Knostra
Log In

Privacy Notice

Last Updated: January 27, 2026

This Privacy Notice explains how Knostra Inc ("Knostra") collects, uses, discloses, and otherwise processes personal data in connection with Knostra's brands, including Knostra, as well as any specific product, service, or application that references or links to this Privacy Notice. We may also choose or be required by law to provide different or additional disclosures relating to the processing of personal data about residents of certain countries, regions, or states. Please refer to the Region-Specific Disclosures section below for additional disclosures that may be applicable to you.

This Privacy Notice does not address our privacy practices relating to Knostra job applicants, employees and other employment-related individuals, nor data that is not subject to applicable data protection laws (such as deidentified or publicly available information in certain jurisdictions). This Privacy Notice is also not a contract and does not create any legal rights or obligations not otherwise provided by law.

Our Collection and Use of Personal Data

The categories of personal data we collect depend on how you interact with us and our services. For example, you may provide us your personal data directly when you register for an account, provide us with access to your email inbox, make a purchase, or otherwise contact us or interact with us.

We also collect personal data automatically when you interact with our websites and services and may also collect personal data from other sources and third parties.

Personal Data Provided by Individuals

We collect the following categories of personal data individuals provide us:

• Contact Information, including first and last name, phone number, email address, mailing address, and communication preferences. We use this information primarily to fulfill your request or transaction, to communicate with you directly, and to send you marketing communications in accordance with your preferences.

• Account Information, including first and last name, email address, phone number, account credentials or one-time passcodes, and the products or services you are interested in, purchased, or have otherwise used. We use this information primarily to administer your account, provide you with our products and services, communicate with you regarding your account and your use of our products and services, and for customer support purposes.

• Customer Content, including any files, documents, audio, videos, images, data, or communications you choose to input, upload, or transmit to, or make available through, our products and services. We use this content primarily to provide you with our products and services, and to facilitate your requests. We do not use the contents of your connected emails, messages, or files to train our machine learning or artificial intelligence models unless you or your organization expressly opt in or agree to this in writing.

However, we may use (i) Service Data and (ii) de-identified and/or aggregated business and outcome data you provide or that is generated through your use of the Service (such as product usage signals and de-identified transaction-level outcomes and performance indicators) to develop, train, test, and improve our models (including propensity models), unless you opt out as described below.

• Sensitive Information, including any information that may be revealed through your emails, such as your race, ethnicity, health information, financial information, or the contents of your emails. We use this information primarily to provide you with our products and services and to facilitate your requests. We do not use Sensitive Information to infer characteristics about you or for targeted advertising. Some of the personal data we collect may be considered “Sensitive Personal Information” under certain U.S. state laws (for example, precise geolocation, certain financial information, or health-related information contained in emails). We do not use Sensitive Personal Information to infer characteristics about you or for cross-context behavioral advertising. If that changes, California residents will have the right to Limit the Use and Disclosure of Sensitive Personal Information via the “Your Privacy Choices” link.

• Payment Information, including payment card information, billing address, and other financial information (such as, routing and account number). Please note that we use third-party payment providers, including Stripe, to process payments made to us. We do not retain any personally identifiable financial information, such as payment card number, you provide these third-party payment providers in connection with payments. Rather, all such information is provided directly by you to our third-party payment providers. The payment provider's use of your personal data is governed by their privacy notice. To view Stripe's privacy policy, please see https://stripe.com/privacy.

• Feedback and Support Information, including the contents of custom messages sent through the forms, chat platforms, including our online live chat or automated chat functions, email addresses, or other contact information we make available to customers, as well as recordings of calls with us, where permitted by law (including through the use of automated or artificial intelligence tools provided by us or our third-party providers). We use this information primarily to investigate and respond to your inquiries, to communicate with you via online chat, email, phone, text message or social media, and to improve our products and services.

* SMS and Mobile Information. If you choose to enable SMS notifications, we collect your mobile phone number and messaging consent information (including the date, time, and method of opt-in, and your opt-out status). We use this information solely to deliver SMS notifications related to your account activity, reminders, and productivity updates, and to comply with messaging laws and industry requirements. We will only send SMS messages to mobile numbers for which we have obtained the recipient’s affirmative opt-in. We do not sell, rent, or share mobile phone numbers or SMS opt-in consent data with third parties for their marketing or promotional purposes. We may share this information with service providers that help us deliver messages (for example, SMS delivery providers) and as required by law. If you opt out by replying STOP, we will retain minimal information necessary to document your opt-out request and comply with applicable requirements.

