Privacy Policy

Last updated: 1/11/2026

1. Introduction

Welcome to Knotic ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Username, email address (if using Google OAuth), profile picture
  • Profile Data: Years of experience, industry focus, background/skills, budget constraints, time commitment, unfair advantages
  • Chat Data: All messages and conversations with our AI assistant
  • Authentication Data: Password (securely hashed with bcrypt) or Google OAuth credentials

2.2 Automatically Collected Information

  • Cookies: We use HTTPOnly, secure cookies for authentication and session management
  • Usage Data: Information about how you interact with our service
  • Technical Data: Browser type, IP address, access times, and referring URLs

3. How We Use Your Information

We use your information for the following purposes:

  • To provide and maintain our service
  • To personalize your experience with AI-generated recommendations based on your profile
  • To authenticate your account and manage user sessions
  • To respond to your inquiries and provide customer support
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations

4. Third-Party Services

We use the following third-party services that may collect and process your data:

4.1 Tavily API

We use Tavily for web search functionality to aggregate publicly available problem data from various platforms. Your search queries may be processed by Tavily's servers.

4.2 Groq API

Your chat messages and profile data are sent to Groq's AI service to generate personalized recommendations. Groq processes this data to provide AI responses.

4.3 Upstash Redis

All user data, profiles, and chat histories are stored in Upstash's cloud database service.

4.4 Google OAuth

If you choose to sign in with Google, we receive your Google profile information (name, email, profile picture) in accordance with Google's privacy policies.

Note: We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party services. We encourage you to review their privacy policies.

5. Web Scraping and Data Aggregation

Our service aggregates publicly available data from various platforms including G2, Capterra, TrustPilot, Hacker News, Indie Hackers, Product Hunt, Quora, Stack Overflow, GitHub, Medium, YouTube, and BBB through the Tavily search API. We do not scrape these platforms directly. All content remains publicly available and we provide proper attribution and source links.

Stack Overflow Attribution: Content from Stack Overflow is licensed under CC BY-SA and we provide proper attribution with source URLs when referencing such content.

6. Cookies and Tracking Technologies

We use cookies for:

  • Authentication: HTTPOnly, secure cookies to manage your login session
  • Security: Cookies are set with SameSite=Lax to prevent CSRF attacks
  • Persistence: Cookies expire after 7 days of inactivity

You can control cookies through your browser settings, but disabling cookies may affect your ability to use our service.

7. Data Security

We implement appropriate security measures to protect your personal information:

  • Passwords are hashed using bcrypt with salt rounds
  • HTTPOnly and Secure cookies prevent client-side access and transmission over insecure connections
  • Data is stored in encrypted cloud databases (Upstash Redis)
  • HTTPS encryption for all data transmission

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. You can delete your account and all associated data at any time through your account settings.

  • Account Data: Retained until you delete your account
  • Chat History: Retained until you delete individual chats or your account
  • Cookies: Expire after 7 days or when you log out

9. Your Privacy Rights

9.1 GDPR Rights (EU Users)

If you are a resident of the European Economic Area (EEA), you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing of your personal data
  • Right to Restriction: Request restriction of processing

9.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights:

  • Right to Know: Request disclosure of personal information collected
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell your data)
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights

9.3 How to Exercise Your Rights

To exercise any of these rights:

  • Export Your Data: Visit /api/user/export to download all your data
  • Delete Your Account: Use the account deletion endpoint to permanently delete all your data
  • Update Your Profile: Edit your profile information at any time through your account settings

10. Children's Privacy

Our service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.

11. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. By using our service, you consent to this transfer.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

  • Email: [Your contact email]
  • GitHub: [Your GitHub repository]

Summary of Key Points

  • We collect account, profile, and chat data to provide personalized AI recommendations
  • We use third-party services (Tavily, Groq, Upstash, Google) that process your data
  • We aggregate publicly available data from various platforms via Tavily API
  • We use secure HTTPOnly cookies for authentication
  • Passwords are hashed with bcrypt for security
  • You can export or delete all your data at any time
  • We comply with GDPR and CCPA privacy regulations
  • We do not sell your personal information
← Back to Home