Privacy

This Privacy Policy is issued by Kapis AI Tech Private Limited (CIN: U62011MH2026PTC471327), a company incorporated under the Indian Companies Act 2013, having its registered office at Flat No. 601, Floor 6, Yasmin Heritage, Vile Parle (West), Mumbai – 400 056, Maharashtra, India (“Kapis”, “we”, “us”, “our”). We operate the Brand Brain platform at kbie.ai.

For the purposes of India’s Digital Personal Data Protection Act 2023 (“DPDP Act”) we act as a Data Fiduciary. For the European Economic Area, we act as a Data Controller under the GDPR. For purposes of the Meta Platform Terms, we are a Tech Provider that processes Meta Platform data on behalf of the businesses that connect their Meta assets to kbie.

Contact: ops@kbie.ai · +91 98202 02936 · or via our Contact page.

• Account information. Name, work email address, optional company name and role, and the brand URLs you onboard.
• Brand data. Public website crawl content, brand decks (PDFs) you upload, social handles you declare, and the Brand Brain artefacts we generate from them.
• Usage logs. API request metadata, page views, feature interactions, error reports. Used to keep the service reliable and to improve UX.
• Billing information. When checkout ships, payment is collected by our processors (Stripe and Cashfree). We never store full card or bank-account numbers · only the redacted last-four and a processor token.

• To deliver the Brand Brain product you signed up for.
• To bill you accurately and produce invoices for your finance team.
• To run security, fraud detection, and abuse prevention.
• To meet our compliance obligations (DPDP, GDPR, ASCI advertising disclosure where applicable).
• To improve the product · aggregate, de-identified analytics only. Your brand content is never used to train any model outside your account without explicit written consent.

When you connect a Google service to kbie, we request a limited set of read-only or scope-limited Google API permissions (“scopes”). This section describes exactly what we access and how we use it. Connecting any Google service is optional — kbie functions without it, but the connected scopes unlock specific Brand Brain and AEO features.

• Google Analytics (analytics.readonly). Read-only access to aggregate GA4 metrics (sessions, users, page views, conversions, revenue, engagement) and property metadata (property ID, name, time zone), so your Brand Brain can see how your content and campaigns perform. We do not access user-level data, individual identifiers, demographics, or real-time data, and we never write to your Analytics account.
• Email (userinfo.email) & profile (userinfo.profile). The connected Google account’s email and display name, used only to label the connection inside kbie (e.g. “Connected as Jane Doe · jane@brandco.com”) so you don’t connect the wrong account.

Additional Google scopes (Search Console, Google Sheets, and a Drive file selector) may be requested as you enable more connectors; each such request will appear here and on the Google OAuth consent screen at the time you connect that service.

Data received from Google APIs is stored encrypted, protected by row-level security so only your workspace can read it, and shown to you in kbie’s Brain Analytics view. It is used solely to operate the features you connected it for. We do not use Google user data for advertising, we do not use it to train any AI or machine-learning model, we do not sell it, and we do not share or transfer it to third parties except as strictly required to operate the service or by law.

Limited Use.kbie’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

You can disconnect a Google connection at any time from kbie’s Connectors page; this immediately revokes our access tokens and stops all further syncing. To delete data already pulled, see §6 (Data Deletion) below.

When the businesses that use kbie connect their Meta assets — Facebook Pages, Instagram Business Accounts, Meta Ads accounts, or Meta Business Portfolios — we request a specific set of Meta Platform API permissions to deliver the features the connecting business has explicitly enabled. Connecting any Meta asset is optional. kbie acts as a Tech Provider under Meta’s Platform Terms: we process Meta data on behalf of the connecting business, never for our own marketing, advertising, or model training.

5.1 · What we request and why

• pages_show_list and pages_manage_posts (Facebook Pages). Enumerate the Pages the connecting user manages, so they can pick which Page kbie should publish brand-approved content to; and publish only content the user has reviewed and explicitly approved inside the kbie product. We never auto-publish, never modify Page settings, and never delete or edit historical content the user did not author through kbie.
• instagram_basic and instagram_content_publish (Instagram). Read the connecting Instagram Business Account’s profile information so kbie can label the connection correctly; and publish only content the user has reviewed and explicitly approved inside the kbie product. Same rules as Pages: no auto-publish, no settings changes, no edits to user-authored content.
• ads_read and ads_management (Meta Ads). Read ad-account metadata, ad-set structure, creative-asset metadata, and aggregate performance signals so kbie’s Compliance Pulse can audit ad creatives against applicable advertising standards (e.g., ASCI in India) before publish, and so kbie’s brand-AI can correlate brand outputs with paid-media performance. ads_management is used only to pause or flag specific ad creatives that fail a compliance check the user has configured — and always after presenting the user with the proposed action for review. We never spend ad budget, never modify targeting, and never create new campaigns on the user’s behalf without explicit in-product confirmation.
• business_management (Meta Business Portfolio). Read the business portfolio structure so kbie can present the connecting user with a clear picture of which Pages, Instagram accounts, and ad accounts belong to which Business Portfolio when they select assets to connect. Read-only.
• public_profile and email. The connecting user’s email and display name, used only to label the connection inside kbie so the user doesn’t connect the wrong account.

