This Privacy Policy explains what information Kointage collects, how we use it, who we share it with, and what choices you have. By using Kointage you consent to the practices described here.
1. Information We Collect
- Account information — email address, password hash, plan tier, and any organization metadata you provide when registering.
- Chat content — prompts you send to the AI assistant, the assistant's responses, and the conversation IDs that group them.
- Workspace data — watchlists, saved layouts, alerts, portfolio holdings you enter, and broker connection metadata. API keys for connected brokers are encrypted at rest.
- Usage data — request timestamps, AI token consumption, error logs, and aggregate analytics about which features you use.
- Billing information — name, billing address, last four digits of your card, and Stripe customer ID. Full card numbers are handled exclusively by Stripe; we never see or store them.
2. How We Use Your Information
- Operate, maintain, and improve the Service;
- Process AI prompts via our model provider (Anthropic);
- Authenticate you and protect against abuse;
- Bill you and process subscription renewals via Stripe;
- Send transactional emails (account, billing, security);
- Investigate incidents, errors, and security events;
- Comply with legal obligations.
We do not sell your personal data. We do not use your prompts or messages to train third-party AI models.
3. Third-Party Services
We share the minimum data necessary with the following processors so the Service can function:
- Anthropic (anthropic.com) — receives your AI prompts and conversation context to generate responses.
- Supabase (supabase.com) — hosts our database and handles authentication.
- Vercel (vercel.com) — hosts the application and provides analytics.
- Stripe (stripe.com) — processes payments and stores billing details.
- Tavily (tavily.com) — performs web search on behalf of the AI assistant.
- Firecrawl (firecrawl.dev) — fetches and extracts the contents of web pages on behalf of the AI assistant.
- CoinGecko, Yahoo Finance, Binance, Polymarket, alternative.me — provide market data. Requests are proxied through our servers; these providers do not receive your identity.
- Mapbox (mapbox.com) — renders maps for enterprise maritime intelligence features.
4. Data Retention
We retain account data for as long as your account is active. If you delete your account, we delete or anonymize your personal data within 30 days, except for records we are legally required to retain (e.g. invoices for tax purposes). AI usage logs are kept for at most 90 days for billing and abuse-prevention purposes and then deleted.
5. Your Rights
Depending on your jurisdiction (GDPR, CCPA, and similar), you may have the right to:
- Access the personal data we hold about you;
- Correct inaccurate data;
- Request deletion of your account and associated data;
- Export your data in a portable format;
- Opt out of certain processing activities.
To exercise these rights, email privacy@kointage.com.
6. Security
We use industry-standard practices to protect your data: TLS in transit, encryption at rest for sensitive fields (broker API keys), row-level security on the database, and least-privilege access for staff. No system is perfectly secure, however, and we cannot guarantee absolute security.
7. Children
Kointage is not intended for children under 18. We do not knowingly collect data from anyone under 18. If you believe a child has provided us with personal data, contact us and we will delete it.
8. International Transfers
Your data may be processed in countries other than your own, including the United States, where our infrastructure providers operate. By using the Service you consent to these transfers.
9. Changes
We may update this Privacy Policy. Material changes will be communicated via the Service or by email. The “Last updated” date at the top reflects the most recent revision.
10. Contact
Privacy questions can be directed to privacy@kointage.com.