Back to home

Privacy Policy

Last updated: 11/01/2026

1. Data Controller

This notice explains how personal data is processed when you use KNOA (the “Platform”). **GDPR roles** - If you use KNOA on behalf of your organization to run interviews, your organization is typically the **Data Controller** for interview content and KNOA acts as a **Data Processor**. - For processing strictly necessary to operate the Platform (e.g. account management, security, service operations), KNOA may act as a **Data Controller**. For privacy requests you can contact us using the details in the “Contact” section.

2. Data Collected

We collect data necessary to provide the service and, if enabled, voice and AI features. Depending on your role (admin user vs participant) we may process:

Platform users (admin)

  • Email address
  • Full name
  • Company
  • Login credentials (encrypted passwords)
  • Platform usage data

Interview participants

  • Full name
  • Professional role
  • Conversation content (messages and transcriptions)
  • Audio/voice recordings (if feature is enabled)

3. Purposes and Legal Bases

We process personal data for the following purposes:

  • Service delivery: Legal basis: performance of a contract and pre-contractual measures (Art. 6(1)(b) GDPR).
  • AI analysis of conversations: Legal basis: performance of a contract or legitimate interests (Art. 6(1)(b)/(f) GDPR) and, where required, consent (Art. 6(1)(a) GDPR).
  • Voice recording: Legal basis: consent (Art. 6(1)(a) GDPR) or technical necessity for the voice mode requested by the user.

We may also process data for Platform security and abuse prevention, customer support, and legal obligations (Art. 6(1)(c) GDPR).

4. Recipients and Transfers

Your data may be shared with the following service providers (sub-processors):

  • Supabase Inc. - Database and authentication
  • Anthropic PBC - AI conversation processing
  • OpenAI LLC - Audio transcription
  • ElevenLabs Inc. - Voice synthesis
  • Resend Inc. - Transactional emails

If some providers process data outside the European Economic Area, we rely on appropriate safeguards (e.g. Standard Contractual Clauses - SCC) and, where necessary, supplementary measures.

We limit data access on a need-to-know basis and use contractual, technical and organizational measures to protect personal data.

5. Data Retention

  • Account data: Retained until account deletion or termination of the contractual relationship.
  • Interviews: Retained for as long as needed for the Controller’s purposes. If not configured otherwise, they may be retained up to 24 months and then deleted or anonymized.
  • Technical logs: Retained for a limited period (typically up to 30 days), unless needed for security or legal obligations.

Retention periods may vary based on legal requirements, Controller instructions (where applicable), and service configuration.

6. Data Subject Rights

Under GDPR, you have the following rights:

  • Right to access your data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

To exercise your rights, email privacy@knoa.ai with your request and information to help identify you. We may ask you to verify your identity. If KNOA acts as a Processor, your request may be handled by the Controller (your organization) according to the instructions received.

7. Security

We implement appropriate technical and organizational measures to protect data (e.g. access control, encryption in transit where applicable, environment segregation, limited technical logging, vulnerability management). No system can be guaranteed 100% secure: please protect your credentials and use strong passwords.

8. Use of AI systems

The Platform may send portions of the conversation (text and/or transcribed audio) to AI model providers to generate outputs (e.g. insights, summaries, documentation). Where available, we configure providers not to use data to train public models. Outputs may be inaccurate: always review before making operational decisions.

9. Cookies and technical data

We use cookies and similar technologies primarily for technical purposes (e.g. session/authentication, security). If we enable analytics or marketing tools, we will show a dedicated cookie notice/banner and collect consent where required.

10. Contact

To exercise your rights or for any privacy questions, contact us:

Email: privacy@knoa.ai