Privacy Policy

1. Scope

This policy applies to information collected through this marketing site. If you use the Kaynos web application (app.kaynos.net), that experience is governed by our Data Use Policy and our Terms of Service. When you click through from this marketing site to the application, the applicable policy is the one linked from the product you are using.

1A. Data Controller

Kaynos is the data controller for personal information collected through this site. Postal address: Kaynos, Safety Harbor, FL 34695, United States. Contact: support@kaynos.net

2. Information we collect

We may collect the following categories of information:

• Identifiers and device data. Such as IP address, browser type, operating system, general location derived from IP (for example, region or city), and unique device or cookie identifiers.
• Internet or network activity. Such as pages viewed, referring / exit pages, date and time of visits, and interactions with site content.
• Communications you send us. If you email us (for example, at support@kaynos.net), we receive the content of your message and your email address.

We do not intentionally collect sensitive personal information (as defined under applicable state laws) through this marketing site, and we ask that you do not send health, financial account, or government ID details via unsecured email.

3. How we collect information

• Directly from you when you contact us or subscribe to updates, if we offer those features.
• Automatically when you load pages or interact with the site, through server logs and, where applicable, cookies or similar technologies.
• From service providers that help us operate, secure, or analyze the site (for example, hosting and analytics vendors).

4. How we use information

We use personal information for purposes such as:

• Operating, maintaining, and improving the site and our services;
• Measuring traffic, performance, and engagement (analytics);
• Detecting, preventing, and addressing fraud, abuse, or security issues;
• Responding to your requests and communications;
• Complying with law and enforcing our terms; and
• Other purposes we disclose at the time of collection or as permitted by law.

4A. Lawful Basis for Processing (EU/EEA)

Where the General Data Protection Regulation (GDPR) applies, we rely on the following lawful bases for processing personal data:

• Contact form submissions: legitimate interest in responding to inquiries (Art. 6(1)(f)).
• Newsletter subscriptions: consent (you actively subscribe) (Art. 6(1)(a)).
• Server logs and analytics: legitimate interest in site security and performance (Art. 6(1)(f)).
• Compliance with law: legal obligation (Art. 6(1)(c)).

5. How we share information

We may share personal information with:

• Service providers who process data on our behalf under contractual obligations, specifically: hosting and content delivery (Netlify), form processing (Netlify Forms). We do not use third-party analytics on this marketing site.
• Legal and safety when we believe disclosure is required by law, legal process, or to protect rights, safety, or property.
• Business transfers in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards.

We do not sell your personal information for money. We do not "sell" or "share" personal information for cross-context behavioral advertising as those terms are defined under the CPRA in connection with this marketing site. If our practices change, we will update this policy and provide any legally required notice or choice mechanism.

6. Cookies and similar technologies

This marketing site does not currently set first-party cookies. Our hosting provider (Netlify) may set strictly necessary cookies for content delivery and security. If we add analytics or preference cookies in the future, we will update this section and provide any required notice or consent mechanism. You can control cookies at any time through your browser settings.

7. Retention

We retain personal information for the following specific periods:

• Contact form submissions: 12 months.
• Newsletter email addresses: until you unsubscribe, plus 12 months for records.
• Server logs: 30 days.

We delete data after these periods unless required by law to retain it longer (for example, security logs or legal holds).

8. Security

We use reasonable administrative, technical, and organizational measures to protect personal information. No method of transmission over the Internet is completely secure.

9. Children

This site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact us and we will take appropriate steps to delete it.

Our product is used by coaches who may work with minors. Coaches are responsible for obtaining parental consent where required by law (e.g., COPPA). The marketing site does not knowingly collect information from children under 13.

10. Your U.S. privacy rights

Depending on where you live in the United States, you may have rights under state privacy laws (including California, Virginia, Colorado, Connecticut, Utah, and others) to:

• Access or know the categories and specific pieces of personal information we hold;
• Request deletion of personal information we collected from you;
• Request correction of inaccurate personal information;
• Opt out of the sale of personal information or certain sharing for targeted advertising (where applicable);
• Limit use or disclosure of sensitive personal information (where applicable); and
• Not receive discriminatory treatment for exercising these rights.

California residents: You may have the rights listed above under the CCPA/CPRA. You may designate an authorized agent to make a request on your behalf in accordance with applicable law. We will verify your request before responding.

How to submit a request: Email support@kaynos.net with the subject line "Privacy Request" and describe your request. We may need information to verify your identity before processing it.

Verification process: We verify your identity by matching the email address in your request against our records. Authorized agents must provide signed written authorization. We respond within 45 days (CCPA) or 30 days (GDPR).

If we deny your request, you may appeal where required by law by replying to our decision email with "Appeal" in the subject line.

10A. Your Rights (EU/EEA Residents)

If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) provides you with the following rights regarding your personal data:

• Right of access to your personal data (Art. 15);
• Right to rectification of inaccurate personal data (Art. 16);
• Right to erasure of your personal data (Art. 17);
• Right to restriction of processing (Art. 18);
• Right to data portability (Art. 20);
• Right to object to processing (Art. 21);
• Right to withdraw consent at any time (for example, newsletter subscriptions); and
• Right to lodge a complaint with a supervisory authority.

To exercise these rights, email support@kaynos.net with the subject line "Privacy Request." We will respond within 30 days.

You may find your local data protection authority through the European Data Protection Board member directory.

10B. International Transfers

Our service providers (Netlify, Backblaze B2, Neon) are based in the United States. We rely on Standard Contractual Clauses (SCCs) under GDPR Article 46(2)(c) for transfers of personal data from the EU/EEA.

10C. Virginia, Colorado, Connecticut, and Other State Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with privacy laws have similar rights to those listed in Section 10 above. Contact us at support@kaynos.net to exercise your rights under these laws.

10D. Breach Notification

In the event of a personal data breach, we will notify affected individuals and relevant supervisory authorities within 72 hours as required by GDPR Article 33, and within the timeframes required by applicable U.S. state laws.

11. Do Not Track and Global Privacy Control

We do not currently respond to "Do Not Track" browser signals because there is no uniform industry standard for them. We do not sell or share personal data for advertising. Because we do not engage in sale or sharing, GPC signals require no action, but we acknowledge and respect them.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the effective date. If changes are material, we will provide additional notice as required by law.

13. Contact

Questions about this Privacy Policy: support@kaynos.net

14. Privacy request metrics

We do not currently meet the threshold (10 million+ consumer records) requiring annual privacy request metrics disclosure under CCPA.