Privacy Policy

Effective Date: March 25, 2025

This Privacy Policy describes how Inkbit Co. ("Kowiki," "we," "us," or "our") collects, uses, and protects information when you use the Kowiki platform (the "Service"), including our web dashboard, Slack App, Microsoft Teams App, and related integrations. By using the Service, you agree to the practices described in this Privacy Policy.

This Privacy Policy applies in addition to our Terms of Service.

1. Information We Collect

1.1 Platform Identifiers

When you connect Kowiki to a chat platform, we collect platform identifiers necessary to deliver the Service:

• Slack: Workspace ID, Team ID, User ID, Bot User ID, and Channel IDs
• Microsoft Teams: Tenant ID, Team ID, User AAD Object ID, and Channel IDs

We do NOT collect personal profile information such as names, email addresses, profile photos, or phone numbers from chat platforms. We only store opaque platform-assigned identifiers required to route content to the correct workspace and user.

1.2 OAuth Tokens

When you authorize Kowiki to access a chat platform or content source, we receive and store OAuth access tokens and refresh tokens. These tokens are used solely to interact with the authorized platform on your behalf and are encrypted at rest.

1.3 Content and User Submissions

When you create, edit, or manage wiki content through the Service, we store that content. This includes:

• Wiki pages, articles, and documents created natively
• Uploaded images and file attachments
• Configuration settings and workspace preferences

1.4 Integration Metadata

When you connect external content sources, we collect metadata necessary to synchronize content:

• Google Drive: File IDs, folder IDs, file names, and last-modified timestamps
• SharePoint: Site IDs, document library IDs, and file metadata
• GitHub: Repository names, file paths, and commit metadata

We cache content from external sources to provide fast access within chat platforms. Cached content is refreshed periodically and can be purged by administrators.

1.5 Account Registration Data

When you create a Kowiki account through our web dashboard, we collect:

• Email address
• Password (encrypted and securely stored)
• Organization name (if applicable)

1.6 Automatically Collected Data

When you use our web dashboard, we may automatically collect:

• IP address and geographic location (country/region level)
• Browser type, device type, and operating system
• Pages visited and interaction data

1.7 Payment Data

If you purchase a paid subscription, payment processing is handled by third-party processors (e.g., Stripe) that comply with PCI-DSS standards. We do not store complete credit card numbers.

2. How We Use Information

We use collected information to:

• Provide, maintain, and improve the Service, including delivering wiki content within chat platforms
• Authenticate users and authorize access to workspaces and content
• Synchronize content between external sources and the Kowiki platform
• Process transactions and manage subscriptions
• Send transactional communications (account alerts, security notices)
• Detect and prevent fraud, abuse, and security issues
• Generate aggregated, anonymized analytics
• Comply with legal obligations

3. Data Sharing

3.1 Service Providers

We share data with third-party service providers who perform services on our behalf, including cloud infrastructure, payment processing, analytics, and email delivery. These providers are contractually obligated to protect your data and may only use it to provide services on our behalf.

3.2 Legal Requirements

We may disclose information if required to:

• Comply with legal process or government requests
• Enforce our Terms of Service
• Protect the rights, safety, or property of Kowiki, our users, or others
• Facilitate a merger, acquisition, or sale of assets (with notice)

3.3 No Sale of Data

We do not sell your personal data or content to third parties for advertising or marketing purposes.

4. Third-Party Integrations

Kowiki integrates with third-party platforms to provide its core functionality. Each integration is governed by the respective platform's terms and privacy policies:

• Slack: Subject to the Slack Terms of Service and Slack Privacy Policy
• Microsoft Teams: Subject to the Microsoft Services Agreement and Microsoft Privacy Statement
• Google Drive: Subject to the Google Terms of Service and Google Privacy Policy
• SharePoint: Subject to the Microsoft Services Agreement
• GitHub: Subject to the GitHub Terms of Service and GitHub Privacy Statement

You are responsible for reviewing the terms and privacy policies of any third-party platform you connect to Kowiki. We are not responsible for the privacy practices of third-party services.

