Privacy Policy

Last updated: April 13, 2026

Plain English Summary

We built Kanso to help you with your career, not to harvest your data.

We do not sell your personal data, we do not track you for third-party ads, and you remain in control of your information at all times.

Our Kanso Coach is not trained on your data.

The details below are for legal compliance, but our philosophy is simple: we treat your data with the same respect we’d want for our own.

1. Privacy Summary

Kanso collects minimal personal information to provide and improve the service. This policy explains what we collect, why we collect it, how we use it, with whom we share it (including overseas disclosures), and how you can control it.

Jurisdiction: This privacy policy complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). Kanso operates globally and serves users in Australia, the European Union, the United States, and other English-speaking countries.

2. Information We Collect

2.1 Personal Information

We collect the following categories of personal information:

  • Account identifiers: Email address, OAuth provider ID (e.g., Google, Facebook), username, and profile name.
  • Authentication data: Login credentials, authentication tokens, and session information.
  • Assessment content: Your responses to career assessments, ratings, comments, reflections, and AI-generated analysis and insights.
  • Chat messages: Conversations with our AI Kanso Coach, including your questions and the AI’s responses.
  • Usage data: Device type, browser type, IP address (anonymized where possible), timestamps, pages visited, features used, and interaction patterns.
  • Technical diagnostics: Error logs, crash reports, performance metrics, and debugging information collected via Sentry.
  • Analytics data: Behavioral analytics, feature usage, and session recordings (when enabled) collected via PostHog.

2.2 Cookies and Tracking Technologies

We use the following cookies and tracking technologies:

  • Essential cookies: Required for authentication, security, and basic site functionality.
  • Analytics cookies: PostHog analytics to understand how users interact with our service and improve user experience.
  • Session cookies: Temporary cookies that expire when you close your browser.

You can control cookie preferences through your browser settings. Disabling certain cookies may impact site functionality.

2.3 Information We Do Not Collect

We do not intentionally collect sensitive information such as health data, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, sexual orientation, or criminal history. However, users may voluntarily include such information in open-text assessment fields. We recommend avoiding highly sensitive personal details in assessment responses.

3. How We Use Your Information

We use your personal information for the following purposes:

  • Service delivery: Creating and storing assessments, generating personalized insights, providing AI-powered career coaching, and displaying your results.
  • Authentication: Verifying your identity and managing your account access.
  • Improvement and personalization: Analyzing usage patterns, improving features, fixing bugs, and personalizing recommendations.
  • Analytics and research: Understanding user behavior, conducting product research, and measuring service performance.
  • Communication: Sending service updates, responding to inquiries, and providing customer support.
  • Security and fraud prevention: Protecting against unauthorized access, abuse, and security threats.
  • Legal compliance: Meeting legal obligations, responding to lawful requests, and enforcing our terms of service.

All processing is conducted for purposes that are reasonably expected given the nature of the service.

4. Disclosure of Personal Information

4.1 Third-Party Service Providers

We do not sell or rent your personal information. We share personal information with the following categories of third-party service providers who process data on our behalf:

  • Hosting and infrastructure:

    • Google Cloud: Cloud hosting and data storage (servers located in the United States)
    • Supabase: Database and authentication services (data stored in United States)
    • Vercel: Website and application hosting (United States)
    • Cloudflare: Content delivery network and security services (global network)

  • Analytics and monitoring:

    • PostHog: Product analytics and user behavior tracking (United States and European Union)
    • Sentry: Error tracking and performance monitoring (United States)

  • AI processing:

    • Google Gemini API: AI-powered analysis and chat functionality (United States). Your data is not used to train Google’s AI models.

  • Authentication:

    • Google OAuth: Third-party authentication (United States)
    • Facebook OAuth: Third-party authentication (United States)

4.2 Overseas Disclosure

Important: Personal information is stored and processed in overseas jurisdictions, primarily the United States and potentially the European Union. These countries may not provide the same level of data protection as Australian law.

By using Kanso, you acknowledge and consent to the overseas disclosure and storage of your personal information. We take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the Australian Privacy Principles, including through contractual arrangements where applicable.

Where you provide consent via social login (Google, Facebook), you are also subject to those providers’ privacy policies and international data practices.

4.3 Other Disclosures

We may also disclose personal information:

  • When required by law, court order, or government authority
  • To protect our rights, property, or safety, or that of our users or the public
  • In connection with a business transaction such as a merger, acquisition, or asset sale (we would notify you in advance)
  • With your explicit consent

5. Data Quality and Security

5.1 Data Quality

We take reasonable steps to ensure that the personal information we collect is accurate, up-to-date, complete, and relevant. You can update your account information and assessment content at any time through the application interface.

