# Data Privacy

Learn how Kaana protects and handles your data.

## Your Data Ownership

**You own your data.** We are custodians, not owners. You can:

* Export your data at any time
* Request deletion of your data
* Control who has access

## What Data We Collect

### Account Data

* Email address and name
* Company/organization name
* Login activity

### Application Data

* Projects, tasks, and documents you create
* Activities and comments
* Settings and preferences

### Usage Data

* Feature usage (to improve the product)
* Error logs (to fix issues)

## How We Protect Your Data

### Encryption

| Data Type        | Protection                                      |
| ---------------- | ----------------------------------------------- |
| Passwords        | Hashed with scrypt (never stored in plain text) |
| Sensitive fields | Encrypted with AES-256-CBC                      |
| Data in transit  | TLS 1.3 encryption                              |
| Backups          | Encrypted at rest                               |

### Access Controls

* Only authorized personnel can access production systems
* All access is logged and monitored
* Regular access reviews

### Data Isolation

Your data is isolated from other customers:

* Tenant-based data separation
* Database-level access controls
* No cross-tenant data access

## Data Retention

### Active Accounts

* Data retained as long as your account is active
* Regular backups maintained for recovery

### Deleted Data

* Deleted items removed from active database
* Backups retained for 30 days
* After 30 days, data is permanently removed

### Account Closure

* Request data export before closing
* Data deleted within 30 days of closure
* Confirmation provided upon completion

## Data Location

Your data is stored in secure data centers with:

* Physical security controls
* Environmental protections
* Redundant systems

## Third-Party Services

We use trusted third-party services:

| Service  | Purpose        | Data Shared                           |
| -------- | -------------- | ------------------------------------- |
| Auth0    | Authentication | Email, name                           |
| Stripe   | Payments       | Billing info                          |
| SendGrid | Email delivery | Email address                         |
| OpenAI   | AI features    | Content you analyze (see AI Security) |

All third parties are vetted for security compliance.

## Your Rights

You have the right to:

* **Access** — Request a copy of your data
* **Correction** — Update inaccurate information
* **Deletion** — Request data removal
* **Export** — Download your data
* **Restrict** — Limit how we use your data

Contact us to exercise these rights.

## Data Breach Response

{% stepper %}
{% step %}

### Investigate

We will investigate immediately.
{% endstep %}

{% step %}

### Notify

Affected users will be notified promptly.
{% endstep %}

{% step %}

### Prevent Recurrence

Steps taken to prevent recurrence.
{% endstep %}

{% step %}

### Regulatory Notification

Regulatory authorities notified as required.
{% endstep %}
{% endstepper %}