5. Data Retention and Deletion

• Account Data: Retained while your account is active and for a reasonable period thereafter to comply with legal obligations.
• Wiki Content: Retained while your account is active. You may delete content at any time. After account deletion, content may persist in backups for up to 90 days.
• OAuth Tokens: Revoked and deleted when you disconnect an integration or delete your account.
• Cached Content: Automatically refreshed on a configurable schedule. Administrators can purge cached content at any time.
• Platform Identifiers: Deleted when you uninstall the Kowiki app from your workspace or delete your account.
• Automatically Collected Data: Retained for up to 2 years for analytics, then aggregated or deleted.
• Payment Data: Retained for 7 years to comply with tax and accounting regulations.

To request deletion of your data, contact us at privacy@kowiki.app. We will process deletion requests within 30 days.

6. Security Measures

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit (TLS/SSL) and at rest
• OAuth tokens encrypted at rest using industry-standard encryption
• Access controls limiting data access to authorized personnel
• Row-Level Security (RLS) policies enforced at the database level
• Regular security assessments and vulnerability testing
• Incident response procedures for data breaches

No method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry best practices.

7. Data Breach Notification

In the event of a data breach likely to result in a risk to your rights, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
• Notify affected users without undue delay if the breach poses a high risk
• Provide information about the breach and recommended protective steps

8. Your Rights

8.1 Rights for All Users

Regardless of your location, you have the right to:

• Access: Request a copy of the data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data, subject to legal retention requirements
• Data Portability: Request your data in a portable format
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@kowiki.app. We will respond within 30 days.

8.2 Additional Rights for EEA/UK Residents (GDPR)

If you are a resident of the European Economic Area or the United Kingdom, you also have the right to:

• Restrict Processing: Request restriction of processing in certain circumstances
• Object to Processing: Object to processing based on legitimate interests
• Lodge a Complaint: Lodge a complaint with your local data protection authority

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and Data Processing Agreements.

8.3 Additional Rights for California Residents (CCPA)

• Right to Know: You have the right to know what personal information we collect, use, and disclose
• Right to Delete: You have the right to request deletion of your personal information
• Right to Opt-Out of Sale: We do not sell personal information as defined under the CCPA
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

9. Slack App Directory Compliance

The Kowiki Slack App is listed on the Slack App Directory and complies with Slack's application requirements:

• Scopes: We request only the minimum OAuth scopes necessary to provide the Service (e.g., reading channels, posting messages, managing App Home)
• Data Access: We access Slack workspace data only as authorized by the installing administrator and only for the purposes described in this Privacy Policy
• Token Storage: Slack OAuth tokens are encrypted at rest and used solely to interact with the Slack API on your behalf
• Uninstallation: When the Kowiki app is uninstalled from a Slack workspace, we revoke associated tokens and delete workspace-specific data within 30 days
• No Message Monitoring: We do not monitor, log, or store the content of Slack messages or conversations. We only access data explicitly provided through our App Home interface or slash commands

10. Microsoft Teams Marketplace Compliance

The Kowiki Microsoft Teams App is distributed through the Microsoft Teams Marketplace and complies with Microsoft's application requirements:

• Permissions: We request only the minimum Microsoft Graph permissions necessary to provide the Service
• Data Access: We access Microsoft Teams data only as authorized by the tenant administrator and only for the purposes described in this Privacy Policy
• Token Storage: Microsoft OAuth tokens are encrypted at rest and used solely to interact with the Microsoft Graph API on your behalf
• Uninstallation: When the Kowiki app is removed from a Microsoft Teams tenant, we revoke associated tokens and delete tenant-specific data within 30 days
• No Message Monitoring: We do not monitor, log, or store the content of Teams messages or conversations. We only access data explicitly provided through our tab interface or messaging extensions
• Microsoft 365 Certification:We adhere to Microsoft's security, compliance, and data handling requirements for Teams apps

11. Cookies and Tracking

Our web dashboard uses cookies and similar technologies for authentication, session management, and analytics. Chat platform integrations (Slack, Teams) do not use cookies.

For details, see our Cookie Policy.

12. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at privacy@kowiki.app.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the Effective Date and notify you by email or through the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Inkbit Co.
Email: privacy@kowiki.app

We will respond to your inquiry within 30 days.