5.2 Security Measures

We implement industry-standard security measures to protect your personal information from misuse, interference, loss, unauthorized access, modification, or disclosure:

  • Encryption: Data is encrypted in transit using TLS/SSL and at rest where supported by our service providers.
  • Access controls: Role-based access limitations and authentication requirements for our team.
  • Monitoring: Active security monitoring, intrusion detection, and regular security audits.
  • Vendor security: We select service providers with strong security practices and contractual data protection obligations.

However, no system is completely secure. While we strive to protect your data, we cannot guarantee absolute security. Please use strong passwords and avoid including highly sensitive information in assessment text fields.

5.3 Data Breach Notification

In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme in the Privacy Act.

6. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

  • Account and authentication data: Retained until account deletion
  • Assessment content and chat history: Retained until you delete individual items or your account
  • Usage and analytics data: Retained for up to 2 years for analytics purposes, then anonymized or deleted
  • Technical logs and diagnostics: Retained for up to 90 days, then deleted unless required for investigation

After you delete your account or request data deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

7. Your Rights and Choices

7.1 Access and Correction

You have the right to:

  • Access your information: Request a copy of the personal information we hold about you
  • Correct your information: Update or correct inaccurate or incomplete information
  • Export your data: Request your assessment data in a portable format

To exercise these rights, contact us at privacy@trykanso.app.

7.2 Deletion and Objection

  • Delete assessments: You can delete individual assessments through the application interface
  • Delete account: Request complete account and data deletion by contacting us
  • Object to processing: If you believe we are processing your information inappropriately, you can object by contacting us

We will respond to access and correction requests within 30 days and provide reasons if we deny any request.

7.3 Anonymity and Pseudonymity

Where practicable, you may interact with us anonymously or using a pseudonym. However, if you choose not to provide required personal information (such as email for account creation), we may not be able to provide our services.

7.4 Complaints

If you have a complaint about how we handle your personal information:

  1. Contact us first: Email privacy@trykanso.app with details of your complaint
  2. We will investigate: We will acknowledge your complaint within 7 days and provide a detailed response within 30 days
  3. Escalate to OAIC: If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner:

8. Children’s Privacy

Kanso is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete that information promptly.

If you are a parent or guardian and believe we have collected information about a child under 13, please contact us immediately.

9. Automated Decision-Making

The AI Kanso Coach provides career guidance, insights, and recommendations based on your assessment responses and chat interactions. These are advisory only and do not constitute automated decision-making that would significantly affect you legally or similarly. You remain in full control of your career decisions.

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

For substantial changes that materially affect your rights, we will:

  • Update the “Last updated” date at the top of this policy
  • Provide at least 30 days’ notice via the application interface or email
  • Seek your consent where required by law

We encourage you to review this policy periodically.

11. Contact Information

For privacy-related questions, access requests, correction requests, complaints, or data deletion requests:

Email: privacy@trykanso.app

We will respond to inquiries within a reasonable timeframe, typically within 7-30 days depending on the nature of the request.

12. Governing Law

This privacy policy is governed by Australian law, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). For users in other jurisdictions, local laws may also apply (see sections 13 and 14 below).

13. Additional Rights for European Union Users (GDPR)

If you are located in the European Union, United Kingdom, or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

We process your personal data under the following legal bases:

  • Contractual necessity: To provide the services you’ve requested
  • Legitimate interests: To improve our services, ensure security, and conduct analytics
  • Consent: For certain processing activities, such as optional analytics features

Additional GDPR Rights

  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to restriction: Request that we limit how we use your data
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time (where processing is based on consent)
  • Right to lodge a complaint: Contact your local data protection authority

EU Representative: If we expand operations significantly in the EU, we will appoint an EU representative as required by GDPR.

Data Transfers

Personal data transferred from the EU to third countries (including the United States) is protected through appropriate safeguards such as Standard Contractual Clauses (SCCs) where applicable.

To exercise your GDPR rights, contact privacy@trykanso.app.

14. Additional Rights for California and US Residents

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Categories of Personal Information

We collect the following categories as defined by CCPA:

  • Identifiers (email, username, IP address)
  • Internet or network activity (browsing history, usage data)
  • Geolocation data (approximate, based on IP)
  • Inferences (career preferences, behavioral patterns)

Your California Rights

  • Right to know: Request disclosure of personal information collected, used, or shared
  • Right to delete: Request deletion of your personal information
  • Right to opt-out: We do not “sell” or “share” personal information as defined by CCPA
  • Right to non-discrimination: We will not discriminate against you for exercising your rights

Do Not Sell or Share My Personal Information

We do not sell or share your personal information for cross-context behavioral advertising. However, our use of analytics services like PostHog may constitute “sharing” under California law. You can opt out of analytics tracking by contacting us or adjusting your browser settings.

Shine the Light

Under California’s “Shine the Light” law, you may request information about disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

To exercise your California rights, contact privacy@trykanso.app or call us if we establish a toll-free number in the future. We will verify your identity before processing requests.

Other US States: Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws may have similar rights. Contact us to exercise these rights.