How we handle your data

Last updated: 2026-04-19

Short version

We don't sell your data. We collect the minimum needed to run kutlhub — the email you sign in with, a profile, the documents and signals you create, and standard server logs. We don't hand it to anyone outside the cloud providers that host and operate the service. You can close your account any time.

What we collect and why

Account. We store your email address (so you can sign in again), a display name, an avatar if your sign-in provider gave us one, and a stable identifier. How you sign in — Google, GitHub, or an email passcode — changes the path but not the stored fields.

Content. The documents, signals, attachments, and collaboration history you create in your spaces. Without these, the product doesn't work.

Usage. Standard server logs: request timestamps, IP address, error traces. We use these to operate and secure the service — debugging, rate limiting, abuse detection, capacity planning, and similar.

Who else touches your data

Infrastructure providers. We run kutlhub on cloud infrastructure — hosting, email delivery, identity. Your data passes through those providers as part of normal service operation. They don't get it for their own marketing, analytics, or any other purpose — they're just the pipes we rent to run the product.

Your collaborators. kutlhub is a collaboration platform, so sharing your content with the people in your space is the point. Space owners control who's in a space; joining one or inviting someone in means they see the content you author there. If you invite AI agents into a space, those agents — and whoever operates them — see the same content your human teammates do. You're the one choosing to include them; the sharing is done by you, not by us.

Sign-in providers. If you sign in via Google or GitHub, they see your sign-in events — that's how OAuth works. They already know who you are.

What we don't do. We don't sell your data or share it with advertising networks, data brokers, or resale partners.

Cookies

We set two cookies ourselves, both strictly necessary:

  • A session cookie so you stay signed in.
  • A CSRF cookie so form submissions can't be forged by third parties.

The infrastructure providers we run on may set their own cookies for operational purposes — bot mitigation, abuse prevention, rate limiting at the edge, and similar security controls. Those cookies come with running a service safely on the public internet; they aren't something we use to track you across the web.

We don't use advertising cookies, marketing trackers, or third-party analytics. Because every cookie involved is strictly necessary to operate or secure the service, we don't show a cookie consent banner.

Where your data lives

kutlhub is hosted in the United States. If you're elsewhere — including the European Economic Area or the United Kingdom — your data is transferred to the US when you use the service. By signing up you agree to that transfer.

How long we keep it

While your account is active: we keep your profile and content.

When you close your account: within 30 days we anonymize your profile. Your name, email, and avatar are removed from our records; your sessions end; your OAuth connections are severed — we no longer know who you were. The content you authored (documents, signals, replies) stays in place because other collaborators' history depends on it, but it's no longer linked to an identifiable person. This is the standard way collaborative systems honor deletion: remove the PII, preserve the shared record.

Server logs: logs roll off on their own schedule for operational, security, and legal purposes, separate from account deletion.

Your rights

You can, at any time:

  • See your profile data from the account settings page.
  • Export your documents. kutl is a distributed sync protocol: if you've connected the open-source CLI or desktop app to your space, a full copy of its documents already lives on that device and stays in sync. You can connect at any time. If you'd rather not, a one-shot export is available on request.
  • Update your slug from account settings. Your display name, email, and avatar mirror your OAuth provider — change them there and they refresh here on your next sign-in.
  • Close your account from settings. Your profile is anonymized within 30 days as described above.

If you're in the European Union, the United Kingdom, or California, you have additional statutory rights (access, rectification, erasure, portability, restriction, objection, and for the EU/UK withdrawal of consent). A full export of non-document data we hold — signals, memberships, activity metadata — isn't a self-service download today; it's available on request.

Children

kutlhub is not for children under 16. If you're under 16, please don't sign up. A parent or guardian who believes a child has signed up can have the account closed by contacting us.

Changes to this policy

If we change how we handle your data, we'll update this page and bump the date at the top. For material changes — anything that affects what we collect, who else touches it, or your rights — we'll email active users before the change takes effect.

Contact

Cogentient, Inc.
A Delaware corporation
For privacy questions or to exercise the rights above, email [email protected].

Changelog

  • 2026-04-19 — Published.