Privacy Policy
Last updated: June 10, 2026
KEN-E, LLC ("KEN-E," "we," "us," or "our") provides an AI-powered marketing analysis platform available at app.ken-e.ai (the "Service"). This Privacy Policy explains what personal information we collect, how we use and share it, and the rights you have over it.
This policy applies to the Service, our website at ken-e.ai, and our communications with you. By using the Service you acknowledge the practices described here.
Contact for privacy matters: privacy@ken-e.ai
Mailing address: [COMPANY ADDRESS]
1. Our Roles: Controller and Processor
KEN-E serves both organizations and individual subscribers. We act in two distinct capacities:
- As a data controller, for the personal information we collect to operate our business: your account and profile information, organization and billing records, usage records, support communications, and website data. This policy primarily describes that processing.
- As a data processor (or "service provider" under US state law), for Customer Content — the business data, chat conversations, documents, connected-platform data (such as Google Analytics data), and user-authored skills that you or your organization submit to the Service. We process Customer Content only on the instructions of the customer (your organization, or you if you subscribe individually) to provide the Service. If your organization is the customer, its administrators control that content, and questions about it should be directed to your organization first.
A Data Processing Addendum (DPA) governing our processing of Customer Content, including our subprocessor list and international-transfer safeguards, is available to customers on request at legal@ken-e.ai.
2. Information We Collect
2.1 Account and profile information
When you create an account we collect your email address, first and last name, and optionally your job title. You may sign up with an email address and password, or with Google Sign-In, in which case Google shares your basic profile (name, email address, profile photo) with us under the profile and email scopes. Authentication is handled by Google Firebase Authentication; if you use a password, it is stored and managed by Firebase, not by KEN-E. We also store your product preferences (language, theme, date format), notification settings, and security settings (such as whether two-factor authentication is enabled).
2.2 Organization and team information
If you create or join an organization on KEN-E, we store the organization's name and settings, your role within it (administrator or member), and membership records. If an administrator invites a teammate, we collect the invitee's email address from the administrator (not from the invitee) and use it solely to deliver the invitation email and link the resulting account to the organization.
2.3 Customer Content
In the course of using the Service, you and your organization submit content that we process to provide the Service:
- Chat conversations with KEN-E's AI agents — your messages, the AI's responses, and generated artifacts (reports, charts, strategy documents).
- Business and marketing data you provide or that the Service produces for you (KPIs, forecasts, targets, dashboards, project plans, automations).
- Skills you author, which may include code that the Service executes in a sandboxed environment on your behalf.
- Connected-platform data retrieved from third-party accounts you connect (see Section 4).
2.4 Billing information
Paid subscriptions are processed by Stripe. Payment card details are entered directly into Stripe-hosted pages and are never transmitted to or stored on KEN-E systems. We store your billing email, plan and subscription status, Stripe customer and subscription identifiers, and a billing audit trail.
2.5 Usage information
We meter the Service internally, recording AI token consumption per organization, per account, and per user (used for plan enforcement and the usage charts in your settings), session activity (session titles, summaries, timestamps, status), and audit logs of administrative actions (for example membership changes and subscription changes).
2.6 Technical information
Our servers log standard technical data such as IP address, browser type, and request metadata for security and reliability. Account-creation and sign-in pages are protected by Google reCAPTCHA, which collects device and interaction data to distinguish humans from bots, subject to Google's Privacy Policy and Terms of Service.
2.7 Analytics and advertising data
We use Google Firebase Analytics in the application, and advertising tags and pixels from Google Analytics, Google Ads, Microsoft Advertising (Bing), and Meta on our public website and within the logged-in application. Subject to your consent choices (Section 7), these tools collect device and usage information such as device and browser type, online identifiers (cookie IDs, mobile advertising IDs), IP address, pages and screens viewed, referral source, and interactions with our advertisements. These tools never receive Customer Content, chat conversations, or any data we obtain through Google APIs (such as your connected Google Analytics data) — they observe your use of our pages and screens, not the business data displayed inside them.
2.8 Support and other communications
If you contact us, we keep the correspondence and any information you choose to provide.
We do not collect sensitive personal information (such as health, biometric, or precise geolocation data), and we do not knowingly process special categories of data under the GDPR. Please do not submit such data through the Service.