Personal Data Automatically Collected

We, and our service providers, automatically collect information you provide to us and information about how you access and use our products and services when you engage with us. We typically collect this information through the use of a variety of our own and our service providers' automatic data collection technologies, including (i) cookies or small data files that are stored on an individual's computer and (ii) other, related technologies, such as web beacons, pixels, embedded scripts, mobile SDKs, location-identifying technologies and logging technologies. Information we collect automatically about you may be combined with other personal data we collect directly from you or receive from other sources.

We, and our service providers, use automatic data collection technologies to automatically collect the following data when you use our services or otherwise engage with us:

• Service Data, including logs, diagnostics, usage data, event-level product signals, and de-identified analytics we generate relating to your use of the services. Service Data may also include de-identified and/or aggregated outcomes and performance indicators generated in connection with your use of the Service (including, where applicable, de-identified transaction-level outcomes). We use Service Data to maintain, secure, and improve our products and services, including to develop and train our machine learning and artificial intelligence models.

  • Transaction and Outcome Data, including transaction lifecycle and performance information and related outcome indicators that you or your organization provide to enable analytics and recommendations (for example, stage/status, dates, amounts, disposition/outcome indicators, and related metadata), and associated contact and relationship data. We use this information to provide the services, generate analytics, and improve predictions and recommendations, including through propensity modeling as described below.

• Information About Your Device and Network. We collect basic device and network information such as device type, operating system, IP address, browser type, and approximate location derived from IP address. We use this information for security, fraud prevention, troubleshooting, and basic analytics. We do not use ad identifiers for tracking, and we do not attempt to link activity across unaffiliated websites or across devices for advertising purposes.

• Usage and Interaction Data. We collect information about how you use the Services, such as the pages and features you use, actions you take within the Services, and performance data (e.g., timestamps, error logs, and crash reports). We use this information to operate, secure, and improve the Services. We do not use session-replay technologies that record keystrokes in form fields, and we do not use Google user data obtained via Google APIs for advertising, marketing, or targeted profiling.

• Information About Your Location, including general geographic location that we or our third-party providers may derive from your IP address. All of the information collected automatically through these tools allows us to operate, secure, and improve your experience. For example, we may use this information to remember your preferences, understand and improve performance and reliability, provide customer support and communications features, detect and prevent fraud and abuse, measure usage, and diagnose or fix technology problems. We do not use Google user data obtained via Google APIs for advertising, marketing, or targeted profiling. For information about the choices you may have in relation to our use of automatic data collection technologies, please refer to the Your Privacy Choices section below.

Personal Data from Other Sources and Third Parties

We may receive the same categories of personal data as described above from the following sources and other parties:

• Our Affiliates: We are able to offer you the products and services we make available because of the hard work of our team members across all Knostra entities. To provide our products and facilitate our services, Knostra entities receive personal data from other Knostra entities for purposes and uses that are consistent with this Privacy Notice. For example, we may receive your contact information to process and fulfill your order from a representative at your local Knostra entity.

• Single Sign-On: We may provide you the ability to log in to our services through certain third-party accounts you maintain. When you use these single sign-on protocols to access our services, we do not receive your login credentials for the relevant third-party service. Instead, we receive tokens from the single sign-on protocol to help identify you in our system (such as by your username) and confirm you successfully authenticated through the single sign-on protocol. This information allows us to more easily provide you access to our products and services.

* Google User Data (Limited Use).If you connect a Google account, we access and use Google user data only as needed to provide and improve the user-facing features you request and in accordance with Google API Services User Data Policy (including the Limited Use requirements). Depending on the features you enable, this may include: (a) Gmail - viewing email messages and certain settings inside the Service, and sending emails only when you explicitly direct us to send (e.g., after you approve content and initiate sending); (b) Google Contacts - reading your contacts and 'Other Contacts' to import, match, and organize relationship information in the Service; and (c) Google Calendar - viewing calendars and events to show your schedule and reminders, and creating or editing events only when you explicitly direct us to do so. We do not use Google user data to serve ads, build advertising profiles, or sell or share it. We do not use the contents of Google user data (such as Gmail message bodies) to train models intended for general use across customers unless you expressly opt in in writing. We disclose Google user data only to vetted service providers acting on our behalf to operate the Service (e.g., hosting, security) and only as necessary to provide the requested functionality.

• Other Customers: We may receive your personal data from our other customers. For example, a customer's email inbox may contain your contact information.

• Social Media: When you interact with our services through other social media networks, such as when you follow us or share our content on other social networks, we may receive some information that you permit the social network to share with third parties. The data we receive is dependent upon your privacy settings with the social network, and may include profile information, profile picture, username, and any other information you permit the social network to share with third parties. You should always review and, if necessary, adjust your privacy settings on third-party websites and social media networks and services before sharing information and/or linking or connecting them to other services. We use this information primarily to operate, maintain, and provide to you the features and functionality of our products and services, as well as to communicate directly with you, such as to send you messages about features that may be of interest to you.

  • Service Providers. We may receive personal data from service providers (such as hosting, security, fraud prevention, customer support, and analytics providers acting on our behalf) who process personal data to help us operate, secure, and improve the Services. We do not provide Google user data obtained via Google APIs to advertising or marketing providers, and we do not permit any third party to use Google user data obtained via Google APIs except as necessary to provide services to us in accordance with the Google API Services User Data Policy (including the Limited Use requirements).

• Other Sources: We may also collect personal data about you from other sources, including through transactions such as mergers and acquisitions.

• Inferences: We may generate inferences or predictions about you and your interests and preferences based on the other personal data we collect and the interactions we have with you.

Additional Uses of Personal Data

In addition to the primary purposes for using personal data described above, we may also use personal data we collect to:

• Fulfill or meet the reason the information was provided, such as to fulfill our contractual obligations, to facilitate payment for our products and services, or to deliver the services requested;

• Manage our organization and its day-to-day operations;

• Communicate with you, including via email, text message, chat, social media and/or telephone calls;

• Request you provide us feedback about our product and service offerings;

• Address inquiries or complaints made by or about an individual in connection with our products or services;

• Create and maintain accounts for our users;

• Verify your identity and entitlement to our products and services;

• Administer, improve, and personalize our products and services, including by recognizing you and remembering your information when you return to our products and services;

• Develop, operate, improve, maintain, protect, and provide the features and functionality of our products and services;

• Identify and analyze how you use our products and services;

• Infer additional information about you from your use of our products and services, such as your interests.

  • Create aggregated or de-identified information that cannot reasonably be used to identify you, which we may use to operate, secure, and improve the Services (for example, to develop analytics, reporting, and models based on Service Data). For clarity, this aggregated or de-identified information does not include the contents of Google user data (such as Gmail message bodies or Google Drive file contents) accessed via Google APIs, unless you expressly opt in in writing.

• Conduct research and analytics on our user base and our products and services, including to better understand the demographics of our users;

  • Improve and customize our products and services to address the needs and interests of our user base and other individuals we interact with, including (a) training and improving our artificial intelligence models using Service Data (such as logs, diagnostics, and feature usage data), and (b) using de-identified and/or aggregated outcomes and performance indicators (including de-identified transaction-level outcomes where provided) to develop, train, test, and improve models such as propensity models, for the benefit of all users, unless you opt out as described below. We do not use Google user data obtained via Google APIs (including the contents of connected emails, messages, or files) for cross-customer modeling or advertising, unless you or your organization expressly opt in or agree to this in writing.

• Test, enhance, update, and monitor the products and services, or diagnose or fix technology problems;

• Help maintain and enhance the safety, security, and integrity of our property, products, services, technology, assets, and business;

• Defend, protect, or enforce our rights or applicable contracts and agreements (including our Terms of Service), as well as to resolve disputes, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties;

• Detect, prevent, investigate, or provide notice of security incidents or other malicious, deceptive, fraudulent, or illegal activity and protect the rights and property of Knostra and others;

• Facilitate business transactions and reorganizations impacting the structure of our business;

• Comply with contractual and legal obligations and requirements;

• Fulfill any other purpose for which you provide your personal data, or for which you have otherwise consented.

Use of Customer Content and AI Training.

