Privacy Policy
This policy describes what information Khiip's maintainers collect when you interact with the Khiip website at khiip.com and the services that website depends on. It is informational; it operates alongside the AGPL-3.0 LICENSE that governs your use of the software and the DISCLAIMER that describes what the software does and does not do on your behalf.
If you have questions about anything in this policy, write to privacy@khiip.com.
What this policy covers, and what it does not
This policy covers the Khiip marketing website at khiip.com and the third-party services that website depends on for hosting, analytics, email, and payments. It covers any account-like interaction you have with the website — visiting a page, subscribing to a newsletter, purchasing a Khiip Plus subscription, sending a question.
This policy does not cover the Khiip daemon itself. The daemon is software
you run on your own machine. Its network behavior is documented separately at
docs/telemetry.md
in the project repository, and the diff history of that file is the audit
trail for any change to network behavior across versions. The short version:
the daemon makes no calls to Khiip-operated infrastructure, because no
Khiip-operated infrastructure exists for it to call. See
DISCLAIMER for the
substrate-layer details.
Who is collecting this information
Khiip is maintained by an individual maintainer operating as a sole proprietor. There is no company entity at v0.1.0. When this policy says "Khiip's maintainers," it refers to that maintainer and any contributors that may be added later. References to "we" throughout the policy mean the same thing.
If and when an entity is formed, this policy will be revised to reflect that — see the Material changes section below for the notification mechanism.
What we collect on khiip.com
Plausible Analytics — page-view counts only, cookieless
khiip.com uses Plausible Analytics for traffic measurement. Plausible is a cookieless, privacy-focused analytics product. The data collected is limited to:
- Page URL visited
- HTTP referrer (the page that linked you here, if any)
- Browser type and version (derived from the User-Agent header)
- Operating system (derived from the User-Agent header)
- Device type (desktop / mobile / tablet, derived from the User-Agent header)
- Country (derived from IP address; the IP address itself is not stored)
Plausible does not set cookies. It does not assign you a persistent identifier. It does not track you across sites. It uses a daily-rotating, salted hash of your IP address combined with the User-Agent to estimate whether two page views came from the same visitor on the same day — the hash is discarded at the end of each day, so the maintainers cannot identify you across days.
khiip.com also records a small number of cookieless custom events — clicks on calls to action such as "Install" and "Start free trial" — so the maintainers can understand which are useful. These are aggregate counts with no personal data and no cross-site tracking, recorded the same cookieless way as the page views above.
The full inventory of what Plausible collects, and its rationale, is in Plausible's data policy.
Buttondown — only if you subscribe to a newsletter
If Khiip's maintainers operate a newsletter and you choose to subscribe, the subscription is handled by Buttondown. Buttondown stores:
- The email address you supply
- The date you subscribed
- Records of newsletters sent to you (delivery, open events if you have not disabled tracking in your email client, unsubscribe events)
You can unsubscribe at any time using the link in any newsletter, or by writing to privacy@khiip.com. Unsubscribing removes you from future sends and is honored by Buttondown's own processing.
If Khiip's maintainers do not operate a newsletter at the time you visit, this section does not apply to you — there is nothing to subscribe to. The section is included here so the policy stays accurate if a newsletter is added later.
Buttondown's own privacy policy is at buttondown.com/legal/privacy.
Polar — when you start a Khiip Plus trial or subscribe
If you start a Khiip Plus free trial or subscribe, the payment is handled by Polar acting as the merchant of record. Polar runs the checkout, stores your payment method, charges your card when the trial converts and at each renewal, handles tax, and runs the customer portal where you manage or cancel. To do this, Polar processes:
- Your name and email address
- Your billing country, and any billing address required for tax
- Your payment-card details (handled by Polar and its payment processor; Khiip's maintainers never receive or store your full card number)
- Your subscription and transaction records (plan, status, trial and renewal dates, invoices)
From Polar, Khiip's maintainers receive only what is needed to provision your subscription and issue your license key — your email, country, subscription status, and an account identifier — not your card details. Your license key is delivered to the email you provide and unlocks Khiip Plus on your own machine; verifying it locally does not send anything back to Khiip's maintainers.
You manage, update, or cancel your subscription through Polar's customer portal, which you reach with a one-time code sent to your email — there is no separate Khiip account or password. Polar's own privacy policy is at polar.sh/legal/privacy.