3. How We Use Information and Our Legal Bases
Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
Providing the Service — operating your account, running AI analyses on your content, storing and displaying your data, executing your skills | Account, organization, Customer Content, usage | Performance of a contract |
Billing and plan enforcement — metering token usage, processing subscriptions, sending payment-failure notices | Billing, usage | Performance of a contract; legal obligation (tax/accounting) |
Team invitations | Invitee email (provided by the administrator) | Legitimate interests (enabling team collaboration requested by our customer) |
Transactional email — invitations, billing and usage notifications | Account, billing | Performance of a contract |
Security, fraud and abuse prevention — authentication, rate limiting, reCAPTCHA, audit logging | Account, technical, usage | Legitimate interests (protecting the Service and its users) |
Service quality and reliability — monitoring AI system performance via execution traces, reconciling usage metering | Usage, AI traces (see Section 5) | Legitimate interests (operating and improving a reliable service) |
Product analytics — understanding how the Service is used so we can improve it (Firebase Analytics) | Analytics and advertising data (Section 2.7) | Consent, where required (EEA/UK/Switzerland); otherwise legitimate interests, with an opt-out (Section 7) |
Advertising — measuring our advertising campaigns and reaching audiences on advertising platforms | Analytics and advertising data (Section 2.7) | Consent |
Support | Support communications | Performance of a contract; legitimate interests |
Legal compliance and enforcement of our terms | As required | Legal obligation; legitimate interests |
Where we rely on legitimate interests, you may object as described in Section 11. Analytics and advertising processing never draws on Customer Content, chat conversations, or data received from Google APIs — it is limited to the device and usage data described in Section 2.7.
Automated decision-making. The Service generates AI-powered analyses and recommendations, but it does not make automated decisions about you that produce legal or similarly significant effects within the meaning of Article 22 GDPR.
4. Google Analytics Integration and Google User Data
You may optionally connect your Google Analytics account to KEN-E via Google OAuth so that the Service can analyze your marketing data. When you do:
- We request read-oriented Google Analytics scopes and receive OAuth tokens, your Google account email, and your Analytics account and property metadata (names, property IDs, time zones, industry categories). At your direction, the Service retrieves Analytics reporting data from the properties you select.
- OAuth tokens are encrypted with Google Cloud KMS before storage and are used solely to access the data needed for features you invoke.
- Google Analytics data is used only to provide user-facing features you request — analyses, reports, dashboards, and AI-generated insights visible to you in the Service. It is not used for advertising, not sold or transferred to data brokers, and not used to train or improve generalized AI or machine-learning models.
- You can disconnect the integration at any time in Settings → Integrations (or by revoking access at myaccount.google.com/permissions). Disconnecting deletes our stored tokens; analyses already generated from the data remain in your workspace until you delete them.
- Human access to Google user data is limited to cases where you have given affirmative permission (for example, a support request), where necessary for security purposes, or where required by law.
KEN-E's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
5. AI Processing
KEN-E is an AI-native product, and we want to be explicit about how AI processing works:
- You are interacting with an AI system. Chat conversations and analyses in KEN-E are generated by artificial intelligence, not by humans.
- Model providers. Your prompts, Customer Content in context, and connected-platform data needed for a request are processed by Google Gemini models via Vertex AI running in KEN-E's own Google Cloud environment. Certain document-formatting steps are processed by the OpenAI API.
- No training on your data. Neither KEN-E nor its model providers use your content to train or improve generalized AI models. Google's Vertex AI terms contractually prohibit Google from using customer data to train or fine-tune AI/ML models without permission (Google Cloud Service Specific Terms, "Training Restriction"), and our OpenAI API usage is governed by OpenAI's business terms, under which API data is not used for training.
- Quality monitoring. We record execution traces of AI runs (prompts, responses, tool calls, token counts) in Weights & Biases Weave for quality evaluation, debugging, and usage-meter reconciliation. These traces are internal operational records, retained per Section 8, and are never used for advertising or model training.
- Outputs may be wrong. AI-generated analyses can be inaccurate or incomplete. See our Terms of Service for the disclaimers that apply to AI output.
