISP name;
  • Referral Information: The URL or source from which you arrived at the Service;
  • Performance Data: Load times, API response times, error rates.

2.4 Information from Third Parties

If you sign in using a third-party authentication provider (such as GitHub or Google via Supabase Auth), we receive basic profile information from that provider as permitted by your authorization, including your email address and name. We do not receive your password from these providers.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Operating the Service

  • Creating and maintaining your account;
  • Processing your AI generation requests and delivering results;
  • Storing your projects, versions, and conversation history;
  • Enabling deployment to kyntek.dev and other hosting features;
  • Processing credit consumption and tracking usage against plan limits.

3.2 Billing and Payments

  • Processing subscription payments and additional credit purchases;
  • Sending receipts, invoices, and billing notifications;
  • Detecting and preventing payment fraud;
  • Managing subscription upgrades, downgrades, and renewals.

3.3 Improving the Platform

  • Analyzing aggregated usage patterns to improve features and performance;
  • Understanding which features are most used to prioritize development;
  • Debugging errors and improving reliability;
  • Conducting A/B tests on UI and feature changes.

3.4 Customer Support

  • Responding to your support inquiries and bug reports;
  • Investigating disputes and account issues;
  • Providing onboarding assistance and tutorials.

3.5 Communications

  • Sending service announcements, security alerts, and administrative messages (these are essential and cannot be opted out of);
  • Sending product update emails, new feature announcements, and promotional communications (you may opt out at any time via the unsubscribe link);
  • Sending transactional emails related to your account activity.

3.6 Safety and Compliance

  • Detecting, preventing, and addressing fraud, abuse, and violations of our Terms;
  • Complying with applicable laws, regulations, and legal processes;
  • Protecting the rights, property, and safety of KLG Holdings, our users, and the public.

4. AI Data Processing

Our Commitment: We do not use your prompts, generated code, or project data to train, fine-tune, or improve AI models. Your work is yours and is not used to benefit other users' AI outputs. We do not sell your data to AI companies or any other third parties.

4.1 How Prompts Are Processed

When you submit a prompt or request to the AI generation features, your input is transmitted to Anthropic's Claude API for processing. This transmission occurs over encrypted HTTPS connections. Anthropic processes your prompt under its own terms of service and privacy policy to generate a response, which is then returned to you through the Service.

4.2 Anthropic's Data Handling

KLG Holdings has entered into a data processing agreement with Anthropic, Inc. Under this agreement and Anthropic's API terms, your API-submitted prompts are not used to train Claude or any other Anthropic models. Anthropic may retain prompts for a limited period for safety and abuse monitoring purposes, in accordance with their privacy policy. We encourage you to review Anthropic's Privacy Policy directly.

4.3 Storage of AI Interactions

KLG Holdings stores your conversation history, prompts, and generated code in Supabase (our database provider) to enable: project continuity across sessions; version history so you can navigate between builds; and context provision to the AI for iterative editing. This data is accessible to you through your account and is deleted when you delete your account.

4.4 Content Moderation

We may review AI-generated content when investigating reports of abuse, Terms violations, or illegal content. Such reviews are conducted by authorized KLG Holdings personnel and are limited to what is necessary to investigate the reported issue.

5. Information Sharing

KLG Holdings does not sell, rent, or lease your personal information to third parties. We share your information only in the following limited circumstances:

5.1 Service Providers

We share information with third-party companies that help us operate the Service (see Section 6 for the full list). These providers are bound by contractual obligations to keep your information confidential and use it only for the purposes for which we disclose it to them.

5.2 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or other governmental or legal authority, or when we believe in good faith that disclosure is necessary to: comply with applicable law; protect our legal rights; prevent fraud or illegal activity; or protect the safety of any person.

5.3 Business Transfers

If KLG Holdings is involved in a merger, acquisition, asset sale, or bankruptcy, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service before your personal information becomes subject to a different privacy policy.

5.4 With Your Consent

We may share your information for purposes not described in this Policy when we have obtained your explicit consent to do so.

5.5 Aggregated and Anonymized Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you, for purposes such as industry research, analytics, and improving the Service.

6. Third-Party Processors

We use the following third-party service providers to operate the Service. Each provider processes your data only as necessary to perform their service:

ProviderPurposeData SharedLocation
Anthropic, Inc.AI model processing (Claude API)Prompts, conversation context (not stored permanently by Anthropic per API terms)United States
Supabase, Inc.Database, authentication, file storageAccount data, project data, generated code, message history, uploaded imagesUnited States
Stripe, Inc.Payment processing and subscription managementPayment card data, billing address, transaction historyUnited States
Vercel, Inc.Web application hosting and CDNIP addresses, request logs, deployed contentUnited States (global CDN)
Analytics ProviderProduct analytics and usage trackingAnonymized usage events, session data (with consent where required)United States

All processors listed above are required to maintain appropriate technical and organizational security measures and are prohibited from using your data for their own commercial purposes beyond the service they provide to us.