Cloudflare Pages — hosting
khiip.com is hosted on Cloudflare Pages. Cloudflare handles the actual delivery of the website to your browser. As part of standard web hosting, Cloudflare's infrastructure may process:
- The IP address your request originates from
- The User-Agent header your browser sends
- The URL you requested
- Standard HTTP timing and response metadata
Cloudflare uses this information for content delivery, denial-of-service mitigation, and abuse prevention. Khiip's maintainers do not separately store these request logs — what Cloudflare retains is governed by Cloudflare's own privacy policy.
If your browser sets up any Cloudflare-related cookies (these are sometimes used for security checks like Bot Management challenges), those cookies are set by Cloudflare's infrastructure, not by khiip.com's application code.
GitHub — when you click through to the repository
The Khiip source code, issue tracker, and contributor activity all live on GitHub. When you click a link from khiip.com to the GitHub repository, your browser makes a request to GitHub, and GitHub's own collection practices apply — see GitHub's privacy statement.
At v0.1.0, the contact path for questions about Khiip is to open an issue on GitHub or write to privacy@khiip.com. khiip.com does not host a contact form. If you reach the maintainers via GitHub, GitHub's own data handling applies to your interaction; if you reach the maintainers by email, the mail itself is delivered through whichever provider handles the privacy@khiip.com alias (currently the maintainer's mail infrastructure; this may change, and if it does, this policy will be updated).
Cookies and local storage
khiip.com does not set cookies for analytics. Plausible is cookieless by design.
khiip.com may rely on cookies set by infrastructure providers (Cloudflare security checks; Buttondown's subscription confirmation flow if you interact with it). These are set by those providers' infrastructure, not by khiip.com's application code. If your browser is configured to block third-party cookies, the website will continue to work for reading — what may not work is the newsletter subscription flow, depending on how Buttondown's confirmation page handles the click-through.
The website does not use browser local storage for any tracking purpose. Any local storage it sets is for the page-level functioning of the site itself (theme preference, dismissable banners, that sort of thing).
How we use this information
- Plausible analytics: to understand which pages are being read, where readers are coming from, and which content is useful. This is operational analytics for maintainers, not behavioral profiling. No advertising; no audience segmentation; no third-party data sharing.
- Buttondown subscription: to deliver newsletter editions you have subscribed to. The maintainers do not sell, rent, or share subscriber emails with any third party, and Buttondown's terms prohibit doing so.
- Cloudflare hosting: to deliver the website and mitigate abuse, on standard web-hosting terms.
- GitHub interaction: to read your reported issues and contributions. Khiip's maintainers act in their public-developer capacity here; the issue text you submit is visible to anyone who reads the public issue tracker.
What we do not do
A few specific commitments, framed not as absolutes but as descriptions of how the site is currently built:
- The website does not run third-party advertising. No ad networks, no programmatic ad code, no remarketing pixels.
- The website does not embed third-party trackers. Plausible is the only analytics; it is first-party with respect to khiip.com and does not load tracking pixels from other parties.
- Khiip's maintainers do not sell your email address. If a newsletter exists and you subscribe to it, your email is used to send you that newsletter.
- Khiip's maintainers have a customer relationship with you only if you open one — by purchasing a Khiip Plus subscription. If you do, that relationship is handled through Polar as described above, and the maintainers do not receive or store your card details. The free tier requires no account and no payment.
If any of the above changes, this policy will be revised before the change takes effect. See Material changes below.
Your rights
You can:
- Ask what information is stored about you. Write to privacy@khiip.com. If you have subscribed to a newsletter, the maintainers can confirm your subscription record. For analytics data: Plausible's design makes individual identification impossible (no cross-day identifier; no PII), so there is nothing per-person to retrieve from analytics; the architecture is the answer here.
- Ask for your information to be deleted. For newsletter subscriptions, you can unsubscribe yourself via any newsletter's unsubscribe link, or write to privacy@khiip.com. Cloudflare's request logs and Plausible's analytics aggregates do not contain per-person records, so there is nothing per-person to delete from those.
- Ask for corrections. If you believe a record about you (a subscription email, say) is wrong, write to privacy@khiip.com and the maintainers will correct or remove it.
