Privacy Policy

1. Introduction

Kanta ("we," "us," or "our") operates Kanta Verify, Kanta Find, and Kanta Database (collectively, the "Services"). This Privacy Policy explains how we collect, use, store, and share information in connection with the Services.

We operate two distinct categories of data: User Data (information about our customers) and Contact Data (B2B contact information in our database). Different rules apply to each. This policy covers both.

2. User Data — Information About Our Customers

What we collect:

• Account information — name, work email address, company name
• Authentication data — password hash, OAuth tokens (if you sign in via Google or similar)
• Billing information — processed by our payment provider (Stripe); we store only a billing reference, not full card numbers
• Usage data — credit balance, job history, API call logs, verification results
• Communication records — emails and messages you send us
• Analytics — page views and interaction events, collected via self-hosted Plausible Analytics (no cookies, no cross-site tracking)

How we use it:

• To provide, operate, and improve the Services
• To process payments and manage your credit balance
• To send transactional communications (job results, account notices, receipts)
• To respond to support requests
• To detect fraud and enforce our Terms of Service

Legal basis: Contract performance (to deliver the Services you signed up for) and legitimate interests (security, fraud prevention, service improvement).

3. Contact Data — B2B Records in Our Database

Kanta Database contains business contact records sourced from publicly available information, including public websites, professional profiles, and industry directories. This data is limited to professional context: names, job titles, employer names, business email addresses, and LinkedIn URLs.

We do not collect or store sensitive personal data such as home addresses, financial data, health information, or government ID numbers in our database.

Legitimate interest basis: We process this data on the basis of legitimate interests — specifically, to provide B2B sales and marketing tools to our customers. The data is professional in nature, sourced from public sources, and individuals have a reasonable expectation that their professional information may appear in B2B databases.

Individuals have the right to request removal of their data at any time. See Section 8 below.

California: We limit California contacts in our database to fewer than 100,000 records to remain below the California data broker registration threshold. We will re-evaluate this as our database grows.

EU/UK: We do not currently market to EU or UK businesses. If you are an EU or UK data subject and believe your data is in our database, you may contact us at privacy@kanta.dev to exercise your rights under GDPR or UK GDPR.

4. Data We Do Not Collect

• We do not use third-party advertising trackers or sell user data to advertisers
• We do not use cookies for tracking — our analytics are cookieless
• We do not collect sensitive personal categories (health, financial, racial/ethnic origin, etc.)

5. Sharing and Disclosure

We do not sell your personal information. We may share data in these limited circumstances:

• Service providers — infrastructure and payment partners (e.g., Stripe, Cloudflare) who process data on our behalf under data processing agreements
• Legal requirements — if required by law, court order, or to protect the rights and safety of Kanta or others
• Business transfers — in the event of a merger, acquisition, or sale of assets, data may be transferred as part of that transaction

6. Data Retention

• Account data — retained for the life of your account plus 12 months after closure
• Job and verification records — retained for 24 months for audit and dispute resolution
• Contact records (database) — refreshed on a rolling 12-month cycle; stale records are removed
• Suppression records — permanent. Once removed from our database, an email or domain is added to a permanent suppression list so it is never re-added

7. Security

We use industry-standard security practices including encrypted connections (TLS), encrypted storage, row-level security on our database, and access controls. No security system is impenetrable — in the event of a data breach affecting your personal information, we will notify you as required by applicable law.

8. Your Rights and Data Removal

Depending on your location, you may have rights including access, correction, deletion, portability, and the right to object to processing.

To request removal of your data from Kanta Database — including your email address and contact record — visit our Compliance page to submit a removal request. We target completion within 7 days and guarantee completion within 30 days. Once removed, your information is added to our permanent suppression list so it is not re-added in future database refreshes.

To exercise other rights (access, correction, portability) or for questions about your data, contact us at privacy@kanta.dev.

9. Children

The Services are intended for business use only. We do not knowingly collect personal information from anyone under 18. If you believe a minor's data has been submitted, contact us at privacy@kanta.dev and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. We will post the updated version here with a revised "Last updated" date. Material changes will be communicated by email to registered users where feasible.

11. Contact

Privacy questions: privacy@kanta.dev
Data removal requests: compliance.kanta.dev or compliance@kanta.dev