7. Data Retention

7.1 Active Account Data

We retain your account information, project data, conversation history, and generated code for the duration of your account's active status. We periodically archive older project versions to manage storage costs, but all versions remain accessible to you through the interface.

7.2 Account Deletion

When you request deletion of your account (via account settings or by emailing privacy@kyntek.ai), we will permanently delete your personal information and project data within thirty (30) days of receiving your request. You will receive a confirmation email when deletion is complete.

7.3 Retention Exceptions

Certain data may be retained beyond the 30-day deletion window in the following circumstances:

  • Legal obligation: Where we are required by law to retain records (e.g., financial records, fraud investigation data) — retained for the legally required period;
  • Dispute resolution: Where data is necessary to resolve an active dispute, complaint, or legal proceeding — retained until resolution;
  • Backup archives: Automated backup snapshots may contain your data for up to 90 days following deletion, after which they are permanently purged;
  • Anonymized data: Aggregated, anonymized data that cannot be traced back to you may be retained indefinitely for analytical purposes.

7.4 Billing Records

Transaction records, payment history, and invoices are retained for seven (7) years from the date of the transaction for tax and financial compliance purposes, even after account deletion.

8. Cookies & Tracking Technologies

8.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. We also use similar technologies such as local storage, session storage, and pixel tags. These technologies help us recognize you, remember your preferences, and analyze how the Service is used.

8.2 Types of Cookies We Use

TypePurposeRequired?
Essential / FunctionalAuthentication (keeping you logged in), session management, security (CSRF protection), user preferences (dark/light theme)Always active — cannot be disabled
AnalyticsUnderstanding how users navigate the Service, which features are used, and where users encounter issues. Data is anonymized before analysis.With consent (where required by law)
PerformanceMonitoring page load times, API response times, and error rates to improve Service performance.With consent (where required by law)

8.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a cookie is set. Note that disabling essential cookies will impair your ability to use the Service, as they are required for authentication and basic functionality.

For EEA and UK users, we provide a consent mechanism at first visit for non-essential cookies. You may withdraw consent at any time by adjusting your preferences in your account settings or by contacting us at privacy@kyntek.ai.

8.4 Do Not Track

Some browsers transmit "Do Not Track" (DNT) signals. The Service does not currently respond to DNT signals. We encourage you to use the cookie controls described above to manage your tracking preferences.

9. GDPR Rights (EEA & UK Residents)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and the UK GDPR with respect to your personal data:

Right of Access (Art. 15)
Request a copy of the personal data we hold about you, including information on how we process it.
Right to Rectification (Art. 16)
Request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure (Art. 17)
Request deletion of your personal data ("right to be forgotten"), subject to certain exceptions.
Right to Restriction (Art. 18)
Request that we restrict processing of your personal data in certain circumstances.
Right to Portability (Art. 20)
Receive your personal data in a structured, machine-readable format and transfer it to another controller.
Right to Object (Art. 21)
Object to processing of your personal data for direct marketing or based on our legitimate interests.
Right to Withdraw Consent
Where processing is based on consent, withdraw your consent at any time without affecting prior processing.
Right to Lodge a Complaint
File a complaint with your national data protection authority if you believe we have violated your rights.

9.1 Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract (Art. 6(1)(b)): Processing necessary to provide the Service to you under our Terms of Service;
  • Legitimate Interests (Art. 6(1)(f)): Improving the Service, fraud prevention, security, and communications about related services;
  • Legal Obligation (Art. 6(1)(c)): Compliance with applicable law;
  • Consent (Art. 6(1)(a)): Marketing communications and non-essential analytics (where required).

9.2 How to Exercise Your Rights

To exercise any of your GDPR rights, please contact our Data Protection Officer at privacy@kyntek.ai. We will respond to all requests within 30 days. For complex requests, we may extend this to 60 days and will notify you of the extension.

We may need to verify your identity before processing certain requests. Identity verification is done to protect your data from unauthorized access.

10. CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information:

10.1 Your California Rights

  • Right to Know: You have the right to know what personal information we collect about you, the purposes for which it is used, the categories of third parties with whom it is shared, and the categories of sources from which it is collected;
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions;
  • Right to Correct: You have the right to request correction of inaccurate personal information;
  • Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale of your personal information or the sharing of your information for cross-context behavioral advertising;
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information to what is necessary to provide the Service;
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

We Do Not Sell Your Personal Information. KLG Holdings does not sell, rent, or share your personal information with third parties for monetary or other valuable consideration. We do not share your information for cross-context behavioral advertising purposes.

10.2 Exercising Your California Rights

To submit a verifiable consumer request under the CCPA, please contact us at privacy@kyntek.ai. We will acknowledge receipt within 10 days and respond substantively within 45 days. We may extend this to 90 days with notice for complex requests.

You may authorize an agent to submit requests on your behalf by providing written authorization and proof of the agent's identity. We may require verification of the agent's authority.

11. International Data Transfers

KLG Holdings is headquartered in Puerto Rico, which is a territory of the United States. Your personal information is primarily processed and stored in the United States through our service providers (Supabase, Vercel, Stripe, Anthropic, and others).

If you are located outside the United States, you acknowledge that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence. We take steps to ensure your data is handled with appropriate safeguards:

  • Standard Contractual Clauses (SCCs): For transfers of personal data from the EEA to the United States, we rely on the Standard Contractual Clauses adopted by the European Commission, where required;
  • Data Processing Agreements: We maintain data processing agreements with all third-party processors that include appropriate safeguards for international transfers;
  • UK Addendum: For transfers from the United Kingdom, we use SCCs with the UK International Data Transfer Addendum where applicable.

By using the Service, you consent to such transfers. If you have questions about these safeguards, please contact us at privacy@kyntek.ai.

12. Children's Privacy

The Service is not intended for, and may not be used by, anyone under the age of 18. We do not knowingly collect personal information from individuals under 18 years of age.

If we become aware that we have collected personal information from a minor under 18 without verifiable parental consent, we will promptly take steps to delete that information from our systems. If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@kyntek.ai.

Parents and guardians who believe their child's information may have been submitted to the Service should contact us at privacy@kyntek.ai to request removal.

13. Security

Protecting your personal information is a priority for KLG Holdings. We implement and maintain appropriate technical and organizational security measures designed to protect your information against unauthorized access, accidental loss, destruction, or damage:

13.1 Technical Measures

  • Encryption in transit: All data transmitted between your browser and the Service is encrypted using TLS 1.2 or higher (HTTPS);
  • Encryption at rest: Your project data, generated code, and personal information stored in our database is encrypted at rest;
  • Password security: Passwords are hashed using industry-standard bcrypt or Argon2 algorithms — we never store your raw password;
  • Authentication: We use Supabase Auth with secure session management and support for multi-factor authentication;
  • Access controls: Access to production systems and user data is restricted to authorized KLG Holdings personnel with a need-to-know basis.

13.2 Organizational Measures

  • Regular security reviews of our infrastructure and code;
  • Vendor security assessments for all third-party processors;
  • Incident response procedures for security breaches;
  • Employee training on data protection and security practices.

13.3 No Absolute Security

While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data. In the event of a security breach that is likely to result in a high risk to your rights and freedoms, we will notify you in accordance with applicable law (within 72 hours for GDPR-covered breaches, as applicable).

If you suspect any unauthorized access to your account, please contact us immediately at security@kyntek.ai.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes to this Policy, we will:

  • Update the "Last Updated" date at the top of this Policy;
  • Notify you via email to the address associated with your account at least thirty (30) days before the changes take effect;
  • Display a prominent notice within the Service.

For non-material changes (such as grammatical corrections, clarifications that do not affect your rights, or changes required by law), we may update this Policy without prior notice. We encourage you to review this Policy periodically.

Your continued use of the Service after the effective date of the updated Policy constitutes your acceptance of the revised terms. If you object to any changes, you must stop using the Service and may request deletion of your account.

15. Contact & Data Protection Officer

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

KLG Holdings LLC — Privacy Team

Privacy inquiries: privacy@kyntek.ai

Security concerns: security@kyntek.ai

Legal inquiries: legal@kyntek.ai

Website: kyntek.ai

Jurisdiction: Commonwealth of Puerto Rico, USA

Data Protection Officer (DPO): For GDPR-related inquiries, our Data Protection Officer can be reached at privacy@kyntek.ai with the subject line "DPO Request." We aim to respond to all privacy inquiries within five (5) business days and to fulfill verified data subject requests within the timeframes required by applicable law.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority. For EEA residents, a list of supervisory authorities is available on the European Data Protection Board's website. For UK residents, the supervisory authority is the Information Commissioner's Office (ICO).