Privacy Policy

Konomic is built around a simple promise: your files and personal data are yours, not ours. This policy explains exactly what we collect, why, and how we protect it.

1. Who we are

Konomic is a privacy-focused online PDF toolkit operated from the European Union. The data controller for the purposes of GDPR is Konomic. For privacy questions, contact privacy@konomic.io.

2. Data we collect

Account data (only if you sign up)

Email address — required to create an account and for password resets
Password — stored as a bcrypt hash, never in plain text
Display name — optional
Subscription status — current plan and billing period

Usage data

Operation counters — daily counts per tool to enforce tier limits
File metadata — file size, format, and processing time (NOT file content)
IP address — for rate limiting and abuse prevention, deleted after 30 days
Browser user agent — to render the appropriate UI

File content (transient)

The PDF or document you upload, processed and deleted within 1 hour
The result file, available for download for 1 hour

Payment data

Processed entirely by Stripe — we never see or store credit card numbers
Stripe customer ID stored to link your account to your subscription
Invoice records (date, amount, currency) for tax compliance

3. What we DON'T collect

❌ Content of your files (we process and delete, not analyze)
❌ Files for AI model training (yours or anyone's)
❌ Browser history outside konomic.io
❌ Location data beyond rough country from IP for compliance
❌ Cookies from third-party trackers (no Google Analytics, no Facebook Pixel)
❌ Contacts, calendar, or other device data

4. Why we collect data

To deliver the service — process your files and return results
Account management — let you sign in, see history, manage subscription
Billing — process payments and prevent fraud (via Stripe)
Abuse prevention — rate limiting and security monitoring
Service improvement — aggregated, anonymized usage stats only
Legal compliance — tax records, court orders we're legally required to comply with

5. Legal basis (GDPR Article 6)

Contract — to deliver the service you signed up for
Legitimate interest — abuse prevention, security monitoring
Legal obligation — tax records, regulatory compliance
Consent — for optional features like email newsletters (revocable anytime)

6. How long we keep data

File content — 1 hour, then permanently deleted
IP addresses — 30 days, then deleted
Account data — until you delete your account
Invoice records — 7 years (legal requirement)
Backups — encrypted, retained 7 days, EU-stored

7. Who we share data with

We share data only with vetted processors required to deliver the service:

Stripe (payments) — credit card processing, located in EU and US
Resend (transactional email) — password resets, sign request emails
Groq (AI inference) — only when you explicitly use AI features; content discarded immediately
Hosting provider — German VPS provider for our infrastructure

We have Data Processing Agreements (DPAs) with all processors. We never sell or share data with advertisers, data brokers, or marketing companies.

8. International transfers

Our servers are in the EU. Stripe processes payments in EU and US under Standard Contractual Clauses (SCCs). We are not subject to the US CLOUD Act because Konomic is a European company without US infrastructure.

9. Your rights (GDPR)

You have the right to:

Access — request a copy of your personal data
Rectification — correct inaccurate data
Erasure — delete your account and data (the "right to be forgotten")
Restriction — limit how we process your data
Portability — export your data in a machine-readable format
Objection — object to processing based on legitimate interest
Withdraw consent — for any consent-based processing
Lodge a complaint — with your local data protection authority

To exercise any right, email privacy@konomic.io. We respond within 30 days.

10. Cookies

We use only essential cookies (authentication session, language preference). We do NOT use tracking cookies, advertising cookies, or third-party analytics. See our Cookie Policy for details.

11. Security

Files are encrypted in transit (TLS 1.3) and at rest (LUKS2 with AES-256). Account passwords are bcrypt-hashed. We follow industry best practices for infrastructure security. See our Security page for details.

12. Children's privacy

Konomic is not directed at children under 13 (or 16 in some EU jurisdictions). We don't knowingly collect personal data from children under these ages. If you believe we have, contact us and we'll delete it.

13. Changes to this policy

We may update this policy occasionally. Material changes will be announced via email and on the website at least 30 days before taking effect.

14. Contact

For privacy questions, requests, or complaints, email privacy@konomic.io. You can also lodge a complaint with your local data protection authority at any time.

Konomic is built around a simple promise: your files and personal data are yours, not ours. This policy explains exactly what we collect, why, and how we protect it.