5.2 · How Meta data is used inside kbie

Meta Platform data is used solely to operate the features the connecting user has enabled. Specifically, it is stored encrypted at rest in our database (Supabase, Mumbai region for India-served accounts), protected by row-level security so only the connecting workspace can read its own Meta-derived data; it is never used to train any AI or machine-learning model — including our own; it is never used for our own advertising, marketing, or analytics; it is never sold, never shared with data brokers, and never combined with non-Meta data in ways the user did not consent to during connection; and it is never disclosed to third parties except (a) the sub-processors listed in §7 below, each bound by a data-processing agreement consistent with this Policy and with Meta Platform Terms, or (b) where required by law.

5.3 · Storage duration and deletion

• Active connections.Meta data is refreshed on a daily cycle (or on-demand) and retained for the duration the user’s Meta connection remains active in kbie.
• Disconnection.When the user disconnects their Meta account from kbie’s Connectors page, all cached Meta data for that connection is deleted from our active database within 24 hours and from our backups within 30 days.
• Account deletion. When the user deletes their kbie account, all Meta-derived data is deleted from our active database within 30 days and from backups within 90 days, except where law requires longer retention (e.g., aggregate compliance-audit logs may be retained in pseudonymised form for tax and audit purposes).
• Meta-side data deletion request. If you delete your data on Meta’s side via Meta Business Manager or any Meta product, we honour any corresponding deletion request received via Meta’s Data Deletion Callback (where configured). Independently, you can request deletion via §6 below at any time.

5.4 · Meta Platform Terms

kbie’s access to, use of, and storage of information from Meta Platforms adheres to the Meta Platform Terms and the Meta Developer Policies. We are a Tech Provider under those terms.

5.5 · Your control

• Inside kbie:the Connectors page → Disconnect → confirms revocation.
• Inside Meta:Meta Business Manager → Business Settings → Integrations → kbie → Remove. This revokes our access tokens and we immediately stop receiving new Meta data.

To delete Meta-derived data already pulled by kbie, see §6 below.

You have an unconditional right to request deletion of all personal data and connected-platform data (Google, Meta, and any future third-party integrations) we hold about you or your workspace.

6.1 · How to request deletion

• Self-service (in product): Account Settings → Delete Account → confirmation. This triggers immediate disconnection from all third-party integrations and queues account-data deletion.
• Email: Send a request to ops@kbie.ai with the subject line DATA REQUEST. Include the email associated with your kbie account and (if applicable) the Meta or Google account whose data you want deleted from kbie. We will reply within 7 days to confirm receipt and complete deletion within 30 days.
• Postal:Kapis AI Tech Private Limited, Attn: Data Protection, Flat No. 601, Floor 6, Yasmin Heritage, Vile Parle (West), Mumbai – 400 056, Maharashtra, India.

6.2 · What gets deleted

• All account information (email, name, workspace settings).
• All brand-data artefacts you uploaded or generated.
• All connected-platform tokens and cached data (Google, Meta).
• All compliance-audit run results tied to your workspace.

6.3 · What may be retained (legal exception)

• Tax and accounting recordsfor 8 years under Indian law (invoices, receipts) — pseudonymised where possible.
• Aggregate, de-identified usage statistics that cannot be re-identified.
• Security and abuse-prevention logs for 12 months, where required to defend against fraud or abuse.

Everything else: gone within 30 days from active systems and within 90 days from backups.

6.4 · Meta-specific deletion

We honour any Meta Data Deletion Callback configured on our Meta App, ensuring that data deletion requests originating from Meta are processed within 24 hours of receipt. You may also revoke kbie’s Meta access directly from Meta Business Manager at any time, which will trigger our deletion process for that connection.

We use the following sub-processors to deliver the service. Each is bound by a data-processing agreement consistent with this policy.

• Vercel · application hosting · global edge with EU+US regions
• Supabase · database + auth · ap-south-1 (Mumbai) primary
• Cloudflare · CDN, R2 object storage (APAC), Workers
• Anthropic · LLM inference · production runtime
• OpenAI · LLM inference · production runtime
• Google AI · LLM inference · adapter previews
• Sentry · error tracking · EU region
• Stripe · payment processing (USD · EUR · GBP) · ships with checkout
• Cashfree · payment processing (INR · UPI) · ships with checkout
• Resend · transactional email · ships with first paid invite
• Meta Platforms · Facebook + Instagram + Ads APIs · for the connectors users authorize

Primary database storage is in Mumbai (ap-south-1) for India-served brands. Object storage (decks, assets) lives in Cloudflare R2 APAC. LLM inference may transit regions belonging to our model providers (US, EU). For EEA customers we honour Standard Contractual Clauses for any cross-border transfer.

You can access, correct, export, or delete your personal data and your brand artefacts at any time. Email ops@kbie.ai with the subject line DATA REQUEST and we will respond within 30 days. India residents have rights under the DPDP Act 2023 (see our DPDP page); EEA residents have rights under the GDPR; UK residents have rights under UK GDPR. See §6 for the data-deletion process.

We use only essential cookies (auth session, CSRF, theme preference). We do not run third-party advertising trackers. We do not sell your data. Analytics are first-party and anonymised.

We retain your account and brand data for as long as your account is active. On deletion request, account data is deleted within 30 days and removed from backups within 90 days, except where law requires longer retention (e.g., tax records · 8 years under Indian law).

Kapis is a B2B service for brand operators. We do not knowingly collect data from anyone under 18 in India or under 16 in the EEA. If you believe we hold such data, contact ops@kbie.ai and we will delete it.

Material changes will be announced via email to registered accounts at least 14 days before they take effect. The current version always lives at this URL, with a “Last updated” date at the top.

Questions, complaints, or requests: ops@kbie.ai. For grievance redressal under DPDP, see our DPDP compliance page.