Privacy Policy

Knockt (“we,” “us,” or “our”) operates the field-sales and commission-tracking platform at knockt.app. This Privacy Policy explains how we collect, use, and share information about you when you use our Service.

If you have questions, contact us at support@knockt.app.

Information you provide:

• Account data — name, email address, password (hashed), company name when you sign up
• Workspace data — rep names and identifiers, sale records, commission rules, team structures, and any other data you upload
• Billing data — payment method details are collected and stored by Stripe; we store only a payment reference and subscription status
• Communications — emails, support requests, and feedback you send us

Information collected automatically:

• Usage data — pages visited, features used, timestamps, browser type, and IP address via our hosting provider (Vercel)
• Authentication cookies — session tokens required for you to stay logged in (strictly necessary)
• Server logs — retained for security and debugging purposes

• Provide, operate, and maintain the Service — including calculating commissions and displaying dashboards
• Process payments and manage subscriptions
• Send transactional emails (account verification, password reset, invoices) via Resend
• Respond to support requests and communicate about the Service
• Detect and prevent fraud, abuse, and security incidents
• Analyze aggregate usage to improve the Service (no individual profiling for advertising)
• Comply with legal obligations

We do not sell your personal data to third parties or use it for targeted advertising.

We share data only with the following sub-processors, each under data processing agreements, to operate the Service:

We may disclose information to law enforcement or government authorities when required by law.

We use strictly necessary cookies to keep you signed in. These are session tokens set by Supabase’s authentication system. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Because we use only strictly necessary cookies, a consent banner is provided for transparency but not legally required for our current cookie use.

We retain your account data for as long as your workspace is active. If you delete your account or workspace, we delete your data within 30 days, except where we are required to retain it by law (e.g., billing records for tax purposes, which we retain for 7 years).

Server and security logs are retained for 90 days.

All users:

• Access and download your data from the Settings page
• Correct inaccurate account information
• Delete your account and associated data

EU / EEA users (GDPR): You have rights to access, rectify, erase, restrict processing of, and port your personal data. You may also object to processing. To exercise these rights, email support@knockt.app. We respond within 30 days. You may also lodge a complaint with your local supervisory authority.

California residents (CCPA): You have the right to know what personal information we collect about you, to delete it, and to opt out of sale (we do not sell personal information). To exercise these rights, email us. We will not discriminate against you for exercising CCPA rights.

Legal basis (GDPR). We process personal data under the following bases: (a) performance of a contract (providing the Service to you); (b) legitimate interests (security, fraud prevention, product improvement); (c) legal obligation; and (d) your consent where required.

We implement technical and organizational measures to protect your data, including encrypted connections (TLS), encrypted data at rest, row-level security in the database, and access controls limiting who can reach production systems. No security measure is perfect; we cannot guarantee absolute security.

In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

Our service providers are primarily based in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US. For EU/EEA users, transfers are covered by Standard Contractual Clauses with our sub-processors.

The Service is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

We may update this Privacy Policy from time to time. We will notify you by email or prominent in-app notice of material changes at least 14 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance.

For privacy questions, data access requests, or complaints: support@knockt.app