Privacy Policy

Effective Date: March 10, 2026

KKCompany ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you access or use the KKCompany AI Platform ("Platform" or "Service").

By creating an account, accessing the Platform, or using any of our services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your information as described herein. If you do not agree with this Privacy Policy, you must not use the Service.

This Privacy Policy applies to all users of the Platform, including users of the web dashboard, API consumers, and visitors to our website.

1. Data Collection

We collect several categories of information to provide, maintain, and improve the Service.

1.1 Account Information

When you register for an account, we collect the following information:

Email address: Used for account identification, authentication, and communication.
Display name: Used to personalize your experience on the Platform.
Company or organization name (optional): Collected when you provide it in your account settings.
Authentication credentials: Depending on your chosen sign-in method, this may include a hashed password (for email/password registration) or OAuth tokens (for Google or GitHub authentication). We never store passwords in plain text.

1.2 Usage Data

When you use the Service's API endpoints, we automatically collect usage data for each request, including:

Model identifier: The LLM model used for each request (e.g., "gpt-4o," "claude-sonnet-4").
Token counts: The number of input (prompt) tokens and output (completion) tokens consumed per request.
Cost: The calculated cost of each request based on the applicable per-token pricing.
Latency: The response time for each API request, measured in milliseconds.
Status: Whether the request completed successfully or resulted in an error.
Timestamp: The date and time of each API request.
API key identifier: A reference to the API key used to authenticate the request (not the key itself).

This usage data is stored in our usage logs and is used for billing, analytics, and service improvement.

1.3 Billing and Transaction Data

We collect and retain records of financial transactions associated with your account, including:

Credit purchases: The amount, date, and payment method of each credit top-up.
Usage charges: The cost deducted from your balance for each API request.
Refunds: Records of any refund requests and their processing status.
Balance history: A running record of your credit balance over time.

1.4 Technical and Device Information

When you access the Platform through a web browser, we may automatically collect:

IP address: Used for security monitoring and fraud prevention.
Browser type and version: Used for compatibility and analytics purposes.
Operating system: Used for compatibility and analytics purposes.
Referring URL: The page that directed you to our Platform.
Pages visited and actions taken: How you interact with the Platform dashboard.

1.5 Cookies and Local Storage

We use cookies and similar technologies to support the functionality of the Platform. Details are provided in Section 7 (Cookie Policy) below.

1.6 Information We Do Not Collect

We want to be transparent about the boundaries of our data collection:

Prompt and completion content: We do not persistently store the content of your API requests (prompts) or the responses (completions) generated by upstream LLM providers. Request content is transmitted to the upstream provider in real time and is not retained on our systems after the response has been delivered to you, except as transiently necessary for streaming responses.
Payment card details: We do not directly collect or store credit card numbers, bank account details, or other sensitive payment instrument information. All payment processing is handled by third-party payment processors.

2. How We Use Your Data

We use the information we collect for the following purposes:

2.1 Service Provision

Authenticating your identity and authorizing access to the Platform.
Processing and routing your API requests to the appropriate upstream LLM providers.
Managing your API keys and account settings.
Delivering the web dashboard and its features.

2.2 Billing and Financial Operations

Calculating the cost of each API request based on token usage and model pricing.
Deducting usage costs from your pre-paid credit balance.
Processing credit top-ups and refund requests.
Generating billing statements and transaction histories.
Detecting and preventing payment fraud.

2.3 Analytics and Service Improvement

Analyzing aggregate usage patterns to improve platform performance and reliability.
Understanding which models and features are most used to inform product development.
Monitoring system health, latency, and error rates.
Generating anonymized and aggregated statistics for internal reporting.

2.4 Security and Abuse Prevention

Detecting and preventing unauthorized access, fraud, and abuse of the Service.
Enforcing rate limits and acceptable use policies.
Monitoring for suspicious activity or violations of our Terms of Service.
Maintaining logs for security incident investigation and response.

2.5 Communication

Sending transactional emails related to your account (such as registration confirmation, password resets, and balance notifications).
Notifying you of material changes to our Terms of Service, Privacy Policy, or the Service itself.
Responding to your inquiries and support requests.

We do not use your personal data for marketing purposes without your explicit consent.

3.1 Upstream LLM Providers

When you make an API request through the Service, your request content (prompts) is transmitted to the selected upstream LLM provider (such as OpenAI or Anthropic) for processing. The response (completion) is then transmitted back to you through our Service. This transmission is necessary to provide the core functionality of the Platform.

Each upstream LLM provider has its own privacy policy and data handling practices. We encourage you to review the privacy policies of the LLM providers whose models you use. KKCompany is not responsible for the data handling practices of upstream providers once your request content has been transmitted to them.

3.2 Third-Party Service Providers

We may share your information with third-party service providers who assist us in operating the Platform, including:

Payment processors: To process credit top-ups and refunds.
Authentication providers: To facilitate OAuth-based sign-in (Google, GitHub).
Infrastructure providers: To host and deliver the Service.

These service providers are contractually obligated to use your information only for the purposes of providing services to us and to maintain appropriate security measures.

3.3 No Selling of Personal Data

We do not sell, rent, or trade your personal information to third parties for their marketing or advertising purposes. We have never sold personal data and have no plans to do so.

3.4 Law Enforcement and Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request. We may also disclose information if we believe in good faith that such disclosure is necessary to:

Comply with a legal obligation or valid legal process.
Protect and defend the rights, property, or safety of KKCompany, our users, or the public.
Detect, prevent, or address fraud, security issues, or technical problems.
Enforce our Terms of Service.

Where legally permitted, we will make reasonable efforts to notify you before disclosing your information in response to a legal request.

3.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you of any such transfer and any choices you may have regarding your information.