We use Service Data (for example, logs, diagnostics, feature usage data, and de-identified analytics and product signals) to operate, secure, and improve the Services, including to develop, test, and improve our machine learning and artificial intelligence systems. For cross-customer modeling (for example, propensity models), we use only de-identified and/or aggregated outcomes and performance indicators (including de-identified transaction-level outcomes where provided) and de-identified Service Data. We do not use Google user data obtained via Google APIs (including the contents of connected emails, messages, or files) to train models intended for general use across customers, and we do not use Google user data for advertising. We do not use the contents of your connected emails, messages, or files to train our models unless you or your organization expressly opt in or agree to this in writing. For enterprise customers, we typically act as a processor under a separate agreement and our use of Customer Content is governed by that agreement and our Data Processing Addendum.

Opt-Out of Cross-Customer Modeling. You may opt out of our use of de-identified and/or aggregated outcomes and performance indicators from your use of the Service for the purpose of developing models intended for general use across customers (for example, propensity models), by adjusting your account settings (where available) or by contacting us at support@knostra.ai. If you opt out, we may still use Service Data for security, fraud prevention, compliance, and to provide and improve the Service for your own account.

Retention of Personal Data

We retain Personal Data for as long as reasonably necessary to fulfill the purposes described in this Privacy Notice, including providing the services, complying with our legal obligations, resolving disputes, and enforcing our agreements. The list below provides examples of how long we typically retain certain categories of Personal Data:

  • Account identifiers (name, email address, account credentials) – for as long as your account is active and for up to 3 years after closure (for tax, audit, and recordkeeping purposes).
  • Device and usage data (logs, diagnostics, analytics) – up to 24 months (for security, fraud prevention, analytics, and service improvement).
  • Support records and call/chat recordings – up to 24 months (for quality assurance, training, and dispute resolution).
  • Payment-related metadata (excluding full card numbers, which are stored by our payment processor) – up to 7 years (for finance, tax, and regulatory compliance).

Where exact retention periods are not practicable, we determine them based on criteria such as the type of Personal Data, the nature of our relationship with you, the sensitivity of the data, and our legal and contractual requirements.

Our Disclosure of Personal Data

Sale/Sharing of Personal Data and Targeted Advertising. We do not “sell” or “share” Personal Information, and we do not use Personal Information for “targeted advertising” or “cross-context behavioral advertising” as those terms are defined under certain U.S. state laws. In particular, we do not use or disclose Google user data obtained via Google APIs for advertising purposes.

We disclose or otherwise make available personal data in the following ways:

• To Our Affiliates: We are able to offer you the products and services we make available because of the hard work of our team members across Knostra entities. To provide our products and facilitate our services, Knostra entities disclose personal data to other Knostra entities for purposes and uses that are consistent with this Privacy Notice. For example, the Knostra entity responsible for our website may disclose your contact information to an Knostra entity in your region to facilitate communications between you and a local Knostra representative.

• In Connection with a Business Transaction or Reorganization: We may take part in or be involved with a business transaction or reorganization, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose, transfer, or assign personal data to a third-party during negotiation of, in connection with, or as an asset in such a business transaction or reorganization. Also, in the unlikely event of our bankruptcy, receivership, or insolvency, your personal data may be disclosed, transferred, or assigned to third parties in connection with the proceedings or disposition of our assets.

• To Service Providers: We engage other third parties to perform certain services on our behalf in connection with the uses of personal data described in the sections above. Depending on the applicable services, these service providers may process personal data on our behalf or have access to personal data while performing services on our behalf.

• To Other Businesses as Needed to Provide Services: We may share personal data with third parties you engage with through our services or as needed to fulfill a request or transaction including, for example, payment processing services.

• To Facilitate Legal Obligations and Rights: We may disclose personal data to third parties, such as legal advisors and law enforcement:

• in connection with the establishment, exercise, or defense of legal claims;

• to comply with laws or to respond to lawful requests and legal process;

• to protect our rights and property and the rights and property of our agents, customers, and others, including to enforce our agreements, policies, and terms of use;

• to detect, suppress, or prevent fraud;

• to reduce credit risk and collect debts owed to us;

• to protect the health and safety of us, our customers, or any person; or

• as otherwise required by applicable law.

• With Your Consent or Direction: We may disclose your personal data to certain other third parties or publicly with your consent or direction. For example, with your permission, we may post your testimonial on our websites.

Your Privacy Choices

Communication Preferences

• Email Communication Preferences: You can stop receiving promotional email communications from us by clicking on the "unsubscribe" link provided in any of our email communications. Please note you cannot opt-out of service-related email communications (such as, account verification, transaction confirmation, or service update emails).

• Phone Communication Preferences: You can stop receiving promotional phone communications from us by informing the caller you no longer wish to receive promotional phone calls from us, following the instructions provided on the call for opting out of promotional phone calls (where available), or replying STOP to any one of our promotional text messages. Please note we may need to continue to communicate with you via phone for certain service-related messages (such as, sending a verification code to your phone via call or text for purposes of verifying the authenticity of a log-in attempt).

• Push Notification Preferences: You can stop receiving push notifications from us by changing your preferences in your device's notification settings menu or in the applicable service-specific application. Please note we do not have any control over your device's notifications settings and are not responsible if they do not function as intended.

Withdrawing Your Consent

Where we have your consent for the processing of your personal data (e.g., when you opt in to receive certain types of marketing communications from us), you may withdraw your consent by following the instructions provided when your consent was requested or by contacting us as set forth in the Contact Us section below.

Automatic Data Collection Preferences

You may be able to utilize third-party tools and features to restrict our use of automatic data collection technologies. For example, (i) most browsers allow you to change browser settings to limit automatic data collection technologies on websites, (ii) most email providers allow you to prevent the automatic downloading of images in emails that may contain automatic data collection technologies, and (iii) many devices allow you to change your device settings to limit automatic data collection technologies for device applications. Please note that blocking automatic data collection technologies through third-party tools and features may negatively impact your experience using our services, as some features and offerings may not work properly or at all. Depending on the third-party tool or feature you use, you may not be able to block all automatic data collection technologies or you may need to update your preferences on multiple devices or browsers. We do not have any control over these third-party tools and features and are not responsible if they do not function as intended.

Targeted Advertising Preferences

We do not engage in targeted advertising on or off the Services, and we do not share personal data (including Google user data obtained via Google APIs) with third-party advertising partners. We may use cookies and similar technologies for security, fraud prevention, and basic analytics. You can control cookies through your browser settings and other tools described above.

Modifying or Deleting Your Personal Data

If you have any questions about reviewing, modifying, or deleting your personal data, you can contact us as set forth in the Contact Us section below. We may not be able to modify or delete your personal data in all circumstances.

Partner-Specific Preferences

Certain of our third-party providers and partners offer additional ways that you may exercise control over your personal data, or automatically impose limitations on the way we can use personal data in connection with the services they provide:

• Device-Specific / Platform-Specific Preferences: The device and/or platform you use to interact with us (such as your mobile device or social media provider), may provide you additional choices with regard to the data you choose to share with us. For example, many mobile devices allow you to change your device permissions to prevent our products and services from accessing certain types of information from your device (such as your contact lists or precise geolocation data), and many social media platforms allow you to change your platform permissions to prevent integrated products and services from accessing certain types of information connected with your profile. Please refer to your device or platform provider's user guides for additional information about implementing any available platform-specific targeted advertising opt-outs.

  • Google Analytics: Google Analytics allows us to better understand how our customers interact with our services. For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google's website here: www.google.com/policies/privacy/partners/. You can learn about Google Analytics' currently available opt-outs, including the Google Analytics Browser Add-On here: https://tools.google.com/dlpage/gaoptout/. We use Google Analytics only for measuring usage and improving performance. We do not enable Google Analytics advertising features (such as remarketing, ad personalization, or interest-based advertising).

Children's Personal Data

Our services are not directed to, and we do not intend to, or knowingly, collect or solicit personal data from children under the age of 13. If an individual is under the age of 13, they should not use our services or otherwise provide us with any personal data either directly or by other means. If a child under the age of 13 has provided personal data to us, we encourage the child's parent or guardian to contact us to request that we remove the personal data from our systems. If we learn that any personal data we collect has been provided by a child under the age of 13, we will promptly delete that personal data. We do not knowingly sell or share Personal Information of consumers we know to be under 16 years of age or use their Personal Information for targeted advertising. If we elect to do so in the future, we will first obtain the required opt-in consent (parental consent for consumers under 13; teen consent for ages 13–15) as required by applicable law.

Automated Processing

We may conduct automated processing of personal data in order to provide the services you request. To the extent that these activities constitute automated decision making or profiling, we do not process your personal data for purposes that produce a legal or similarly significant effect, such as a decision to offer to you or decline a request for employment.

