Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account information (name, email, company name)
• User profiles imported from your HR or identity systems
• Support tickets and communications with our team
• Survey responses and feedback

1.2 Information Collected Automatically

• Training completion and quiz scores
• Phishing simulation interaction data (opens, clicks, reports)
• Login times and IP addresses
• Browser type and device information
• Usage patterns and feature interactions

2. How We Use Your Information

We use collected information to:

• Provide and improve our security awareness platform
• Generate risk scores and analytics for your organization
• Personalize training recommendations based on user behavior
• Send notifications about training assignments and reminders
• Provide technical support and respond to inquiries
• Generate compliance and completion reports
• Improve our products through aggregated, anonymized analytics

3. Data Sharing

We do not sell your personal information. We share data only in the following circumstances:

• With your organization: Administrators can view training progress and simulation results for their users.
• Service providers: We use trusted third parties for hosting, email delivery, and analytics. These providers are bound by confidentiality agreements.
• Legal requirements: We may disclose information when required by law or to protect our rights.

4. Data Security

We implement industry-standard security measures including:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• SOC 2 Type II certified infrastructure
• Role-based access controls and audit logging

5. Data Retention

We retain data as follows:

• Account data: Retained while your subscription is active, plus 30 days
• Training and simulation data: Configurable retention periods (default: 3 years)
• Audit logs: 7 years for compliance purposes
• Deleted upon request: You can request deletion of your data at any time

6. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate information
• Request deletion of your data
• Export your data in a portable format
• Object to certain processing activities
• Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@kinan.app.

7. GDPR Compliance

For users in the European Economic Area (EEA):

• We process data under lawful bases including contract performance and legitimate interests
• Data is stored in EU data centers
• Standard Contractual Clauses govern any data transfers outside the EEA
• You may lodge a complaint with your local supervisory authority

8. Cookies

We use cookies and similar technologies for:

• Essential cookies: Required for the platform to function (authentication, security)
• Analytics cookies: Help us understand how you use our platform to improve it

You can manage cookie preferences through your browser settings.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or through the platform. Continued use of our services after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices: