K
KNULL
LEGAL

Privacy Policy

LAST UPDATED · MAY 29, 2026

Knull ("we", "us") provides an autonomous Business Operating System. This policy explains what data we collect, why, how long we keep it, and how we protect it. It applies to knullos.lovable.app, the Knull product, and any sub-domains we operate.

1. Data we collect

  • Account data: name, email, organisation, authentication tokens.
  • Workspace data: content you create or connect — campaigns, customers, financial records, knowledge documents.
  • Operational data: agent runs, audit logs, billing events.
  • Usage data: page views, feature interactions (via PostHog).
  • Connected accounts: tokens and metadata for the ad, email, analytics, and commerce platforms you explicitly connect.

2. How we use your data

We use your data to provide the product, operate autonomous agents under the Authority you've granted, secure your account, support you when you ask for help, send transactional email, and improve the platform in aggregate. We do not sell your data and we do not train foundation models on your workspace content.

3. Sub-processors

We share strictly necessary data with: Supabase (database & auth), Anthropic + OpenAI + Google (AI inference), Stripe (payments), Resend (email), Cloudflare (hosting & edge), PostHog (product analytics), and the ad platforms you explicitly connect (Meta, Google, LinkedIn, X, TikTok).

An up-to-date sub-processor list and our standard Data Processing Agreement are at /dpa.

4. Your rights (GDPR / CCPA / UK GDPR)

You may export, correct, or delete your data at any time from Settings → Privacy, or by emailing privacy@knull.com. We respond within 30 days.

  • Access — request a copy of your data.
  • Rectification — correct inaccurate data.
  • Erasure — delete your account and associated workspace data.
  • Portability — export in machine-readable JSON.
  • Object / restrict — limit specific processing.

5. Retention

Workspace data is retained for the life of your account plus 30 days. Audit logs are retained for 2 years for security and compliance.

6. International transfers

Data is processed in the EU, UK, and US depending on the sub-processor. Transfers rely on Standard Contractual Clauses where applicable.

7. Security

Data is encrypted in transit (TLS 1.3) and at rest. Admin actions require two-factor authentication and are audited to an immutable log.

Read more at /security.

8. Cookies & analytics

We use first-party cookies for authentication and session continuity, and PostHog for privacy-respecting product analytics. No third-party advertising cookies are set by Knull.

9. Children

Knull is not intended for users under 16. We do not knowingly collect data from children.

10. Changes to this policy

We'll post material changes here and notify account owners by email at least 14 days before they take effect.

11. Contact

Data Protection Officer — privacy@knull.com