Privacy Policy

1. Who We Are

Kudo is an AI-powered employee review writing tool. When you use Kudo, you are sharing information about yourself and your employees with us. This policy explains what we collect, how we use it, and your rights.

2. What We Collect

Account data: Your name, email address, and hashed password.
Employee data: Names, roles, and any notes or documents you upload about your team members.
Interview transcripts: Your answers during the AI interview sessions.
Generated reviews: The drafts and final reviews produced by Kudo.
Usage data: Page views, feature usage, and events (anonymized where possible).
Payment data: Handled entirely by Stripe. We never store credit card numbers.

3. How We Use Your Data

To operate and improve Kudo
To generate reviews using AI (your data is sent to OpenAI's API for processing)
To send you transactional emails (review completion, reminders)
To diagnose errors and improve reliability

Your employee data is never used to train AI models. Interview transcripts and review content you create in Kudo are processed to generate your reviews and are never used as training data for any AI system — ours or anyone else's.

4. AI Processing

Kudo uses OpenAI's API to generate and refine reviews. When you start an interview or request a review, your data is sent to OpenAI's servers for processing. OpenAI does not use API submissions to train their models (see OpenAI's API Privacy Policy).

We do not share your data with any other AI providers.

5. Data Retention

We retain your data for as long as your account is active. When you delete your account:

All personal data is deleted from our databases within 30 days.
Employee records, interview transcripts, and generated reviews are permanently deleted.
Anonymized analytics data (event counts, aggregate usage) may be retained.
We may retain records required by law for longer periods.

Account deletion removes all your data within 30 days. This includes all employee records, notes, documents, interview sessions, and generated reviews tied to your account.

6. Data Sharing

We do not sell your personal data. We share data only with:

OpenAI — for AI review generation (API calls only, no training use)
Stripe — for payment processing
Render — our hosting provider (data stored in their infrastructure)
Law enforcement — when legally required

7. Security

All data is encrypted in transit (TLS 1.2+) and at rest. Passwords are hashed using PBKDF2 with SHA-512 and a unique salt. We use industry-standard security practices throughout.

8. Your Rights

You have the right to:

Access a copy of your personal data
Correct inaccurate data
Delete your account and all associated data
Export your reviews
Withdraw consent to marketing emails at any time

To exercise any of these rights, contact us at hello@kudo.app.

9. Cookies

Kudo uses minimal cookies — only what's needed for authentication and anonymous analytics. We do not use third-party advertising cookies.

10. Children's Privacy

Kudo is not directed at or intended for use by anyone under 16 years of age. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this policy from time to time. When we do, we'll update the "Last updated" date above. Significant changes will be communicated by email.

12. Contact

Questions about privacy? Email us at hello@kudo.app. We respond within 2 business days.