Customer Privacy Policy

01. Our Core AI Promise: Your IP is Yours

We built KalaExpanse AI to empower creators. We strictly do not use your private manuscripts, character lore, or world-building notes to train public Large Language Models (LLMs). Your creative data remains confined to your personal environment. When you utilize our AI features, data is sent to our AI providers securely via API solely for the ephemeral purpose of generating your requested response, and is explicitly opted-out of foundational model training by those providers.

02. What We Collect

When you interact with our Services, we may collect the following categories of information:

• Contact & Account Information: Email address, display name, and authentication credentials when you create an account via our secure authentication provider (Supabase).
• User Content: Manuscripts, scenes, character attributes, locations, custom prompts, and any text you input into the IDE.
• Financial & Transaction Information: We utilize Lemon Squeezy as our Merchant of Record. When you purchase credits or subscriptions, Lemon Squeezy collects your payment and billing information. KalaExpanse AI does not directly collect or store your credit card or banking details. We only receive transaction IDs, subscription status, and timestamp data.
• Telemetry and Authorship Data: To provide our unique "Proof of Authorship" and authenticity scoring, our IDE captures specific keystroke telemetry. This includes tracking delta changes to calculate whether text was human-typed, pasted from external sources, or AI-generated.
• Correspondence: Feedback, support requests, and information you provide to our support teams.
• Online Identifiers & Device Data: IP addresses, browser fingerprint, operating system, browser name and version, date/time stamps, and network routing information collected automatically to ensure security.

03. Cookies and Tracking Technologies

We, and third parties we authorize, use cookies, local storage, and similar technologies to record your preferences, maintain your active IDE session, and secure your account. Most of our cookies are essential session-based cookies. You may choose to set your web browser to refuse cookies; however, please note that doing so will severely impact the functionality of the IDE and your ability to save work.

04. How We Use Information

We use your information in accordance with your instructions and as required by applicable law, including for the following purposes:

05. Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following specific circumstances:

• Service Providers: We share data with trusted third parties necessary to operate the business, including database hosting (Supabase), payment processing (Lemon Squeezy), and AI generation APIs (Google Gemini, Deepgram). These providers are bound by strict confidentiality agreements.
• Blockchain Networks (IP Vault): If you explicitly choose to use the "IP Vault" feature to seal a document, a cryptographic SHA-256 hash of your document and telemetry is permanently uploaded to the Arweave network via the Irys SDK to prove existence. Raw text is never uploaded to the blockchain.
• Legal Obligations: We may disclose information if compelled by a subpoena, court order, or to cooperate with government investigations; to prevent physical harm; or to investigate violations of our Terms of Service.
• Business Transfers: In the event of a merger, acquisition, bankruptcy, or sale of assets, your user data may be transferred as part of the transaction, subject to standard confidentiality arrangements.

06. Data Retention and Security

We maintain administrative, technical, and physical safeguards (including PostgreSQL Row Level Security) designed to protect the personal information we maintain against unauthorized access. We retain your information for as long as your account is active. You may request account deletion at any time, after which we will delete your PII and User Content. Please note that anonymized telemetry, financial transaction logs (for tax/compliance), and immutable blockchain hashes will remain.

While we take rigorous steps to secure your information, no system can be completely secure, and we cannot guarantee that your data will always remain impervious to unauthorized breaches.

07. Age Limitations

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from anyone under 18 years old. If you become aware that a minor has unlawfully provided us with personal data, please contact us, and we will take steps to delete such information and terminate the account.

08. Your Data Rights (GDPR / CCPA)

Depending on your region, you may have specific rights regarding your personal data:

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request that we correct inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"): You can request the deletion of your personal data, subject to certain legal exceptions (e.g., maintaining transaction records for tax purposes).
• Right to Data Portability: You can request your data in a structured, commonly used format (such as exporting your manuscripts).
• Right to Object/Restrict: You can object to our processing of your data for specific purposes, such as direct marketing.

To exercise any of these rights, please contact us at the email address provided below. We will respond to your request within the timeframe mandated by applicable law.

09. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. If we make material changes, we will notify you by updating the "Effective Date" at the top of this Policy and, where appropriate, providing additional notice via email or within the IDE. We encourage you to review this Policy periodically.