Privacy Policy
Effective: June 24, 2026
1. Who We Are
Knockt (“we,” “us,” or “our”) operates the field-sales and commission-tracking platform at knockt.app. This Privacy Policy explains how we collect, use, and share information about you when you use our Service.
If you have questions, contact us at support@knockt.app.
2. Information We Collect
Information you provide:
- Account data — name, email address, password (hashed), company name when you sign up
- Workspace data — rep names and identifiers, sale records, commission rules, team structures, and any other data you upload
- Billing data — payment method details are collected and stored by Stripe; we store only a payment reference and subscription status
- Communications — emails, support requests, and feedback you send us
Information collected automatically:
- Usage data — pages visited, features used, timestamps, browser type, and IP address via our hosting provider (Vercel)
- Cookieless analytics — aggregate visitor & pageview counts across our website and app, measured without cookies; visitor counts use a daily-rotating one-way hash and your raw IP/user-agent are never stored
- Authentication cookies — session tokens required for you to stay logged in (strictly necessary)
- Server logs — retained for security and debugging purposes
3. How We Use Your Information
- Provide, operate, and maintain the Service — including calculating commissions and displaying dashboards
- Process payments and manage subscriptions
- Send transactional emails (account verification, password reset, invoices) via Resend
- Respond to support requests and communicate about the Service
- Detect and prevent fraud, abuse, and security incidents
- Analyze aggregate usage to improve the Service
- Measure the effectiveness of our own advertising — see “Advertising measurement” in Section 4
- Comply with legal obligations
We do not sell your personal data for money, and we never share your workspace data — your reps, sales, customers, or commissions — with any advertising platform. The only data ever used for advertising measurement is the limited, hashed identifier described in Section 4.
4. Third-Party Service Providers
We share data only with the following sub-processors, each under data processing agreements, to operate the Service:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, file storage, and authentication | United States / EU |
| Vercel | Application hosting and edge network | United States / Global |
| Resend | Transactional email delivery | United States |
| Stripe | Payment processing and subscription billing | United States |
| Meta (Facebook) | Advertising conversion measurement — only when we run ads (see below) | United States |
| Advertising conversion measurement — only when we run ads (see below) | United States |
Advertising measurement. If you reach Knockt by clicking one of our ads and your workspace later becomes a paying customer, we may send Meta and/or Google a one-way hashed (irreversible) form of your account email together with the ad-click identifier from your visit (for example a Google gclid or Meta fbclid) and the subscription value, so they can tell us which ad led to a sale. This is sent server-to-server — it sets no cookies or tracking pixels in your browser — happens at most once per workspace, and never includes your workspace data (reps, sales, customers, or commissions). We do not use it to target ads to you, and it only occurs while we are actively running paid advertising. You can opt out at any time by emailing support@knockt.app.
We may disclose information to law enforcement or government authorities when required by law.
5. Cookies & Analytics
We use strictly necessary cookies to keep you signed in. These are session tokens set by Supabase’s authentication system. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. The advertising-conversion measurement described in Section 4 is performed entirely server-side and likewise sets no cookies or pixels in your browser.
We measure how our website and app are used with privacy-friendly, cookieless analytics (our own first-party measurement plus Vercel Web Analytics): no cookies, no cross-site tracking, and no personal data — visitor counts use a daily-rotating one-way hash and your raw IP/user-agent are never stored.
Because we use only strictly necessary cookies, a consent banner is provided for transparency but not legally required for our current cookie use.
6. Data Retention
We retain your account data for as long as your workspace is active. If you delete your account or workspace, we delete your data within 30 days, except where we are required to retain it by law (e.g., billing records for tax purposes, which we retain for 7 years).
Server and security logs are retained for 90 days.
7. Your Rights
All users:
- Access and download your data from the Settings page
- Correct inaccurate account information
- Delete your account and associated data
EU / EEA users (GDPR): You have rights to access, rectify, erase, restrict processing of, and port your personal data. You may also object to processing. To exercise these rights, email support@knockt.app. We respond within 30 days. You may also lodge a complaint with your local supervisory authority.
California residents (CCPA/CPRA): You have the right to know what personal information we collect about you, to delete it, and to opt out of the sale or sharing of personal information. We do not sell personal information for money. To the extent our advertising-conversion measurement (Section 4) is treated as “sharing” for cross-context behavioral advertising, you may opt out by emailing us. To exercise any of these rights, email us; we will not discriminate against you for exercising them.
Legal basis (GDPR). We process personal data under the following bases: (a) performance of a contract (providing the Service to you); (b) legitimate interests (security, fraud prevention, product improvement); (c) legal obligation; and (d) your consent where required.
8. Data Security
We implement technical and organizational measures to protect your data, including encrypted connections (TLS), encrypted data at rest, row-level security in the database, and access controls limiting who can reach production systems. No security measure is perfect; we cannot guarantee absolute security.
In the event of a data breach affecting your personal information, we will notify you as required by applicable law.
9. International Transfers
Our service providers are primarily based in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US. For EU/EEA users, transfers are covered by Standard Contractual Clauses with our sub-processors.
10. Children
The Service is not directed at children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you by email or prominent in-app notice of material changes at least 14 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance.
12. Contact
For privacy questions, data access requests, or complaints: support@knockt.app