Privacy Policy

Introduction

Kanveo (“we,” “us,” or “our”) operates the Kanveo smart display platform, accessible at kanveo.io and through associated applications. Kanveo is a software-as-a-service product that allows individuals and businesses to turn any internet-connected screen into a rich, always-on information display. This Privacy Policy describes how we collect, use, store, and share information when you use our services. By creating an account or using Kanveo, you agree to the practices described in this policy.

Information We Collect

When you sign up for Kanveo, we collect basic account information including your email address and, if you register via OAuth (such as Google or Microsoft), your name and profile picture as provided by that service. We do not receive your password from third-party OAuth providers.

As you use the service, we collect the display configurations you create — pages, widget layouts, themes, and scheduling settings. Widget content, such as to-do items you add manually, is stored as part of your display configuration.

We collect basic usage analytics to understand how the product is used — for example, which features are accessed and how frequently displays are loaded. This data is aggregated and not linked to individual identities where possible.

Billing and payment processing is handled entirely by Stripe. We receive confirmation of successful payments and metadata such as your subscription tier, but we do not store your credit card number, CVV, or full payment details.

When you connect third-party integrations (Google Calendar, Apple Calendar, Dropbox, Notion, Todoist, Microsoft services, and others), we store the OAuth access tokens and refresh tokens needed to fetch data on your behalf. These tokens are stored encrypted using Supabase Vault and are accessed only to render your displays or respond to your explicit requests.

How We Use Your Information

We use the information we collect primarily to provide and improve the Kanveo service. This includes rendering your displays, fetching live data from connected integrations, and delivering the features you have configured. We use your email address to send transactional communications — account confirmations, billing receipts, and important service notices. We do not send marketing emails without your explicit opt-in. We use aggregated, anonymized usage data to prioritize product development and fix problems. We use billing data to manage your subscription and enforce plan limits.

Data Storage and Security

Your data is hosted on infrastructure provided by Supabase (PostgreSQL database and encrypted Vault for secrets) and Vercel (CDN and serverless compute). Both providers operate primarily from data centers in the United States. We use HTTPS for all data transmission and encrypt sensitive credentials at rest. While we take reasonable precautions to protect your data, no system can guarantee absolute security, and we encourage you to use a strong, unique password for your Kanveo account.

Third-Party Services

Kanveo integrates with and relies upon a number of third-party services to operate. These include Supabase (database and authentication infrastructure), Vercel (hosting and content delivery), Stripe (payment processing), Google (OAuth authentication, Calendar, Photos, Tasks, and Drive), Microsoft (OAuth authentication, OneDrive, and To Do), Apple (CalDAV calendar access), OpenWeatherMap (weather data), Dropbox (photo storage), Notion (task and database access), and Todoist (task management). Your use of connected integrations is also subject to the privacy policies of those respective services. We recommend reviewing them if you have concerns about how they handle your data.

Data Retention

We retain your account data, display configurations, and integration tokens for as long as your account is active. If you delete your Kanveo account, we will permanently delete your personal data, display configurations, and stored integration tokens within 30 days of the deletion request, except where we are legally required to retain certain records (such as billing history for tax purposes).

Your Rights

Depending on your location, you may have rights under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), or similar laws. These rights may include the right to access the personal data we hold about you, the right to correct inaccurate data, the right to request deletion of your data, the right to restrict or object to processing, and the right to data portability. To exercise any of these rights, please contact us at hello@kanveo.io. We will respond to verified requests within 30 days. You may also export your display configurations from within the Kanveo settings panel at any time.

Cookies

Kanveo uses session cookies strictly for authentication purposes — to keep you logged in while you use the application. We do not use advertising cookies, tracking pixels, or any third-party analytics cookies that follow you across other websites. We do not engage in cross-site tracking.

Children

Kanveo is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will take steps to delete it.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you via the email address associated with your account prior to the changes taking effect. The effective date at the top of this page indicates when the current version was last revised. Continued use of Kanveo after a policy update constitutes acceptance of the revised policy.

Contact

If you have questions or concerns about this Privacy Policy or our data practices, please reach out to us at hello@kanveo.io. We are committed to resolving privacy concerns promptly.