Policies, terms, and privacy.

Your business documents and your conversations with Kip stay on your computer. Kip is designed as a local-first application. The documents you upload to Kip's knowledge base, the conversations you have with Kip, and the credentials that authorize Kip to act on your behalf in your connected apps are all stored on your machine — not on a BUILDkind server. We do not operate a cloud that holds your business content.

The only information that leaves your machine is described in Section 03 below.

We collect three categories of information:

Account information. When you sign up for the Service, we collect your name, email address, business name, billing address, and (through our payment processor, Stripe) payment information. If you sign in via Google or Microsoft single sign-on, we receive your name, email, and a unique identifier from the identity provider.

Usage analytics (anonymous). When you use the Service, we collect anonymous, aggregated metadata about how the Service is used: counts of conversations, counts of documents indexed, anonymized topic categories of queries, response ratings, and connected-app status. We do not collect the content of your conversations, the content of your documents, or any personally identifying details about the people referenced in your work.

Communications. When you contact us at support@buildkind.solutions or otherwise communicate with us, we keep a record of that communication.

We do not collect:

• The text or images of documents you upload to Kip's knowledge base
• The full content of your conversations with Kip
• OAuth access or refresh tokens for your connected apps (Gmail, Calendar, etc.)
• The contents of emails, calendar events, or other data Kip accesses in your connected apps on your behalf

These items remain on your computer, encrypted at rest where supported by your operating system.

Although your data is stored locally, certain ephemeral transmissions occur when you use the Service:

AI inference (Anthropic). When you send a query to Kip, the query text and any relevant snippets retrieved from your local knowledge base are transmitted to Anthropic's Claude API to generate a response. Anthropic processes this information under its enterprise terms, which prohibit training on customer data and require zero retention beyond the immediate response.

Embedding generation (Voyage AI; OpenAI as fallback). When you upload a document to Kip's knowledge base, the document is split into chunks on your machine, and each chunk is transmitted to Voyage AI (or, if configured, OpenAI) to generate the vector embedding used for semantic search. The resulting embeddings are stored locally; the originating chunks are not retained by the embedding provider beyond the generation request.

Anonymous usage analytics. The Service transmits anonymous usage metadata as described in Section 02 to our analytics infrastructure.

Connected-app API calls. When Kip takes an action in one of your connected apps (e.g., sending an email through Gmail), the request is made directly from your machine to the provider's API using your stored credentials. BUILDkind does not intermediate these requests; they do not transit BUILDkind infrastructure.

Future: Knowledge-base synchronization. A future version of the Service will support optional knowledge-base synchronization across employees within a business. When this feature is enabled, encrypted document chunks and embeddings (never raw document text) may be transmitted to BUILDkind's synchronization server to allow shared access among authorized users in your sector. This feature is opt-in and not active at the time of this Privacy Policy.

We use the information described above to:

• Provide and operate the Service
• Process payments
• Communicate with you about your account, including support and service notices
• Analyze and improve the Service (using anonymous aggregate data only)
• Detect and prevent fraud, abuse, and violations of our Terms of Service
• Comply with applicable laws and respond to legal process

We do not sell your personal information. We do not share your personal information with third parties for their direct marketing purposes.

On your machine. Only the operating-system user who is authenticated on your computer can access Kip's local data. OAuth tokens stored by Kip are encrypted using your operating system's native credential store (Windows Data Protection API, macOS Keychain Services, or Linux libsecret) and cannot be decrypted without the OS user's credentials.

At BUILDkind. A small number of BUILDkind personnel have access to account information, billing information, and anonymous usage analytics. No BUILDkind personnel can access the contents of your knowledge base or your conversations — that data is not on our servers.

Service providers. We share information with the third-party service providers (Subprocessors) listed on our subprocessor page. Each subprocessor is bound by contract to process information only for the purposes we direct.

Legal disclosure. We will disclose information when legally required (e.g., in response to a valid subpoena), and will notify you of any such request unless prohibited by law.

We protect information through a combination of architectural and operational measures:

• Local-first architecture. Customer documents and conversations are stored exclusively on the customer's machine. There is no cloud database to compromise.
• OS-level credential encryption. OAuth tokens are encrypted at rest using your operating system's native keychain.
• TLS for all network transmissions. Connections between Kip and Anthropic, Voyage AI, and our subprocessors are encrypted in transit.
• Restricted internal access. Only authorized BUILDkind personnel can access the limited operational data we maintain.
• Bounded subprocessor handling. Subprocessors are contractually limited in how they may use the information we share with them.

No system is perfectly secure, and we cannot guarantee that unauthorized access will never occur. If we become aware of a security incident affecting your information, we will notify you in accordance with applicable law (within 72 hours of discovery where required) and provide reasonable detail about the scope and remediation.

Local data. Information stored on your machine is retained until you delete it. Uninstalling Kip removes the application; to also delete locally stored data, see our Data Deletion Instructions.

Account data. We retain your account information for as long as your account is active. After account closure, we retain a minimal record for a period required by applicable law (typically 7 years for tax purposes) and then delete it.

Anonymous analytics. Retained indefinitely in aggregate form. Because the analytics are anonymous, they cannot be associated with you individually.

You can request deletion of your account data at any time by emailing privacy@buildkind.solutions. We will confirm deletion within 30 days, subject to retention requirements above.

Depending on where you reside, you may have the following rights regarding your personal information:

• Right to access. Request a copy of the personal information we hold about you.
• Right to correction. Ask us to correct inaccurate information.
• Right to deletion. Ask us to delete your personal information (subject to retention exceptions above).
• Right to opt out of sale or sharing. We do not sell your personal information. We do not share it for cross-context behavioral advertising.
• Right to non-discrimination. We will not discriminate against you for exercising any of these rights.

Residents of California (CCPA/CPRA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and Virginia (VCDPA) have additional rights under their respective state laws.

To exercise any of these rights, email privacy@buildkind.solutions. We will respond within 45 days (or such other period as required by your state's law).

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, contact us at privacy@buildkind.solutions.

The Service is currently offered only to customers in the United States. We do not knowingly accept business customers located outside the United States. If you access the website from outside the US, your information will be processed in the United States, which may have different data-protection laws than your country of residence.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you at least 30 days before the changes take effect (by email if you have an account, and by posting a notice on the website). Your continued use of the Service after a change becomes effective constitutes acceptance of the updated Privacy Policy.

For privacy questions, requests, or to exercise your rights:

Email: privacy@buildkind.solutions

Mail: BUILDkind LLC, Oklahoma City, OK