Privacy Policy

Last updated: March 28, 2026

Introduction

OpenKBS ("Company", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy describes the types of information we collect when you use our AI-powered application building platform at https://openkbs.com (the "Platform"), how we use it, who we share it with, and the measures we take to keep your data secure.

This Privacy Policy applies to all users of the Platform, including visitors to our website. By using the Platform, you agree to the collection and use of information in accordance with this policy.

For information on how we process personal data on behalf of our Customers (as a data processor), please refer to our Data Processing Addendum (DPA) at https://openkbs.com/dpa.

1. Information We Collect

1.1. Information You Provide

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, company name, and account credentials when you register.
  • Payment Information: Billing address, payment method details, and transaction history. Payment card details are processed by our third-party payment processor and are not stored on our servers.
  • Customer Data: Data, documents, prompts, configurations, and other materials you upload to or create on the Platform.
  • Communications: Information you provide when you contact us for support, submit feedback, or communicate with us via email or other channels.
  • Expert Services Data: Information you provide in connection with Expert Services requests, including project descriptions, specifications, and business requirements.

1.2. Information We Collect Automatically

When you use the Platform, we automatically collect:

  • Usage Data: Interactions with the Platform, features used, pages visited, session duration, and actions performed.
  • Device and Browser Information: IP address, browser type and version, operating system, device type, and screen resolution.
  • Log Data: Server logs including access times, pages viewed, referring URL, and system activity.
  • Cookie Data: Information collected through cookies and similar tracking technologies (see Section 7).

1.3. Information from Third Parties

We may receive information from:

  • SSO Providers: When you register or log in through a third-party service (e.g., Google), we receive basic profile information as permitted by your settings with that provider.
  • Payment Processors: Transaction confirmation and fraud prevention data.
  • AI Service Providers: Metadata related to API usage (not the content of your data).

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1. Providing and Maintaining the Platform

  • Processing your registration and managing your Account;
  • Providing access to Platform features and services;
  • Processing transactions and managing Credits;
  • Transmitting your Input Data to AI service providers to generate output;
  • Providing Expert Services when requested;
  • Providing customer support.

2.2. Improving the Platform

  • Analyzing usage patterns and trends to improve functionality;
  • Developing new features and services;
  • Monitoring and improving Platform performance and reliability;
  • Conducting research and analytics using aggregated, anonymized data.

2.3. Security and Compliance

  • Detecting, preventing, and addressing fraud, abuse, and security incidents;
  • Enforcing our Terms of Use;
  • Complying with legal obligations.

2.4. Communications

  • Sending service-related notices (e.g., account confirmations, security alerts, billing notifications);
  • Sending product updates and announcements (you may opt out of non-essential communications at any time).

3. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

  • Performance of a Contract: Processing necessary to provide the Platform and services you have requested (Sections 2.1).
  • Legitimate Interests: Processing necessary for our legitimate interests, such as improving the Platform, ensuring security, and conducting analytics, where those interests are not overridden by your rights (Sections 2.2, 2.3).
  • Legal Obligation: Processing necessary to comply with applicable laws (Section 2.3).
  • Consent: Where required, such as for marketing communications (Section 2.4). You may withdraw consent at any time.

4. Data Security

We take data security seriously and implement appropriate technical and organizational measures to protect your information:

  • Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis.
  • Infrastructure Security: We utilize cloud infrastructure (including AWS) that maintains independent certifications such as ISO/IEC 27001 and SOC 2.
  • Secure Transmission: All data transmitted between your device and the Platform is encrypted using TLS/SSL.
  • Data Isolation: Customer data is logically isolated between projects and accounts.
  • Regular Security Reviews: We review and update security measures periodically to address evolving threats.

5. Sharing Your Information

We do not sell or rent your personal information to third parties. We may share your information in the following circumstances:

5.1. AI Service Providers

In the course of providing the Platform, your Input Data may be transmitted to third-party AI service providers (such as OpenAI, Anthropic, or Google) for processing. These providers are contractually bound to process data only for the purpose of providing AI services and in accordance with our Data Processing Addendum.

5.2. Infrastructure and Service Providers

We use trusted third-party providers for hosting (AWS), payment processing, email delivery, and analytics. These providers process data on our behalf and are contractually required to maintain confidentiality and security.

5.3. Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of the Company, our users, or the public.

5.4. Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

5.5. With Your Consent

We may share information with third parties when you have given us explicit consent to do so.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

6.1. For All Users

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Data Export: Export your Application Code and Customer Data through the Platform's available tools.

6.2. Additional Rights for EEA/UK Users (GDPR)

  • Restriction of Processing: Request that we restrict the processing of your personal data.
  • Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Object to Processing: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent.
  • Lodge a Complaint: File a complaint with your local data protection authority.

6.3. For California Residents (CCPA/CPRA)

You have the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of any sale of personal information. We do not sell personal information.

To exercise any of these rights, please contact us at office@openkbs.com. We will respond within the timeframe required by applicable law (typically 30 days for GDPR, 45 days for CCPA).

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on the Platform:

  • Essential Cookies: Required for the Platform to function properly (e.g., authentication, session management). These cannot be disabled.
  • Analytics Cookies: Help us understand how users interact with the Platform. We use Google Analytics, which collects your IP address and usage data.
  • Preference Cookies: Remember your settings and preferences.

Managing Cookies: You can configure your browser to refuse cookies or to alert you when cookies are being sent. Note that disabling cookies may affect your ability to use certain Platform features.

8. Data Retention

We retain your personal data for as long as necessary to provide the Platform and fulfill the purposes described in this policy:

  • Account Data: Retained while your Account is active and for a reasonable period after deletion for legal and operational purposes.
  • Customer Data: Retained while your Subscription is active. Upon termination, you may request export within fifteen (15) days, after which we may delete all Customer Data.
  • Payment Records: Retained as required by applicable tax and financial regulations.
  • Usage Logs: Retained for up to 24 months for analytics and security purposes.
  • Support Communications: Retained for up to 36 months after resolution.

9. International Data Transfers

OpenKBS operates globally across multiple regions (EU, US, and Asia-Pacific), and your data may be processed in countries other than your country of residence. When we transfer personal data outside the EEA/UK, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Adequacy decisions by the European Commission;
  • Other legally recognized transfer mechanisms.

For more information about our data transfer safeguards, please contact us at office@openkbs.com.

10. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will take steps to delete it promptly.

11. Sub-Processors

We use the following categories of sub-processors to provide the Platform:

| Category | Purpose | Location | |----------|---------|----------| | Cloud Infrastructure | Hosting, compute, storage | US, EU, Asia-Pacific | | AI Service Providers | AI model inference | US, EU | | Payment Processing | Subscription billing | US, EU | | Email Services | Transactional emails | US, EU, Asia-Pacific | | Analytics | Usage analytics | US |

A current list of specific sub-processors is available upon request by contacting office@openkbs.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will provide notice through the Platform or via email.

We encourage you to review this policy periodically.

13. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about our data practices, please contact us:

Email: office@openkbs.com

For EEA/UK users: If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

© 2026 OpenKBS. All rights reserved.