Security of Personal Data

We have implemented reasonable physical, technical, and organizational safeguards that are designed to protect your personal data. In addition, we take steps designed to ensure any third party with whom we share personal data provides a similar level of protection. However, despite these controls, we cannot completely ensure or warrant the security of your personal data.

Third-Party Websites and Services

Our websites and other services may include links to or redirect you to third-party websites, plug-ins, applications, or other services. Third-party websites and other services may also reference or link to our websites and services. This Privacy Notice does not apply to any personal data practices of these third-party websites, plug-ins, applications, or other services. To learn about these third parties' personal data practices, please visit their respective privacy notices.

Region-Specific Disclosures

We may choose or be required by law to provide different or additional disclosures relating to the processing of personal data about residents of certain countries, regions or states. Please refer below for disclosures that may be applicable to you:

• US State Privacy Disclosures: Residents of certain U.S. states, including California, Colorado, Connecticut, Virginia, Utah, Texas, and others, have additional rights with respect to their Personal Information. Subject to applicable law and certain exceptions, these may include:

  • the right to confirm whether we process your Personal Information and to access that information;
  • the right to obtain a copy of your Personal Information in a portable and, to the extent technically feasible, readily usable format;
  • the right to request that we correct inaccuracies in your Personal Information;
  • the right to request that we delete your Personal Information; and
  • the right to opt out of (i) the sale of Personal Information, (ii) the sharing or use of Personal Information for targeted advertising or cross-context behavioral advertising, and (iii) certain profiling in furtherance of decisions that produce legal or similarly significant effects.

You may submit a privacy rights request by contacting us at legal@knostra.ai and indicating which right you would like to exercise and your state of residence. We will take reasonable steps to verify your identity before responding to your request, for example by requesting that you authenticate through your account or match certain information you provide with information we maintain.

You may also designate an authorized agent to submit certain requests on your behalf, subject to verification of the agent’s authority and your identity, as required by California law.

We will not discriminate against you for exercising your privacy rights.

Where required by law (including in California, Colorado, Connecticut, Virginia, and Texas), if we deny your request, you may appeal our decision by emailing legal@knostra.ai with the subject line “Privacy Request Appeal.” We will respond to your appeal within 45 days and provide information about how you may contact your state regulator if you are not satisfied with our response.

We recognize and honor Global Privacy Control (GPC) and other supported universal opt-out signals as valid requests to opt out of sale/sharing and targeted advertising for the browser or device where we receive the signal.

• European Economic Area, United Kingdom or Switzerland: If you are located in the European Economic Area (Member States of the European Union together with Iceland, Norway, and Liechtenstein), the United Kingdom, or Switzerland, please click here for additional European-specific privacy disclosures, including a description of the personal data rights made available to individuals located in those jurisdictions under applicable law.

Updates to This Privacy Notice

We may update this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will change the date at the beginning of this Privacy Notice. If we make material changes to this Privacy Notice, we will notify individuals by email to their registered email address, by prominent posting on this website or our other platforms, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.

Contact Us

If you have any questions or requests in connection with this Privacy Notice or other privacy-related matters, please contact us at: legal@knostra.ai.

ADDITIONAL EUROPEAN ECONOMIC AREA, UNITED KINGDOM, AND SWITZERLAND PRIVACY DISCLOSURES

These disclosures supplement the information contained in our Privacy Notice by providing additional information about our personal data processing practices relating to individuals who access our services or otherwise interact with us from the European Economic Area ("EEA"), United Kingdom ("UK"), and Switzerland. For a detailed description of how we collect, use, disclose, and otherwise process personal data, please read our Privacy Notice.

Controller Details and Privacy Contacts

EEA, UK, and Swiss Controller

Knostra, a company duly incorporated and organized under the laws of the United States, having its registered address at 254 Chapman Rd, Ste 208 #24595, Newark, Delaware 19702, is the "controller" responsible for the processing of personal data in connection with our EEA, UK, and Swiss services and operations. This means Knostra determines and is responsible for how your personal data is used. You may contact Knostra by emailing legal@knostra.ai.

Our Data Protection Officer

We have appointed a Data Protection Officer who is responsible for monitoring our compliance with applicable data protection law. You can contact our Data Protection Officer with any questions or complaints you may have about our privacy practices by emailing legal@knostra.ai.