6. How We Share Information
We do not sell personal information for monetary consideration. We do disclose limited device and usage data to advertising partners (Section 6.2) — a practice California law treats as "sharing" for cross-context behavioral advertising (and may treat as a "sale") — and you can opt out of those disclosures at any time (Sections 7 and 11.3). Beyond that, we share information only as follows:
6.1 Subprocessors and service providers
Provider | Purpose | Data involved |
|---|---|---|
Google LLC (Google Cloud Platform) | Hosting (Cloud Run), databases (Firestore), file storage (Cloud Storage), AI inference (Vertex AI / Gemini), encryption and secret management (Cloud KMS, Secret Manager) | All Service data |
Google LLC (Firebase) | Authentication | Email, name, credentials |
Google LLC (reCAPTCHA) | Bot and abuse prevention on auth pages | Device and interaction data |
Stripe, Inc. | Payment processing, subscription management, tax | Billing details, payment method (held by Stripe only) |
Twilio Inc. (SendGrid) | Transactional email delivery | Recipient email, name, organization name |
Neo4j, Inc. (Aura) | Managed graph database (knowledge graph) | Business entities and relationships derived from Customer Content |
OpenAI, L.L.C. | Formatting of generated strategy documents | Strategy document content |
Weights & Biases, Inc. | AI observability traces, usage reconciliation | Prompts, AI outputs, tool calls, token counts, account/session identifiers |
All subprocessors are bound by contracts restricting their use of data to providing services to us. The current subprocessor list for Customer Content is maintained in our DPA; customers are notified of changes as described there.
6.2 Advertising and analytics partners
Where you have consented — or have not opted out, depending on your jurisdiction (see Section 7) — the following partners collect device and usage data on our website and in the application through cookies, SDKs, tags, and pixels. For this data they act as independent controllers (or, for certain pixel data, joint controllers with us) and use it as described in their own privacy policies:
Partner | Tools | Purpose |
|---|---|---|
Google LLC | Firebase Analytics, Google Analytics, Google Ads tags | Product and web analytics; advertising measurement and audiences |
Microsoft Corporation | Microsoft Advertising (Bing) UET tag | Advertising measurement and audiences |
Meta Platforms, Inc. | Meta Pixel | Advertising measurement and audiences |
These partners receive only the data described in Section 2.7 — never Customer Content, and never data we obtain through Google APIs.
6.3 Within your organization
If you use KEN-E through an organization, its administrators can see your membership, role, activity within shared workspaces, and per-user usage statistics.
6.4 Legal and safety
We may disclose information if required by law or legal process, or where reasonably necessary to protect the rights, safety, or property of KEN-E, our users, or the public.
6.5 Business transfers
If KEN-E is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this policy and applicable law (including, for Google user data, the consent requirements of the Google API Services User Data Policy).
7. Cookies, SDKs, and Similar Technologies
We use the following categories of cookies and similar technologies on our website (ken-e.ai) and in the application (app.ken-e.ai):
- Strictly necessary (always active): authentication state managed by Firebase Authentication; local storage of your theme preference, cached profile, and current organization/workspace selection (cleared when you sign out); and Google reCAPTCHA cookies on account-creation and sign-in pages for bot detection.
- Analytics (loaded per your consent choices): Google Firebase Analytics, which helps us understand how the Service is used so we can improve it.
- Advertising (loaded per your consent choices): tags and pixels from Google Analytics, Google Ads, Microsoft Advertising (Bing), and Meta, which measure the performance of our advertising campaigns and help us reach relevant audiences on those platforms.
Your choices. When you first visit, a consent banner lets you accept or decline analytics and advertising technologies, and you can change your choices at any time via Cookie preferences, available on both the website and in the application. In the EEA, UK, and Switzerland, analytics and advertising technologies load only if you opt in. We also honor the Global Privacy Control (GPC) browser signal as a valid opt-out of advertising disclosures and display a confirmation when your signal has been honored. Declining or opting out does not affect strictly necessary technologies or your ability to use the Service.
8. Data Retention
We retain personal information only as long as needed for the purposes described above:
- Account and profile data — for the life of your account, then deleted following account closure.
- Customer Content (chat sessions, documents, artifacts, skills) — until you delete it or your account/organization is deleted. You can delete individual chat sessions and export your data from within the Service.
- OAuth integration tokens — until you disconnect the integration or your account is deleted.
- Billing records and audit logs — retained as required for tax, accounting, and compliance purposes after account closure.
