Privacy Policy.

Kixik Technologies LLC. Texas-based. Reachable at kix@kixik.tech.

From the Operator (you):

• ◆Account information: name, email, business name, business website, business one-liner.
• ◆Onboarding data: founder interview transcript, customer review URLs and uploaded files (NPS verbatims, complaint logs), team description, transactional summary (if provided), partners/vendors list.
• ◆Activity data: Simulations submitted, Verdicts read, Twin Movements acknowledged, Mirror Reviews held.
• ◆Billing data: payment method (handled by Stripe; we never see card numbers), billing history.

Automatically:

• ◆Login timestamps, IP addresses, browser/device metadata.
• ◆Page views and click events on kixik.com (via Plausible, privacy-respecting analytics — no cookies).
• ◆Error logs (via Sentry).

• ◆We use your onboarding and activity data to build and maintain your Twin.
• ◆We use your activity data to operate the service (deliver Verdicts, send emails, process billing).
• ◆We use your billing data to charge you and issue refunds.
• ◆We use error logs to keep the service working.
• ◆We do not sell your data.
• ◆We do not share your data with marketers, ad networks, data brokers, or any third party that is not a sub-processor.
• ◆We do not use your data to seed, train, or condition any other Operator's Twin.

We rely on these companies to operate the service:

• ◆Supabase — database, authentication, storage. (Hosted in the US.)
• ◆Stripe — payment processing.
• ◆Resend — transactional email delivery.
• ◆Cloudflare — CDN, DNS, DDoS protection.
• ◆The Kixik simulation backend host (currently Fly.io / AWS) — runs the agent simulation pipeline in a single-tenant configuration per Operator.
• ◆Sentry — error monitoring.
• ◆Plausible — privacy-respecting marketing analytics on kixik.com (no personally identifying data).

Each sub-processor has a published privacy commitment compatible with this policy. The full list is at kixik.com/sub-processors.

• ◆Active Operators: all data retained for the duration of the subscription.
• ◆Canceled Operators: Twin sealed within 24 hours of cycle end. Data retained for 12 months for read-only access, then permanently deleted.
• ◆Hard-delete on request: during cancellation, you can request immediate hard-delete. We execute within 24 hours.
• ◆Audit logs: retained for 7 years for compliance.

You have the right to:

• ◆Access your data — request a full export at any time.
• ◆Correct your data — update via the Operator app or email us.
• ◆Delete your data — by canceling and requesting hard-delete.
• ◆Export your data — full ZIP of all your records, delivered within 7 business days.
• ◆Opt out of non-critical email — via Settings → Notifications.

To exercise any right: kix@kixik.tech.

• ◆Encryption at rest (Supabase-managed) and in transit (TLS 1.3).
• ◆2FA required for all admin staff with access to Operator data.
• ◆Daily automated backups with quarterly tested restore.
• ◆All admin actions are audit-logged.
• ◆Sub-processor security reviewed annually.

Operator data is processed and stored in the United States. We do not transfer Operator data outside the US at v1. (HIPAA-covered industries are out of scope at v1.)

Kixik is not directed to children under 18. We do not knowingly collect data from anyone under 18.

We may update this Privacy Policy. Material changes are notified by email at least 30 days in advance.