Privacy Policy

Last updated: May 24, 2026  ·  Effective: May 24, 2026

1. Introduction

knobby.io ("we," "us," or "knobby.io") provides knobby.io (the "Service"). This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information in connection with the Service, our website at https://knobby.io, and related interactions with us.

This Policy applies when we act as a controller of personal information — typically for visitors to our website, individuals who contact us, and the administrators and authorized users of customer accounts. Where we process personal information on behalf of a business customer as a processor, that customer is the controller and its privacy policies and instructions govern our processing.

The Service is intended for business users. We do not knowingly collect personal information from children under 18.

2. Information We Collect

We collect information you provide to us, information we collect automatically, and information from third parties.

Information you provide.

• Account and profile information — name, email, employer, role, profile photo, time zone, language, and similar information you provide when creating or updating an account.
• Authentication information — credentials and authentication signals exchanged with our identity provider, including email address, identity provider subject identifier, and federated identity links.
• Billing information — billing contact, billing address, tax identifiers, and payment-method details that you provide through our payment processor. We do not store full payment card numbers on our servers.
• Customer content — files, configurations, data, and other materials you submit to the Service. We treat customer content as confidential and process it according to your instructions and our Terms of Service.
• Communications — information you provide when you contact us for support, sales, or other purposes, including the content of your messages.
• Survey and feedback responses.

Information we collect automatically.

• Usage and device information — log data including IP address, device and browser type, operating system, language, referring and exit pages, pages viewed, features used, click and scroll activity, and timestamps.
• Cookies and similar technologies — used to operate the Service, remember preferences, authenticate users, measure performance, and analyze usage. See §10.
• Security and audit signals — login events, MFA events, failed authentication attempts, and other security-relevant signals.

Information from third parties.

• Identity providers — when you sign in via a third-party identity provider, we receive the identity attributes that provider sends based on your authorization. See §3 for our specific use of Google data.
• Service providers — billing, support, analytics, and infrastructure providers may share information in the course of supporting the Service.
• Publicly available sources — we may receive information about you from publicly available business directories when relevant to sales or account management.

3. Use of Google User Data

This section describes specifically how the Service handles user data obtained from Google APIs and Google sign-in, in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

What we receive from Google. When you sign in to the Service using your Google account, we receive only the information you authorize Google to share with us at sign-in. By default this includes your Google account email address, whether that email is verified, your basic profile information (name and profile picture if available), and a stable unique identifier for your Google account. We do not request additional Google API scopes unless we explicitly tell you so at the point of consent.

How we use Google user data. We use Google user data solely to:

• authenticate you and establish a session with the Service;
• create and maintain your account record;
• populate your profile with the email and basic profile information you authorized;
• communicate with you about the Service via the email address you authorized;
• provide and maintain user-facing features that you explicitly request and that require this data; and
• detect, prevent, and respond to security incidents, fraud, and abuse.

Limited Use commitments. Consistent with the Google API Services User Data Policy:

• We do not use Google user data for serving advertisements, including retargeting, personalized advertising, or interest-based advertising.
• We do not sell Google user data.
• We do not transfer Google user data to third parties except as necessary to provide or improve the user-facing features that you explicitly requested; to comply with applicable law or as part of a merger, acquisition, or sale of assets with notice to users; or for security purposes (for example, to investigate abuse).
• Humans do not read Google user data unless we have your affirmative agreement for specific messages; doing so is necessary for security purposes (such as investigating abuse); to comply with applicable law; or for the data is aggregated and used for internal operations in accordance with applicable privacy and other legal obligations.
• We do not use Google user data to develop, improve, or train generalized or non-personalized artificial intelligence or machine learning models.

Storage and retention. Google user data is stored in our application database alongside your account record. It is retained as described in §7 (Data Retention).

Revoking access. You can revoke our application's access to your Google account at any time at https://myaccount.google.com/permissions. Revoking access will prevent further sign-in via Google but does not by itself delete your account or data on our side; to delete your account, contact privacy@knobby.io or use the in-product account deletion controls where available.

4. How We Use Information

We use personal information to:

• Provide and operate the Service — including authenticating users, processing your inputs, fulfilling requests, providing customer support, and enabling integrations you choose.
• Maintain and improve the Service — including monitoring performance, debugging, analytics on aggregated or de-identified usage, conducting research, and developing new features.
• Secure the Service — including detecting, investigating, and preventing fraud, abuse, security incidents, and other harmful activity.
• Communicate with you — service announcements, security alerts, billing notices, support responses, and, with your consent or where permitted, marketing.
• Comply with law — including responding to lawful requests, enforcing our Terms, and protecting our rights and the rights of others.
• Business transactions — including evaluating, negotiating, and completing mergers, acquisitions, financings, reorganizations, or sales of assets.

