kavieo
/00Privacy

Your data. Your buyers. Straight language.

Plain English first. Legal precision second. If anything below contradicts the spirit of 'we don't sell your data or your buyers' data', take the spirit.

Last updated · 24 April 2026

This policy describes how Kavieo collects, uses, stores, and shares personal information when you use our platform. It covers both creators using Kavieo to sell products and buyers purchasing from those creators.

1. Short version

  • We collect only what we need to run your business or deliver your purchase.
  • We do not sell your data. We do not sell your buyers' data.
  • We do not read your private community messages or emails for training.
  • Payment information is handled by our payment processor — we never see card numbers.
  • You can export or delete everything at any time, in one click.

2. Who runs Kavieo

Kavieo is operated by the entity behind the domain kavieo.com. Our contact email is contact@kavieo.com. Any questions about this policy, data requests, or suspected security issues should go there — a human replies.

3. What we collect

From creators (sellers)

  • Account information: name, email, password hash, brand settings.
  • Business information: payment account identifiers, tax details where required.
  • Product information: whatever you upload and publish.
  • Usage telemetry: pages viewed in your dashboard, features used, errors hit.

From buyers

  • Purchase information: email, name (if provided), order details, receipt address.
  • Delivery information: community handle, course progress, download timestamps.
  • Payment information: handled entirely by the processor; we store only a payment reference.

4. What we use it for

  • Operating your account and delivering purchases to your buyers.
  • Sending transactional email (purchase confirmations, password resets, etc.).
  • Fraud prevention, rate-limiting, and platform abuse detection.
  • Analytics in aggregate — never tied to named buyers, never sold.
  • Improving the product based on feature usage patterns.

5. What we never do

  • We do not sell personal data to third parties. Ever.
  • We do not rent your buyer list. Your list is yours.
  • We do not train AI models on your private community or email content.
  • We do not serve third-party ad trackers on your buyer pages.

6. Who we share data with

We share only with providers strictly necessary to operate Kavieo:

  • Database and authentication: Supabase.
  • Hosting and delivery: Vercel.
  • Payment processing: Razorpay and equivalent regional processors.
  • Transactional email: the SMTP provider operating our sending domain.
  • AI model inference: the relevant model provider (for AI-written copy only).

Each of these is contractually bound to handle your data under their published privacy terms and our own processing agreements. We audit this list and publish changes here.

7. Security

Row-level security is enforced on every data table — meaning a creator can only access their own rows, and a buyer can only access their own purchases. Payment secrets supplied by creators are encrypted at rest with authenticated encryption and only decrypted inside the payment code path. Administrative endpoints are protected by timing-safe token comparison and short-window IP lockouts. If you discover a vulnerability, write to contact@kavieo.com.

8. Your rights

  • Access: ask for a copy of what we hold about you.
  • Correction: correct anything that is wrong.
  • Deletion: erase your account and associated data.
  • Portability: export everything in a clean format (CSV + JSON).
  • Objection: stop specific uses of your data where the law permits.

To exercise any right, write to contact@kavieo.com. We respond within 30 days, usually within 48 hours.

9. Data retention

Active accounts: data retained for as long as the account is active. Closed accounts: data deleted within 90 days, except where retention is legally required (e.g. tax records). Backups are encrypted and rotated; deletion propagates to backups within 35 days.

10. International transfers

Kavieo serves creators and buyers worldwide. Data may be processed in regions where our providers operate. Where legally required, we rely on approved transfer mechanisms (e.g. Standard Contractual Clauses). Our core database is hosted in the region closest to the majority of our active creators.

11. Children

Kavieo is not intended for users under 16. We do not knowingly collect data from children. If you believe a child has registered, write to us and we will delete the account.

12. Changes to this policy

We will update this page when material practices change. You will be notified by email at least 30 days before any change that narrows your rights or broadens our processing. Clarifications and typo fixes are reflected in the "last updated" date at the top.