Additional Questions or Complaints

If you have a concern about our processing of personal data, you have the right to lodge a complaint with the Data Protection Authority where you reside, where you work, or where an alleged violation of the law has occurred. Contact details for applicable Data Protection Authorities can be found using the links below:

• European Economic Area: https://edpb.europa.eu/about-edpb/board/members\_en

• United Kingdom: https://ico.org.uk/global/contact-us/

• Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

We would, however, appreciate the chance to handle your concerns directly prior to a complaint being filed, so please contact us directly at legal@knostra.ai if you have any concerns.

Purposes and Legal Bases of Processing

When we process your personal data, we will do so in reliance on the following lawful bases:

• Contract: Where the processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract with you. This applies to any processing where you sign a contract with us, for example when you become our customer or deliver services to us as a vendor or contractor. This may also include processing necessary for the performance of our Terms of Service.

• Legitimate Interest: Where the processing is necessary for the purposes of a legitimate interest that are not overridden by your interests or fundamental rights and freedoms (e.g., to provide, maintain, and improve our products and services, conduct data analytics, and communicate with you regarding our services).

• Vital Interest: Where the processing is necessary to protect the vital interests of you or another person (e.g., to protect your physical safety).

• Public Interest: Where the processing is necessary to perform tasks carried out in the public interest or in the exercise of official authority vested in us (e.g., to cooperate in an ongoing law enforcement investigation).

• Legal Obligation: Where the processing is necessary to comply with our legal obligations (e.g., to maintain a record of your personal data to comply with laws and regulations related to bookkeeping, accounting, taxation, and employment).

• Consent: Where we have your consent for the processing (e.g., when you opt in to receive marketing communications from us). When consent is the legal basis for our processing of your personal data, you may withdraw your consent at any time.

You are not required to provide personal data to us, but we do rely on your personal data to provide certain of our products and services. For example, we need your personal data to facilitate and deliver an order that you request. If you choose not to provide us with your personal data, we may not be able to provide you with a service or product you request. We will inform you at the point that we collect personal data from you if the provision of certain personal data is mandatory or optional for receipt of our products and services.

Retention of Personal Data

We will usually retain the personal data we collect about you for no longer than reasonably necessary to fulfil the purposes for which it was collected, and in accordance with our legitimate business interests and applicable law. However, if necessary, we may retain personal data for longer periods of time as required under applicable law or as needed to resolve disputes or protect our legal rights.

The criteria used to determine the period of time for which personal data about you will be retained varies depending on the legal basis under which we process your personal data:

• Contract: Where we are processing personal data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.

• Legitimate Interest: Where we are processing personal data based on legitimate interests, we generally will retain the information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects.

• Vital Interest: Where we are processing personal data based on vital interests, we generally will retain the information for the period of time necessary to protect the vital interests of the relevant person plus some additional limited period of time that represents any applicable statute of limitations for legal claims that could arise out of the related events.

• Public Interest: Where we are processing personal data to perform tasks carried out in the public interest or in the exercise of official authority vested in us, we generally will retain the information for a reasonable period of time based on the public interest / official authority, taking into account any obligations we may have to retain the information for a longer period of time.

• Legal Obligation: Where we are processing personal data based on a legal obligation, we generally will retain the information for the period of time necessary to fulfill the legal obligation plus some additional limited period of time that represents the statute of limitations for legal claims that could arise from the legal obligation.

• Consent: Where we are processing personal data based on your consent, we generally will retain the information for the period of time necessary to fulfill the purposes for which you have provided your consent.

In certain circumstances, we may need to apply a "legal hold" that retains information beyond our typical retention period where we face threat of legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved. In all cases, in addition to the purposes and legal bases identified above, we consider the amount, nature and sensitivity of personal data, as well as the potential risk of harm from unauthorized use or disclosure of personal data, in determining the relevant retention period.

Once retention of the personal data is no longer reasonably necessary for the purposes outlined above, we will either delete or deidentify the personal data or, if that is not possible (for example, because personal data has been stored in backup archives), we will securely store the personal data and isolate it from further active processing until deletion or deidentification is possible.

