Privacy

Your data stays yours.

The public KarmanFlow site asks before running app-controlled marketing analytics. We use no ad pixels, no session replay, and no cross-site tracking. Forms send only what you type, plus limited request metadata for abuse prevention and follow-up.

Your setting

Optional marketing analytics

Current setting: not set. You can change it any time.

What we collect

Small streams, all on our own infrastructure or privacy-first analytics tools.

Aggregate page views and outbound-link counts (Plausible). If you allow marketing analytics, a small Plausible script can count the visit, your country, the page URL, and the referring site. It can also count outbound links as aggregate link events. It sets no cookies, builds no profile, and never tracks you across other sites. The numbers we see are aggregate counts, not a list of who visited.

Cloudflare edge and optional Web Analytics. Public hosts are proxied through Cloudflare, so Cloudflare receives normal HTTP request metadata to route traffic, serve the Worker, cache assets, mitigate abuse, and report edge analytics. When a Cloudflare Web Analytics token is configured by this app and you allow marketing analytics, the app can also load Cloudflare's browser performance beacon for Web Vitals and page performance. We send a no-transform cache directive on HTML so Cloudflare's automatic RUM injection cannot bypass this in-app choice.

First-party page and event logs. Every page view, docs search, CTA click, and successful form submission can emit a small event to /api/track only if you allow marketing analytics. The deployment runtime logs it, and Cloudflare Workers observability can route those logs into the account log pipeline. We hash your IP with SHA-256 and keep only the first 16 hex characters. We log a coarse user-agent family, a two-letter country code from edge headers when available, and the URL of the page or API the request hit. We also keep the HTTP referer and Accept-Language header that the browser sends with the event. Docs search events can include the search text you submitted and the result metadata you clicked; those stay in the first-party log and are not forwarded to Plausible.

Browser storage for privacy choices and attribution. We store your analytics choice in localStorage underkf:privacy-preferences so the banner does not keep asking. If you allow analytics, we also store one sessionStorage entry, kf:utm, with UTM fields, first-visit time, and referrer. Closing the tab clears that attribution entry.

Contact form submissions. If you fill out the form on /contact, we receive the fields you typed. We also receive the same hashed-IP and user-agent-family pair the access log has, plus the UTM parameters from the link you arrived through if you allowed analytics. If SendGrid is configured, the validated submission is forwarded to SendGrid so it reaches our sales inbox. We use this to reply to you and understand which channels bring us conversations, not to enrich a profile of you.

Trial signup requests. If you request the 14-day preview on /trial, we receive the workspace name, email, and persona you picked. We log the same hashed-IP and user-agent-family pair, plus attribution if you allowed analytics. The signup is stored only long enough to open the preview wave, follow up by email, and prepare workspace details.

Trial workspaces

Auto-deletion at day 16.

If you start a trial, your workspace is flagged for deletion at day 16. We delete the trial workspace data, receipts, and events. Convert to paid before day 16 to retain data.

Day 0: trial workspace starts. Demo data seeded. Preview workflows enabled.
Day 7: we email you a status update with what you have done, what is left to try, and a clear note about the day-14 freeze and day-16 deletion.
Day 14: workspace goes read-only. Reads continue, writes are blocked. You can still export evidence and replay receipts.
Day 16: trial data is deleted. Receipts, events, and any data you imported during the trial are purged. The deletion is logged with a workspace id, the scheduled date, and the actual completion timestamp; we do not retain a backup of trial data.

What we do not collect

Things you might expect from a marketing site that we deliberately do not do.

No tracking cookies. The Plausible script we use is the cookie-free variant. We don't set tracking cookies of our own either. We use localStorage only for your privacy choice, and sessionStorage for UTM attribution only after you allow analytics.
No fingerprinting. No canvas, font, or audio fingerprints. No device-graph SDKs. We never resolve your IP to an individual or household.
No session replay. We do not run Hotjar, FullStory, LogRocket, or any equivalent. We cannot watch you move through the site.
No cross-site or ad tracking. No Google Analytics, no Meta Pixel, no LinkedIn Insight, no advertising cookies, no remarketing pixels. GA4 is a future opt-in business decision, not enabled by default. We don't sell you anything on other sites.
No data brokers. We don't enrich your contact submission with third-party data sources. The only thing we know about you is what you typed and how you arrived.

How long we keep it

Short windows for everything but the conversations you start with us.

Plausible aggregates. Retained according to Plausible's data-retention policy. We don't hold any per-visit row beyond what Plausible exposes in their dashboard, which is aggregated counts, not raw events.

First-party event and access logs. Retained in the deployment runtime and Cloudflare account log pipeline for operational review and attribution analysis. We keep hashed IPs and coarse user-agent families only, and we do not feed these logs into ad platforms.

Contact form submissions. Retained until you ask us to delete them, or until the conversation has been closed for two years and we no longer need them for tax or legal reasons. If you write to us and we do not move forward together, the submission is the only record we have, and you can ask for it to be deleted at any time.

How to make us delete it

One email, no portal, no form.

Email support@karmanflow.com with the subject "Delete my data" and we will remove your contact submission and confirm by reply within five business days. Server access logs age out on their own; you do not need to ask for them.

If you are exercising rights under GDPR, UK GDPR, CCPA, or similar laws, write to the same address and reference the specific right you are exercising. We respond within the statutory window for your jurisdiction.

Legal basis

Why we are allowed to do this.

Your analytics choice for app-controlled browser-side marketing analytics, including Plausible, optional Cloudflare Web Analytics, and first-party /api/track events. You can turn it off from Privacy choices in the footer.
Requested follow-up for contact and trial forms. You type the form and click submit so we can reply, prepare a preview, and prevent abuse.
Legal obligation for the small retention window we keep on closed conversations, where tax or compliance law requires us to keep records for a defined period.

Questions

Talk to a real person, not a portal.

If something on this page is wrong, unclear, or too vague, write to us. The page is here to be honest and clear.

Email support@Email security@