- Usage metering records — retained for billing administration and dispute resolution.
- AI execution traces (Weights & Biases) — retained on a rolling basis for quality evaluation and billing reconciliation, then expire per our observability retention settings.
- Analytics and advertising data — retained according to the retention settings we configure with each partner, subject to your consent choices and opt-outs.
- Server logs — retained on a short rolling basis for security and reliability.
When an account or organization is deleted, we sweep the associated data from our primary data stores (Firestore, the knowledge graph, and file storage), subject to limited residual copies in backups that expire on their own schedule and records we must retain by law.
9. Security
We apply technical and organizational measures appropriate to the data we handle, including: encryption in transit (TLS) for all connections; encryption at rest across our Google Cloud data stores; Cloud KMS envelope encryption for third-party OAuth tokens before storage; centralized secret management (no credentials in code); Firebase token verification on every API request; role-based access control within organizations; rate limiting on authentication and sensitive endpoints; service-to-service authentication via OIDC; and audit logging of administrative and billing actions. Payment card data never touches our systems (Stripe-hosted checkout).
No system is perfectly secure; please use a strong, unique password and enable two-factor authentication.
10. International Data Transfers
KEN-E is operated from the United States, and our subprocessors process data primarily in the United States. Where we receive personal information from the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards: our key subprocessors (including Google, Stripe, and Twilio) are certified under the EU–U.S. Data Privacy Framework (and its UK and Swiss extensions), and we use the Standard Contractual Clauses where applicable. Details are set out in our DPA.
11. Your Rights
11.1 Everyone
You can access and update your profile in Settings, export chat sessions from within the Service, delete individual sessions and content, and disconnect integrations at any time. For anything you cannot do in-product — including full account deletion — email privacy@ken-e.ai and we will action your request within the timelines required by applicable law. If you use KEN-E through an organization, we may refer requests concerning Customer Content to your organization's administrator, since that data is controlled by the organization.
11.2 European Economic Area, United Kingdom, and Switzerland (GDPR)
You have the right to access, rectify, erase, and receive a portable copy of your personal data; to restrict or object to processing (including any processing based on legitimate interests); and to withdraw consent at any time where processing is based on consent. You also have the right to lodge a complaint with your local supervisory authority, though we would welcome the chance to address your concern first at privacy@ken-e.ai.
11.3 California and other US states
Residents of California and other states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, and Texas) have the rights to know/access, correct, delete, and obtain a portable copy of their personal information, and to opt out of the sale of personal information, sharing for cross-context behavioral advertising, targeted advertising, and certain profiling.
We do not sell personal information for monetary consideration. However, our use of advertising cookies, SDKs, and pixels (Sections 2.7, 6.2, and 7) discloses identifiers and internet-activity data to advertising partners — a practice California law treats as "sharing" (and may treat as a "sale") and other state laws treat as targeted advertising. You can opt out at any time via the "Do Not Sell or Share My Personal Information" link in our website footer, via Cookie preferences in the application, or by enabling Global Privacy Control in your browser — we treat GPC as a valid opt-out request and display a confirmation that your signal was honored. We do not knowingly sell or share the personal information of consumers under 16. We do not use or disclose sensitive personal information for purposes requiring a right to limit under the CPRA, and we do not engage in profiling that produces legal or similarly significant effects. We will not discriminate against you for exercising your rights.
To exercise any right, email privacy@ken-e.ai from the address associated with your account (or provide information sufficient to verify your identity). An authorized agent may submit requests on your behalf with proof of authorization. If we decline a request, you may appeal by replying to our decision or emailing privacy@ken-e.ai with the subject "Privacy Appeal"; if your appeal is denied, you may contact your state attorney general.
12. Children
The Service is intended for business and professional use by adults. It is not directed to anyone under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact privacy@ken-e.ai and we will delete it.
13. Changes to This Policy
We may update this policy from time to time. If we make material changes, we will notify you by email or in-product notice before the changes take effect, and we will not use Google user data in materially new ways without prompting you to consent to the updated policy. The "Last updated" date above reflects the current version.
14. Contact Us
- Privacy requests and questions: privacy@ken-e.ai
- Legal (including DPA requests): legal@ken-e.ai
- Mail: KEN-E, LLC, [COMPANY ADDRESS]