Privacy Policy for Notta Kun

1. Scope

This Privacy Policy explains how Notta Kun collects, uses, stores, and shares personal information when you use the Notta Kun web app, linked LINE experience, connected Google Workspace features, installed skills, and user-specific agent runtime.

In this policy, “Notta Kun”, “we”, “us”, and “our” refer to the operator of this deployment of the service. This policy applies to the current product implementation, including account registration, login, onboarding, chat, reminders, proactive partner messages, skill installation, and external account linking.

2. Information We Collect

We collect information you provide directly, information created through product use, and limited technical data needed to operate the service.

• Account information, including your email address or username, hashed password, assistant selection, onboarding state, and invitation-code redemption status.
• Conversation data, including prompts, replies, uploaded images, generated images, and message metadata stored in your chat history.
• Preference and product settings, including skills you install, reminder settings, quiet hours, timezone, onboarding task state, and proactive delivery preferences.
• Relationship and activity data, including message counts, session counts, streaks, relationship stage, machine activity timestamps, and reminder or proactive delivery records.
• Connected service data. For Google Workspace, this includes account label, granted scopes, and an encrypted refresh token. For LINE, this includes linked LINE user identifiers, temporary link requests, nonces, and delivery state.
• Operational and security data, including request metadata, logs, auth token usage, and service events used for reliability, abuse prevention, and debugging.
• Browser storage data. The current web app uses localStorage for the auth token, language preference, and certain onboarding or task UI state. We do not currently operate a consumer advertising-cookie system for the web app.

3. How We Use Information

• To create accounts, authenticate sessions, and secure user access.
• To provision, start, stop, and manage your dedicated agent machine.
• To process chats, stream assistant responses, and store chat history.
• To personalize the assistant character you selected and keep the related product context consistent.
• To install, enable, disable, and synchronize skills and relevant credentials onto your machine.
• To operate Google Workspace connection flows and LINE linking.
• To deliver reminders, onboarding flows, and proactive partner messages when you enable those features.
• To monitor uptime, investigate issues, prevent abuse, and improve product reliability.
• To comply with legal obligations and enforce product rules.

4. Legal Bases

Where applicable, we process personal information based on performance of our contract with you, your consent, our legitimate interests in operating and securing the service, and compliance with legal obligations. Optional features such as Google Workspace connection, LINE linking, or proactive delivery are processed based on the actions you take to enable them.

5. How Information Is Shared

We do not sell your personal information. We share data only where needed to run the service, follow your instructions, or comply with law.

• Infrastructure providers. The control plane, database, and user-specific agent machines are hosted using Fly.io infrastructure.
• Your dedicated agent runtime. Prompts, settings, skills, and connected credentials may be synchronized to your machine so it can perform tasks you request.
• Downstream AI or automation providers used by your machine. When your machine calls model APIs, browser automation, or related tools, necessary task input may be processed by those providers.
• Google Workspace. If you connect Google Workspace, Google processes the connection and any actions performed through the scopes you grant.
• LINE. If you link LINE, your LINE identifier, inbound messages, and outbound reminders or proactive messages are processed through the LINE platform.
• ClawHub. When you browse or install skills, skill metadata and instructions are fetched from ClawHub.
• Legal, safety, and abuse-prevention disclosures, where reasonably necessary to comply with law or protect the service, users, or third parties.

6. Data Retention

Account records, chat history, reminders, installed-skill state, and related operational records are stored while your account remains active and as long as needed to operate the service, resolve disputes, enforce our rules, or satisfy legal obligations.

Some records are shorter-lived by design. For example, temporary LINE link requests and nonces expire automatically. A stopped machine does not by itself delete your account or conversation data.

The current product does not promise automatic deletion after a fixed retention period. If you need deletion of account-level data, you should contact the operator of this deployment.

7. Security

We use reasonable technical and organizational safeguards based on the current architecture of the product. Examples in the present implementation include hashed passwords, encrypted storage for Google refresh tokens, signed media access patterns, private-network communication to user-specific machines, and isolation between user machines.

No internet service is completely secure, and we cannot guarantee absolute security. You are also responsible for protecting your device, browser session, and connected third-party accounts.

8. Your Choices and Rights

• You can choose whether to connect Google Workspace.
• You can choose whether to link LINE and whether to enable proactive LINE delivery.
• You can uninstall or disable skills where the product offers those controls.
• You can request access, correction, or deletion of your data from the operator of this deployment.
• You can disconnect connected services where the current product provides an unlink or disconnect flow.

Some requests may be limited where data must be retained for security, abuse prevention, backups, legal compliance, or core service records.

9. International Processing

Notta Kun may process or store information in countries or regions where infrastructure providers or integration partners operate. In the current deployment, that may include Singapore-region hosting and other locations used by Fly.io, Google, LINE, and downstream providers used by your machine.

10. Children

Notta Kun is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to the service, contact the operator of this deployment so the matter can be reviewed.

11. Changes to This Policy

We may update this Privacy Policy as the product changes. When we make material changes, we will update the “Last updated” date on this page and may provide additional notice where appropriate.

12. Contact

For privacy questions or requests, contact the operator of this Notta Kun deployment through the support, invite, or rollout channel that gave you access to the service. If a dedicated privacy email or legal entity is published later, that published contact information will control.