When we use AI features as part of the Service, we may process your inputs and the resulting outputs to provide the requested functionality, maintain quality and safety, and improve our prompts and scaffolding. We do not use customer content or Google user data to train foundation models maintained by third-party AI providers.

5. Legal Bases (EEA, UK, and Comparable Jurisdictions)

Where the EU GDPR, the UK GDPR, or comparable laws apply, we rely on the following legal bases:

• Performance of a contract — to provide the Service, administer accounts, and process payments.
• Legitimate interests — to operate, secure, and improve the Service, communicate with you about the Service, prevent fraud, and conduct ordinary business activities, where these interests are not overridden by your data protection interests.
• Compliance with legal obligations — including tax, accounting, anti-fraud, and law enforcement obligations.
• Consent — where required (for example, certain marketing communications and non-essential cookies). You may withdraw consent at any time without affecting prior lawful processing.

6. How We Share Information

We do not sell personal information. We share personal information only as described below.

• Service providers — vendors that provide hosting, identity, database, payment, email, analytics, customer support, AI inference, security, and similar services, under contractual confidentiality and data protection obligations.
• Within your organization — administrators and authorized users of your organization's account may see information about other users within that account.
• Third parties at your direction — when you enable integrations or otherwise direct us to share information.
• Legal and safety — when we believe in good faith that disclosure is necessary to comply with law, legal process, or government requests; to enforce our agreements; to protect the security, rights, property, or safety of knobby.io, our users, or others; or to prevent or address fraud, security, or technical issues.
• Business transfers — in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business or assets. We will require the recipient to honor commitments materially consistent with this Policy.
• With your consent — for any purpose disclosed to you and consented to by you.

7. International Data Transfers

We are based in the United States and process information in the United States and in other countries where our service providers operate. Data protection laws in these countries may differ from those in your country.

Where we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to a country not recognized as providing an adequate level of protection, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or other lawful transfer mechanisms. You may request a copy of the safeguards in place by contacting privacy@knobby.io.

8. Data Retention

We retain personal information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.

• Account data — retained while your account is active and for a reasonable period thereafter for legal, accounting, and operational purposes.
• Customer content — retained according to your subscription and account settings. After termination, customer content is generally deleted within 30 to 90 days, except where retention is required by law or to resolve disputes.
• Security logs and audit data — typically 12 to 24 months.
• Billing and tax records — for the period required by applicable tax and accounting laws, typically seven years.

We may retain de-identified or aggregated data indefinitely.

9. Your Rights and Choices

Depending on where you live, you may have rights to access, correct, delete, restrict, object to processing of, port, or otherwise control personal information about you that we hold as a controller. You may also have the right to withdraw consent where processing is based on consent, and to lodge a complaint with a supervisory authority.

For residents of California and certain other U.S. states with comprehensive privacy laws, you may also have rights to know the categories of personal information collected, to correct, to delete, to opt out of "sales" or "sharing" of personal information (we do not sell or share), to limit use of "sensitive personal information," and to not be discriminated against for exercising these rights.

To exercise any of these rights, contact us at privacy@knobby.io. We will respond within the time required by applicable law. We may need to verify your identity before responding, and we may decline requests in whole or in part where permitted by law.

If you are an end user of a customer's account, please direct privacy requests to that customer in the first instance. We will support customers in responding.

10. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include encryption in transit and at rest where appropriate, access controls, monitoring, and personnel training.

No method of transmission or storage is completely secure. We cannot guarantee absolute security, and you use the Service at your own risk. If you have reason to believe your account or any information has been compromised, contact us immediately at support@knobby.io.

11. Cookies and Tracking

We use cookies and similar technologies for purposes including strictly necessary functionality (authentication, sessions), preferences, analytics, and security.

Most browsers allow you to control cookies through their settings. Where required by law, we present a cookie banner allowing you to manage non-essential cookies. Disabling certain cookies may affect Service functionality. We do not respond to "Do Not Track" signals because no industry standard for them has been adopted.

12. Marketing Communications

We may send promotional communications about the Service to administrators and individuals who have requested them or who have an existing business relationship with us, subject to applicable law. You can opt out at any time using the unsubscribe link in the message or by contacting privacy@knobby.io. Transactional and service-related communications are not marketing.

13. Children

The Service is not directed to children under 18, and we do not knowingly collect personal information from children. If you believe we have collected personal information from a child, contact privacy@knobby.io and we will take appropriate steps to delete it.

14. Third-Party Services

The Service may link to or integrate with third-party services. Those services are operated by third parties, are not controlled by us, and are subject to their own privacy policies. We are not responsible for the privacy practices of third parties.

15. Changes to This Policy

We may update this Policy from time to time. If we make material changes we will provide reasonable notice — for example, by email, in-product notice, or by posting the updated Policy with a new "Last updated" date — before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

16. Contact Us

Questions, requests, or complaints regarding this Policy or our privacy practices can be sent to: