Privacy Policy

Account information. When you create an account, we collect credentials such as your email address and password, or information received from a third-party authentication provider (such as name and email). Passwords are stored in hashed form — we never store them in plain text.

Profile information. We collect and store profile details you provide, including but not limited to your display name, email address, and avatar. During onboarding we may record attestations and consents, such as your confirmation that you meet our age requirement and your acceptance of these policies.

User-created content.We store the content you create, upload, organize, or store through the Service ("Your Content"). This includes but is not limited to text, structured data, metadata, configuration, and any other materials you submit.

Organization and collaboration data. If you create or join a workspace, we store information about your organization, your membership and role within it, invitations, and access permissions.

Payment information. If you subscribe to a paid plan, we collect billing-related information such as your name, billing address, and payment method details. Payment processing is handled by third-party providers — we do not directly store credit card numbers or financial account details.

Technical and usage data. We may automatically collect information such as IP addresses, browser type, operating system, referring URLs, access timestamps, feature usage patterns, and similar diagnostic or analytics data through server logs or similar technologies. We may also use third-party analytics services in the future.

We use the information we collect to:

• Provide, operate, maintain, and improve the Service.
• Authenticate your identity and maintain your session.
• Enforce eligibility and consent requirements.
• Display Your Content to you and, where applicable, to other authorized users.
• Process invitations, memberships, and collaboration features.
• Communicate with you about your account, the Service, or updates to our policies.
• Develop new products, features, and services, including through aggregation, de-identification, and analysis of usage patterns and content.
• Send you service-related notices, updates, and, where you have opted in, promotional communications. You may opt out of promotional emails at any time by using the unsubscribe link in the email or by contacting us.
• Comply with legal obligations and enforce our Terms of Service.

Within your organization.Content you create in a shared workspace may be visible to other members based on the access levels configured by you or your organization's administrators.

Service providers. We use third-party service providers for hosting, infrastructure, authentication, and other operational functions. Your data may be processed by these providers in accordance with their own privacy and security practices. Our current primary infrastructure provider is Supabase.

Aggregated, de-identified, and derived data. We may use, sell, license, or share data that has been aggregated, de-identified, or otherwise derived from Your Content or your use of the Service. Such data does not personally identify you. It may be used for any purpose, including but not limited to research, analytics, product development, training, and commercial distribution.

Business transfers. If Nankervis Digital LLC is involved in a merger, acquisition, sale of assets, reorganization, bankruptcy, or similar transaction, all information we hold — including Your Content, account data, and usage data — may be transferred to the acquiring or successor entity as part of that transaction. If such a transfer results in a materially different privacy policy applying to your data, we will notify you via email or a prominent notice on the Service.

Legal requirements. We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

With your consent. We may share your information in other circumstances with your explicit consent.

The Service uses cookies, local storage, and similar technologies to maintain your authenticated session and support functionality. These technologies are essential for the Service to operate.

Browser extensions or other client software may store authentication data locally on your device and transmit it to the Canonicly API to authenticate your requests. We do not use cookies for third-party advertising or behavioral profiling. We may use analytics cookies or similar technologies in the future to improve the Service.

We may offer browser extensions or other client software that interact with third-party platforms. These tools communicate with the Canonicly API and may require access to specific web pages to provide features such as vault search, inserting prompts into a page's composer, copying prompts from a toolbar interface, and saving text you choose from supported pages into your vault.

In-page integration.Scripts that attach to a web page to read or modify the host page (for example, vault search in the composer, insert, or save-from-chat) run only on the third-party sites and URL patterns declared for that purpose in the extension manifest for the version you install. The authoritative list of URL patterns for that build is whatever your browser and the extension's store listing (for example Chrome Web Store or Firefox Add-ons) show at install or update — they reflect the shipped manifest. We may add or remove supported sites in future releases. These scripts do not read your general browsing history outside those declared patterns.

Toolbar and extension UI.You may open the extension from the browser toolbar on any site to use features that run inside the extension's own interface — such as browsing your vault and copying prompts. On sites where we do not declare in-page access, those flows do not read or alter the underlying webpage; they still communicate with our infrastructure when you use them (for example, to load your vault).

Data from supported sites. On those declared sites, the extension runs in the page context and reads the host page's DOMusing the same kinds of APIs a normal script on the page would use (for example, query selectors and observers) to find the chat composer, detect slash commands, show overlays, and locate message blocks for save-to-vault. It reads text from those nodes when you use those features. That data is processed to operate the Service (for example, querying your organization's vault or storing content you explicitly save) and is transmitted to our infrastructure when you take those actions or when a feature you use requires a network request. We do not attempt to scrape entire pages in the background for unrelated purposes.

These tools are designed to:

• Transmit authentication signals and operational data needed to connect to your account and organization vault.
• Transmit text read from the DOM only as needed for the extension features you use on supported sites.

We implement reasonable technical and organizational measures to protect your information, including access controls, encryption in transit, hashed credentials, and secure storage practices. The specific measures we use may evolve as we improve the Service.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

We retain your information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or de-identify your personal information within a reasonable period, except where retention is required by law, necessary to resolve disputes, or needed for legitimate business purposes (such as maintaining backups).

Paid subscription termination. Upon termination of your subscription, all user data associated with the affected workspace may be permanently deleted after 30days, except where we are required by law to retain data. It is the User's sole responsibility to export all data prior to the end of the billing cycle. Nankervis Digital LLC shall not be liable for any loss of data resulting from the cancellation or termination of a subscription. See our Terms of Service for related contractual terms.

Aggregated, de-identified, or derived data may be retained indefinitely.

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your account and associated data (subject to retention requirements).
• Object to or restrict certain processing of your data.
• Request a portable copy of your data.

To exercise these rights, contact us at help@nankervisdigital.com. We will respond within a reasonable timeframe consistent with applicable law.

The Service is not intended for anyone under 18 years of age. We do not knowingly collect personal information from individuals under 18. If we learn that we have collected information from someone under 18, we will delete it promptly.

The Service is operated from the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States or other jurisdictions where our service providers operate. Data protection laws in these jurisdictions may differ from those in your location. By using the Service, you consent to this transfer.

The Service may contain links to third-party websites or services that we do not own or operate. We are not responsible for the privacy practices or content of those third parties. Your interaction with any third-party site or service is governed by that party's own terms and privacy policy. We encourage you to review their policies before providing any personal information.

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and similar laws, including the right to know what personal information we collect, request its deletion, and opt out of the sale of personal information. Note that we do not sell personal information that directly identifies you. We may share aggregated or de-identified data as described in Section 3.

To exercise your California privacy rights, contact us at help@nankervisdigital.com.

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page. If changes are material, we may require you to re-accept the updated policy through the Service before continuing to use it. Your continued use of the Service after notification or re-acceptance constitutes agreement to the revised policy.

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

Nankervis Digital LLC
help@nankervisdigital.com