1. Who we are

Konomic is a privacy-focused online PDF toolkit operated from the European Union. The data controller for the purposes of GDPR is Konomic. For privacy questions, contact privacy@konomic.io.

2. Data we collect

Account data (only if you sign up)

Email address — required to create an account and for password resets
Password — stored as a bcrypt hash, never in plain text
Display name — optional
Subscription status — current plan and billing period

Usage data

Operation counters — daily counts per tool to enforce tier limits
File metadata — file size, format, and processing time (NOT file content)
IP address — for rate limiting and abuse prevention, deleted after 30 days
Browser user agent — to render the appropriate UI

File content (transient)

The PDF or document you upload, processed and deleted within 1 hour
The result file, available for download for 1 hour

Payment data

Processed entirely by Stripe — we never see or store credit card numbers
Stripe customer ID stored to link your account to your subscription
Invoice records (date, amount, currency) for tax compliance

3. What we DON'T collect

❌ Content of your files (we process and delete, not analyze)
❌ Files for AI model training (yours or anyone's)
❌ Browser history outside konomic.io
❌ Location data beyond rough country from IP for compliance
❌ Cookies from third-party trackers (no Google Analytics, no Facebook Pixel)
❌ Contacts, calendar, or other device data

4. Why we collect data

To deliver the service — process your files and return results
Account management — let you sign in, see history, manage subscription
Billing — process payments and prevent fraud (via Stripe)
Abuse prevention — rate limiting and security monitoring
Service improvement — aggregated, anonymized usage stats only
Legal compliance — tax records, court orders we're legally required to comply with

5. Legal basis (GDPR Article 6)

Contract — to deliver the service you signed up for
Legitimate interest — abuse prevention, security monitoring
Legal obligation — tax records, regulatory compliance
Consent — for optional features like email newsletters (revocable anytime)

6. How long we keep data

File content — 1 hour, then permanently deleted
IP addresses — 30 days, then deleted
Account data — until you delete your account
Invoice records — 7 years (legal requirement)
Backups — encrypted, retained 7 days, EU-stored

7. Who we share data with

We share data only with vetted processors required to deliver the service:

Stripe (payments) — credit card processing, located in EU and US
Resend (transactional email) — password resets, sign request emails
Groq (AI inference) — only when you explicitly use AI features; content discarded immediately
Hosting provider — German VPS provider for our infrastructure

We have Data Processing Agreements (DPAs) with all processors. We never sell or share data with advertisers, data brokers, or marketing companies.

8. International transfers

9. Your rights (GDPR)

You have the right to:

Access — request a copy of your personal data
Rectification — correct inaccurate data
Erasure — delete your account and data (the "right to be forgotten")
Restriction — limit how we process your data
Portability — export your data in a machine-readable format
Objection — object to processing based on legitimate interest
Withdraw consent — for any consent-based processing
Lodge a complaint — with your local data protection authority

To exercise any right, email privacy@konomic.io. We respond within 30 days.

10. Cookies

We use only essential cookies (authentication session, language preference). We do NOT use tracking cookies, advertising cookies, or third-party analytics. See our Cookie Policy for details.

11. Security

12. Children's privacy

13. Changes to this policy

We may update this policy occasionally. Material changes will be announced via email and on the website at least 30 days before taking effect.

14. Contact

For privacy questions, requests, or complaints, email privacy@konomic.io. You can also lodge a complaint with your local data protection authority at any time.

1. Who we are

2. Data we collect

Account data (only if you sign up)

Usage data

File content (transient)

Payment data

3. What we DON'T collect

4. Why we collect data

5. Legal basis (GDPR Article 6)

6. How long we keep data

7. Who we share data with

8. International transfers

9. Your rights (GDPR)

10. Cookies

11. Security

12. Children's privacy

13. Changes to this policy

14. Contact

Related

Privacy Policy

1. Who we are

2. Data we collect

Account data (only if you sign up)

Usage data

File content (transient)

Payment data

3. What we DON'T collect

4. Why we collect data

5. Legal basis (GDPR Article 6)

6. How long we keep data

7. Who we share data with

8. International transfers

9. Your rights (GDPR)

10. Cookies

11. Security

12. Children's privacy

13. Changes to this policy

14. Contact

Related