4. User Rights

You have the following rights regarding your personal data, subject to applicable law:

4.1 Right of Access

You have the right to request a copy of the personal data we hold about you. You can access most of your account information and usage data directly through the Platform dashboard.

4.2 Right of Correction

You have the right to request correction of inaccurate or incomplete personal data. You can update your account information (display name, email, company) through the account settings on the Platform.

4.3 Right of Deletion

You have the right to request deletion of your personal data. You may request account deletion by contacting us at legal@kkcompany.com. Upon receiving a valid deletion request, we will:

Delete your account and associated profile information.
Deactivate all API keys associated with your account.
Delete or anonymize your usage logs, except where retention is required by law or necessary for legitimate business purposes (such as financial record-keeping).
Process any eligible refund for remaining credits in accordance with our Refund Policy.

Please note that some data may be retained in our backup systems for a limited period after deletion, and certain information may be retained as required by applicable law or regulation.

4.4 Right to Data Portability

You have the right to request your personal data in a structured, commonly used, and machine-readable format. You can export your usage logs and transaction history through the Platform dashboard.

4.5 Right to Object

You have the right to object to the processing of your personal data for certain purposes. If you object to processing that is essential to providing the Service, you may need to discontinue use of the Service.

4.6 Exercising Your Rights

To exercise any of these rights, please contact us at legal@kkcompany.com. We will respond to your request within thirty (30) days. We may request additional information to verify your identity before processing your request.

5. Data Security

We implement a range of technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

5.1 Encryption in Transit

All data transmitted between your devices and the Platform is encrypted using TLS (Transport Layer Security). API requests to and from upstream LLM providers are also transmitted over encrypted connections.

5.2 Hashed API Keys

API keys are stored in our database as SHA-256 cryptographic hashes. The original API key value is displayed to you only once at the time of creation and is never stored in plain text on our systems. This means that even in the unlikely event of a database breach, your API keys cannot be recovered from the stored data.

5.3 Database Security

We enforce data isolation at the application level by filtering all database queries by authenticated user identity. Each API request is scoped to the requesting user's data, ensuring that users can only access their own records.

5.4 Authentication Security

Passwords are hashed using industry-standard algorithms before storage. OAuth integrations use secure token-based authentication flows. Session tokens are securely generated and transmitted via HTTP-only cookies.

5.5 Access Controls

Access to production systems and user data is restricted to authorized personnel on a need-to-know basis. We maintain audit logs of administrative access to our systems.

5.6 Incident Response

In the event of a data breach that affects your personal data, we will notify you and any relevant regulatory authorities in accordance with applicable law. We will provide information about the nature of the breach, the data affected, and the steps we are taking to address the situation.

6. Data Retention

6.1 Account Data

We retain your account information (email, display name, profile data) for as long as your account is active. Upon account deletion, we will delete or anonymize your account data within thirty (30) days, except as required by law.

6.2 Usage Logs

Usage logs (including token counts, costs, latency, model used, and timestamps) are retained for a minimum of twelve (12) months for billing, dispute resolution, and audit purposes. After this period, usage logs may be anonymized or deleted at our discretion.

6.3 Transaction Records

Financial transaction records (credit purchases, usage charges, refunds) are retained for a minimum of five (5) years, or as required by applicable tax and financial regulations, whichever is longer.

6.4 Security Logs

Security-related logs (such as login attempts, IP addresses, and access logs) are retained for a minimum of six (6) months for security monitoring and incident investigation purposes.

6.5 Backup Retention

Data may persist in encrypted backup systems for up to ninety (90) days after deletion from primary systems.

7.1 What Are Cookies

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work, improve their efficiency, and provide information to the site operators.

7.2 Cookies We Use

We use the following categories of cookies:

Essential Session Cookies: These cookies are necessary for the Platform to function correctly. They include:

Authentication session cookie: Maintains your logged-in session on the Platform. This cookie contains a secure session token and is set as an HTTP-only cookie for security. It expires when you log out or after a defined session timeout period.
CSRF protection cookie: Helps prevent cross-site request forgery attacks.

Functional Cookies: These cookies enable enhanced functionality and personalization:

Locale preference cookie: Stores your preferred language setting (e.g., English, Traditional Chinese, Simplified Chinese) so that the Platform can display content in your chosen language across sessions.

7.3 Cookies We Do Not Use

We do not use:

Advertising or tracking cookies: We do not track your browsing activity across other websites.
Third-party analytics cookies: We do not embed third-party analytics services that set their own cookies.

7.4 Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling essential cookies may prevent the Platform from functioning correctly. Disabling the locale preference cookie will reset your language preference to the default on each visit.

8. International Data Transfers

Our primary servers and infrastructure are located in regions that support our operations. If you access the Service from outside the jurisdiction where our servers are located, your information may be transferred to, stored, and processed in a different jurisdiction. By using the Service, you consent to such transfers.

When your API requests are forwarded to upstream LLM providers, the data may be processed in jurisdictions where those providers operate their infrastructure. We encourage you to review the data handling practices of the upstream LLM providers you use.

9. Children's Privacy

The Service is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe that we may have collected information from a child, please contact us at legal@kkcompany.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. We will notify registered users of material changes via email or through a prominent notice on the Platform.

The "Effective Date" at the top of this Privacy Policy indicates when the latest revisions took effect. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

11. Data Protection Officer

For questions or concerns about our data protection practices, you may contact our designated data protection contact:

Email: legal@kkcompany.com
Subject Line: Data Protection Inquiry

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us:

Email: legal@kkcompany.com
Subject Line: Privacy Policy Inquiry

We will make reasonable efforts to respond to all inquiries within thirty (30) days.