- Object to processing. Write to privacy@khiip.com describing what you object to. Khiip's maintainers will respond within a reasonable time and, where the processing is not strictly necessary to deliver something you have asked for, will stop.
Khiip's maintainers will honor the rights granted to you by the privacy law of your residence, including but not limited to the rights described in the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, and the United Kingdom's Data Protection Act. This is not a list of jurisdictions Khiip operates in or is incorporated under — it is a list of frameworks that may grant you rights, and we will honor those rights to the extent we are able regardless of where the maintainers are located.
We do not require you to be a resident of any specific jurisdiction to exercise these rights.
Where this data is processed
The maintainers do not operate any data centers. The third-party services this policy describes process data on their own infrastructure, in the locations they document:
- Plausible processes analytics data in the European Union.
- Buttondown processes subscriber data in the United States.
- Polar processes payment and subscription data in the United States, via its payment processor; it serves customers globally as merchant of record.
- Cloudflare Pages uses a globally distributed content network; requests are typically served from the data center geographically closest to the visitor.
- GitHub processes data primarily in the United States.
If you are subject to a data-protection framework that restricts cross-border data transfer, your interaction with khiip.com may result in your information being processed in jurisdictions different from your own. The maintainers cannot avoid this for the third-party services the site depends on; what we can do is keep the list of those services accurate so you can make an informed choice about whether to interact.
Children
khiip.com is not directed at children. The maintainers do not knowingly collect information from individuals under 13 (or under the higher minimum age established by the privacy law of your residence, where that applies). If you believe a record about a minor has been collected — for example, an underage newsletter subscription — write to privacy@khiip.com and the record will be removed.
Security
The maintainers take reasonable measures to protect the limited data collected. khiip.com is served over HTTPS. The third-party services described above implement their own security measures, documented in their respective policies. No security measure is perfect; if a breach occurs that exposes information described in this policy, the maintainers will notify affected individuals — by email if a subscription record is affected, or by public notice on khiip.com and the project repository if the breach is broader.
Retention
- Plausible: aggregates are retained indefinitely; the salted-hash visitor estimator is discarded daily, so no per-person record exists to retain past 24 hours.
- Buttondown: subscription records are retained for as long as you are subscribed. If you unsubscribe, your address is retained in Buttondown's suppression list so that subsequent sends do not reach you; you may request full deletion by writing to privacy@khiip.com.
- Polar: subscription and transaction records are retained for as long as you have a subscription and, after it ends, for the period Polar is required to keep financial and tax records. You can request access or deletion by writing to privacy@khiip.com, subject to those record-keeping requirements.
- Cloudflare: Cloudflare's request logs are retained per Cloudflare's own retention policy.
- GitHub: GitHub retains issue and contribution data according to its own policies. Issue text remains visible in the public issue tracker as part of the project's collaboration record.
Material changes
If this policy changes in a way that meaningfully expands what is collected, who has access to it, or what it can be used for, the maintainers will announce the change at least 30 days before it takes effect. The notice will be posted on khiip.com and in the project repository's release notes. If a newsletter is operating at the time of the change, subscribers will receive the notice by email.
Smaller changes that clarify language, correct errors, or reflect updates to third-party providers' own policies may be made without advance notice. The Last updated date at the top of this policy reflects the most recent revision, and the change history is visible in the git history of this file in the project repository.
If you do not agree with a material change, you can unsubscribe from any newsletter and discontinue use of the website before the change takes effect.
Contact
For any question about this policy, or to exercise any of the rights described above:
Email: privacy@khiip.com
Issue tracker: github.com/KhiipAI/khiip/issues (for non-sensitive questions; please use email for anything involving personal information)
The maintainers aim to respond to privacy inquiries within 14 days. Questions that require legal or technical investigation may take longer; the maintainers will acknowledge receipt within 14 days even if a substantive response takes more time.
Companion records
- LICENSE — AGPL-3.0; the legal instrument governing your use of the Khiip software
- DISCLAIMER — substrate-layer companion explaining what the software does and does not do
-
docs/telemetry.md— inventory of every outbound network call the daemon makes; diff history is the audit trail
This policy is informational and describes Khiip's data-handling practices as of the date above. It does not displace the AGPL-3.0 license; the license is the legal instrument governing your use of the software itself.