International Transfers of Personal Data

We operate and engage service providers in various jurisdictions. Therefore, we and our service providers may transfer personal data to, or store, access, or process personal data in, a country other than the one in which it was collected, including, but not limited to, the United States. The country to which personal data is transferred may not provide the same level of protection for personal data as the country from which it was transferred.

We may transfer personal data about you outside of the EEA, UK, and Switzerland, and when we do so we rely on appropriate or suitable safeguards recognized under applicable law, including adequacy decisions, standard contractual clauses, and the EU-US Data Privacy Framework. If you would like more information on the specific safeguards we use (and obtain a copy of such safeguards, where applicable), please contact us at legal@knostra.ai.

Adequacy Decisions

We may transfer personal data about you to countries that the relevant regulatory authority have deemed to adequately safeguard personal data, either automatically or in connection with a specific safe harbor framework.

Standard Contractual Clauses

Certain regulatory authorities have adopted standard contractual clauses, which provide safeguards for personal data transferred outside of the originating jurisdiction. We may use these standard contractual clauses when transferring personal data to a third country that has not been deemed to adequately safeguard personal data.

EU-U.S. Data Privacy Framework

The EU-U.S. Data Privacy Framework was designed by the U.S. Department of Commerce and the European Commission to ensure adequate protection for personal data transferred to a company participating in the EU-U.S. Data Privacy Framework. If we transfer any personal data about you from the EEA to a third party outside the EEA who is participating in the EU-U.S. Data Privacy Framework, we may rely on their participation in the Framework to ensure adequate protection for personal data so transferred.

Your Additional EEA, UK, and Swiss Privacy Choices

Subject to certain limitations at law, you may be able to exercise the following rights:

• Right to Access: The right to obtain confirmation of whether we are processing personal data about you, access to and a copy of the personal data we are processing about you, and information relating to its processing, including:

• The categories of personal data being processed;

• The purposes of the processing;

• The categories of the sources of the personal data;

• The categories of recipients to whom the personal data have been or will be disclosed;

• The envisaged period for which the personal data will be stored, or the criteria used to determine that period;

• Any automated decision-making or profiling performed in connection with your personal data; and

• The safeguards relied upon for the transfer of personal data to any third country.

• Right of Portability: The right to obtain a copy of the personal data we have collected about you in a structured, commonly used, and machine-readable format, and the right to transmit that personal data to another controller without hindrance.

• Right to Rectification: The right to correct or update any personal data about you that is inaccurate or incomplete.

• Right to Restriction of Processing: The right to require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the personal data is contested by you.

• Right to Object to Processing: The right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.

• Right to Withdraw Consent: The right to withdraw your previously provided consent to our processing of your personal data. Please note withdrawing your consent will not affect the lawfulness of our use of your personal data before your consent was withdrawn, nor our processing of personal data pursuant to a different lawful basis for processing.

• Right to Erasure: The right to have us erase your personal data if the continued processing of that personal data is not otherwise justified.

Please note that if the exercise of these rights limits our ability to process personal data, we may not be able to provide our services to you, or otherwise engage with you in the same manner.

Submitting Privacy Rights Requests

Please submit a request specifying the right you wish to exercise by contacting us at legal@knostra.ai.

To control the use of automatic data collection technologies (including cookies), you can explore what settings are available to you by looking in the "preferences" or "options" section of your browser's menu. To find out more information about cookies, including how to manage and delete them, please visit allaboutcookies.org. In addition, you may follow the steps set forth in the Automatic Data Collection Preferences section above to further exercise control over automatic data collection technologies.

Before processing your request to exercise certain rights (taking into account the confidential nature of any personal data we maintain), we will need to verify your identity and confirm you are accessing our services or otherwise interacting with us from the EEA, UK, or Switzerland. In order to verify your identity, we will generally either require the successful authentication of your account, or the matching of sufficient information you provide us to the information we maintain about you in our systems. As a result, we require requests submitted through our online form to include first and last name, email address, phone number, state of residency and/or the date of your last transaction with us.

In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity as needed to protect your personal data or locate your information in our systems, or where you are not accessing our services or otherwise interacting with us from the EEA, UK, or Switzerland.

Knostra

Knostra is a proactive Relationship OS where intelligence meets intention. Move beyond the feed and build meaningful momentum.

Product

FeaturesHow It WorksFAQ

Company

About UsManifestoTerms of ServicePrivacy PolicySMS TermsContact

© 2026 Knostra. All rights reserved.