KaiNet — Privacy Policy

KaiNet is an agentic marketing platform operated by Express Analytics ("we", "us", "our"). This Privacy Policy explains what information we collect, why we collect it, and how we handle it, including data we receive from connected ad platforms (Google Ads, Meta / Facebook / Instagram, LinkedIn Ads, and similar providers).

1. What we collect

Account information you provide

• Your name, email address, and Auth0 organization (the workspace you sign in to).
• Billing information processed via Stripe when you subscribe to a paid plan.
• Brand assets, prompts, and campaign briefs you upload while using the product.

Connected-platform data

When you connect a third-party advertising account (Google Ads, Meta, LinkedIn, etc.), we receive read and write access to that account's advertising data and metadata, scoped to what you authorize. For Meta specifically the scopes we request are ads_management, ads_read, and business_management.

This data may include:

• Ad account identifiers, names, currency, time zone
• Campaigns, ad sets, ads, creatives, audiences, and their metadata
• Performance metrics (spend, impressions, clicks, conversions) tied to your account
• The Facebook user ID of the person who connected the account, retained for audit

We do not request or process restricted Platform Data beyond what is necessary to operate the advertising-management features you have explicitly enabled.

Operational telemetry

• Server logs (IP, user-agent, timestamps, request paths) used for security, abuse prevention, and debugging.
• Aggregated product usage (which features were used, when) used to improve the product.

2. How we use your information

• To operate the features you've explicitly enabled — running marketing workflows, generating creative assets, executing ad-platform mutations on your behalf.
• To deliver the analytics, audit, and Q&A features that are core to the product.
• To maintain your account, bill for paid usage, and provide support.
• To prevent abuse and meet legal / regulatory obligations.

We do not:

• Sell, license, or purchase Platform Data, including data received from Meta. (Meta Platform Terms §3.a)
• Use Platform Data to discriminate, make eligibility determinations (employment, housing, insurance, credit, etc.), or for surveillance purposes. (Meta Platform Terms §3.a)
• Use Platform Data for advertising other than on your own ad account on your behalf.

3. Sharing with third parties

We rely on a small set of infrastructure and processing sub-providers to operate the product. Each receives only the data necessary for their function and is contractually bound to handle it consistent with this policy:

• Auth0 (Okta) — sign-in, session, organization management.
• Infisical — secure storage of access tokens you authorize (Meta, Google Ads, etc.). Tokens never leave the server.
• AWS / Redshift — data warehouse for historical performance metrics and platform metadata you've replicated through the product.
• Stripe — billing, subscription, and credit-pack payments.
• OpenAI / Google Gemini / similar LLM providers — natural-language analysis of marketing data when you invoke an agent. Prompts may include account-scoped metrics and campaign metadata. We do not send payment information, social-graph data, or human PII beyond what is strictly necessary to answer your prompt.

Beyond these sub-processors we do not share your data with third parties, with two exceptions: (a) when you explicitly direct us to (e.g., exporting a report to Google Sheets); and (b) when required by law or to protect rights / safety.

4. Retention & deletion

We retain account data for as long as your account is active. Connected-platform tokens (Meta access tokens, Google Ads refresh tokens, etc.) are stored in Infisical and are removed when you disconnect the account or delete your KaiNet organization.

Meta-specific deletion paths

• You can disconnect your Meta account at any time from /meta-oauth-dev or /profile. Disconnect immediately clears the saved token from our side.
• Meta-initiated deletion is honored via our public callback at /api/meta/data-deletion. Meta calls this endpoint when a user removes our app from their Facebook account; we then delete all data tied to that user from our warehouse and respond with the confirmation URL Meta requires. Implementation: routers/meta_data_deletion.py; see Meta's data-deletion callback docs.
• Account-level deletion: email privacy@expressanalytics.net and we will remove your account and all associated data within 30 days, except where retention is required by law (e.g., billing records).

5. Security

Tokens issued by connected platforms are stored encrypted at rest in Infisical and are accessed only over TLS by authenticated server processes. We never expose tokens or app-secrets to the browser. Per-organization isolation is enforced at every read.

6. International users & data transfers

Our infrastructure may process data in the United States. By using KaiNet, you consent to the transfer of your data to and processing in the United States, subject to applicable contractual safeguards.

7. Your rights

You can:

• Access and correct your account information from /profile.
• Disconnect any linked ad-platform account from /profile or the corresponding dev page.
• Request deletion of your account by emailing privacy@expressanalytics.net.
• Export campaign and analysis data from the product.

Depending on your jurisdiction, you may also have rights under GDPR, CCPA, or similar laws. Contact us using the address below to exercise them.

8. Children

KaiNet is a B2B product and is not intended for use by individuals under 18.

9. Changes to this policy

We will update this page when our practices change. The "Last updated" date at the top reflects the current version. Material changes will be communicated to active users by email.

10. Contact

Privacy questions: privacy@expressanalytics.net
Data deletion requests: privacy@expressanalytics.net or via the in-product disconnect/delete flows.
Express Analytics — expressanalytics.com