Kilonova Ventures Privacy Policy

We collect personal information from you when you voluntarily provide it to us, such as when you contact us through our website, sign up for our newsletter, or request more information about our services. This information may include your name, email address, and other contact information.

We use this information to respond to your requests, provide you with the information or services you requested, and keep you informed about our company and services. We may also use this information to improve the content and functionality of our website and to better understand the needs of our visitors.

We do not sell, trade, or otherwise transfer your personal information to third parties. We may share your information with service providers who assist us with our business operations, such as website hosting and email marketing. These service providers are bound by strict confidentiality agreements and are only permitted to use your information for the purpose of providing the services we have contracted with them to perform.

We may also be required to disclose your information in response to legal requests, such as a subpoena or court order, or in accordance with applicable laws.

We take reasonable steps to protect the security of your personal information and to prevent unauthorized access or misuse. Refresh tokens, API keys, and other credentials we hold on your behalf are encrypted at rest using AES-256-GCM before they ever touch disk. Each customer’s workspace is isolated from every other customer’s workspace: no operator in one workspace can see another workspace’s data, and we do not pool, aggregate, anonymise, or resell data across workspaces. However, no data transmission over the internet can be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you transmit to us. You transmit all information at your own risk.

Kilonova Marketing Insights lets you connect data sources you already own — Shopify, Klaviyo, Google Ads, Meta Ads, and Triple Whale — so we can populate dashboards, daily recommendations, and chat responses inside your own workspace. All access is strictly read-only. We never write back to a connected platform, modify your campaigns, modify your store, or take any action on your behalf. Each integration uses scoped credentials you supply during onboarding and stores them encrypted at rest, per the previous section.

Google Ads. When you connect a Google Ads account, we read campaign performance through the Google Ads API (GoogleAdsService using GAQL) with the https://www.googleapis.com/auth/adwords.readonly scope. We query only the customer, campaign, ad_group, ad_group_ad, keyword_view, and search_term_view resources, strictly read-only. We never call mutate endpoints (no campaign, ad-group, ad, or budget modifications), and we never use listAccessibleCustomers for account discovery — you supply the Customer ID yourself during onboarding. Data is stored encrypted in your isolated workspace and used solely to power your own dashboards, recommendations, and natural-language queries inside the product.

Shopify. We read orders, customers, products, variants, discount codes, refunds, and abandoned checkouts via the Shopify GraphQL Admin API with a read-only access token you provide.

Klaviyo. We read campaigns, flows, flow steps, events, list growth, and predictive-analytics profile data via the Klaviyo JSON:API with a private API key you provide.

Meta Ads. We read campaign, ad set, and ad performance via the Meta Marketing API with a read-only system-user token you provide.

Triple Whale. We read blended attribution summaries and daily time-series via the Triple Whale Summary API with the API key you provide.

On request, or when you delete your workspace, all stored credentials and ingested data from connected platforms are purged. You can also disconnect any individual integration at any time from inside the product, which removes its credentials immediately.

We retain your personal information for as long as necessary to fulfill the purpose for which it was collected, or as required by applicable laws.

We reserve the right to modify this Privacy Policy at any time, so please review it periodically. If we make material changes to this policy, we will notify you by posting an updated version on our website.

If you have any questions or concerns about our Privacy Policy, please contact us at privacy@kilonova.ventures.