Legal

Privacy Policy

How Kansov collects, uses, protects, and handles your data. Written in plain language because we believe in transparency.

Effective Date: March 6, 2026 · Last Updated: March 6, 2026

The short version: Kansov collects only what's needed to run the platform. We don't sell your data. We don't use third-party tracking or analytics cookies. Your product data stays yours. You can export or delete it anytime.

Contents
  1. 1.Who We Are
  2. 2.Information We Collect
  3. 3.How We Use Your Information
  4. 4.AI Features and Your Data
  5. 5.Data Storage and Security
  6. 6.Cookies
  7. 7.Third-Party Services
  8. 8.Data Retention
  9. 9.Your Rights
  10. 10.International Transfers
  11. 11.Children's Privacy
  12. 12.Changes to This Policy
  13. 13.Contact Us
  14. 14.Browser Extension

1. Who We Are

Kansov is operated by Kansov Labs Private Limited, a company incorporated under the laws of India. Kansov is an AI-native product management platform designed for B2B SaaS product teams.

2. Information We Collect

2.1 Account Information

  • Name and email address
  • Password (stored as a bcrypt hash — we never store plain text passwords)
  • Organization/workspace name
  • Role within your workspace

2.2 Product Data

Data you create within Kansov: Insights, ideas, features, roadmap items, Thinking Partner conversations, Scratchpad notes, to-dos, Knowledge Hub content, customer records, and documents.

Your product data belongs to you. We do not use your product data to train AI models, sell to third parties, or for any purpose other than providing the Kansov service to you.

3. How We Use Your Information

  • Provide the Service — authenticate you, serve your workspace data, and maintain your account
  • AI features — with your configured API key, send relevant workspace data to your chosen AI provider to power AI features
  • Communications — send transactional emails (verification, password reset, invitations)
  • Product improvement — aggregate, anonymized usage data to understand which features are most valuable

4. AI Features and Your Data

Kansov uses a mixed model: a Kansov-managed default (Voyage AI) for embedding generation powering AI Discovery clustering, and BYOK (OpenAI or Google Gemini) for LLM features. AI Discovery is opt-in and requires workspace admin consent before any insight text is sent to Voyage AI. Voyage AI is contractually excluded from training on customer data and deletes inputs immediately after processing. We do not use your product data to train our own models. For BYOK providers, your data is sent under your own API key.

5. Data Storage and Security

All data is stored in Neon Postgres hosted in the US East region. Data at rest is encrypted. Sensitive credentials are encrypted with AES-256-GCM. TLS 1.2+ is used for all data in transit.

6. Cookies

Kansov uses one session cookie (connect.sid) to keep you signed in. This is a strictly necessary, HTTP-only, server-side session cookie. We do not use any advertising, tracking, or analytics cookies.

7. Third-Party Services and Sub-processors

Kansov-managed sub-processors: Voyage AI (embedding generation for AI Discovery — opt-in), Neon (database hosting), Resend (transactional email delivery). Customer-managed (BYOK): OpenAI and Google Gemini for LLM features when you configure your own API key. We do not use Google Analytics, Meta Pixel, or any advertising network within the application.

8. Data Retention

Your account and workspace data is retained for as long as your account is active. When you delete your account, your personal data is deleted within 30 days. Workspace data (Insights, Ideas, Features, etc.) is deleted when the workspace is deleted by the Owner.

9. Your Rights

  • Access your personal data and product data
  • Correct inaccurate personal information
  • Delete your account and associated data
  • Export your product data

GDPR, CCPA, and India's DPDP Act rights are all honored. Contact us at [email protected] to exercise any of these rights.

10. International Data Transfers

Kansov Labs Private Limited is based in India. Our primary database is hosted in the US East region. Appropriate safeguards including standard contractual clauses are used for international transfers.

11. Children's Privacy

Kansov is a B2B product management platform for professional use. We do not knowingly collect personal information from children under 16.

12. Changes to This Policy

For material changes, we will notify you by email at least 30 days before they take effect.

13. Contact Us

14. Kansov Quick Capture Browser Extension

Kansov Quick Capture is an optional Chrome / Edge browser extension that lets you save insights and todos from any webpage into your Kansov workspace. This section describes what the extension accesses, where data goes, and how to remove it. The extension is governed by the same Privacy Policy as the rest of the Service.

14.1 What the extension accesses

  • Page content you choose to capture — the text you select on a webpage (or type into the popup), the page's URL, and optionally its title. Nothing is captured automatically; the extension only reads page content when you trigger a capture from the right-click menu or the popup.
  • Workspace metadata — the product area, module, type (insight or todo), priority, and due date you assign to a capture.
  • Authentication tokens — OAuth 2.0 access and refresh tokens issued by your Kansov workspace after you authorize the extension.

14.2 Where data is stored

  • On your device: OAuth tokens are stored in chrome.storage.local, which the browser encrypts at rest. Captures that fail to send (e.g. you're offline) are queued in IndexedDB on your device until they sync.
  • On Kansov servers: successful captures are saved to your workspace database, governed by sections 5 (Data Storage), 8 (Data Retention), and 9 (Your Rights) above.

14.3 Where data is sent

Captures are sent over HTTPS only to your Kansov workspace at kansov.com (or your subdomain on *.kansov.com). The extension does not include third-party analytics, telemetry, advertising SDKs, or remote-code loading of any kind.

14.4 Browser permissions and why we ask for them

  • activeTab — read the URL and selected text on the current tab when you trigger a capture.
  • contextMenus — add the right-click "Capture as Insight" / "Capture as Todo" entries.
  • storage — store the workspace config you uploaded and the OAuth tokens locally.
  • identity — open the OAuth consent window so you can sign in to your Kansov workspace.
  • alarms — periodically retry sending queued captures when you regain connectivity.
  • Optional host permissions — only requested at runtime if your workspace uses a custom domain (e.g. pm.your-company.com CNAME'd to Kansov). When you upload a configuration whose API URL points to a host outside kansov.com, Chrome shows a one-time prompt naming that exact host. The extension never requests blanket access to all sites.

14.5 Removing the extension and your data

  • Uninstall the extension from chrome://extensions/. This deletes all locally stored tokens, config, and queued captures.
  • Revoke the extension's OAuth client from Settings → OAuth Clients in your Kansov workspace to invalidate any tokens it issued.
  • Captures already saved to your workspace remain there until you delete them in the app, or follow the workspace deletion process described in section 8.