Privacy Policy

Privacy Policy

Last updated: 2026-06-01

Data controller

Kavex is operated by Strenor Labs LLC (Filing ID 001989970), 30 N Gould St Ste N, Sheridan, WY 82801, United States. Strenor Labs LLC is the data controller responsible for the personal data described in this policy. For any privacy question or data request, email privacy@kavex.io.

Summary

Kavex is built around two principles: collect only what we need to run the service, and never sell or share what we collect. We're a small B2B tool with EU-hosted infrastructure — there are no ad networks, no third-party trackers, and no data-broker partnerships.

For specific questions about your data not answered below, email privacy@kavex.io.

What we collect

We collect the minimum data needed to run the service:

  • Account info: email address, password hash, optional profile fields (name, company, sender details for AI Personalizer).
  • Payment info: payments are processed by a third-party payment provider that acts as our Merchant of Record. We never see or store full card details — the provider handles them under its own privacy policy.
  • Job history: the configurations you submit, the results you generate, log lines for debugging, credit ledger.
  • IP address: captured at signup for fraud prevention (90-day duplicate-IP check, optional VPN/proxy detection via IPQualityScore).
  • User agent + signup metadata: stored in signup_logs for abuse review.

Where we store it

Account data, job results, and credit history live in Supabase Postgres hosted in the EU (Frankfurt region). We use Supabase's row-level security so your data is never visible to other users.

Subprocessors

We use these third-party services to run Kavex. Each has their own privacy policy:

  • Supabase — auth, database, realtime. EU-hosted.
  • DataImpulse (or your configured connectivity provider) — IP rotation for reliable data retrieval.
  • DeepSeek (with Google Gemini as fallback) — AI Personalizer copy generation. The business data you submit is sent to the AI provider for the duration of the request only.
  • IPQualityScore (optional) — VPN/proxy detection at signup.
  • Payment provider — a third-party payment processor acting as Merchant of Record. Handles checkout, billing, taxes, and refunds.
  • Vercel — frontend hosting.

GDPR compliance

We host user data on EU infrastructure and treat all users as GDPR-protected. You have the right to export, correct, or delete your data at any time. Email privacy@kavex.io for any data request — we respond within 30 days.

Your data is your data. We never sell, rent, or share your job results with third parties. Your results live in your account until you delete them.

Acceptable use

Kavex works with publicly available business data for B2B sales intelligence. You may not use Kavex to:

  • Send unsolicited spam (CAN-SPAM, GDPR violations).
  • Target individual EU citizens for harassment or stalking.
  • Resell or redistribute the results as a standalone data product.
  • Circumvent rate limits or anti-abuse measures on third-party services.

Violation results in account termination. Repeated abuse may be reported to law enforcement.

Cookies

We use a single first-party cookie for authentication (your Supabase session). No tracking cookies, no third-party analytics, no advertising pixels.

How we handle business data

When you use Kavex to find publicly available business data (public business listings, business websites, etc.), we store the resulting rows in our database so you can re-download CSVs of your past jobs at any time.

What we store, and for how long:

  • Business name, address, phone, website, category — kept with the job that produced them.
  • Generic and named email addresses (e.g. info@company.com, jane.doe@company.com) — kept with the job.
  • Ratings and review counts (numeric only) — kept with the job.
  • What we never store: review text content (copyright), photos (platform IP), real-time signals like “open now” or “busy now.”

Your rights under GDPR:

  • Right to deletion: if your personal email appears in our data, POST to /api/gdpr/delete-data with {"email": "you@example.com"}. We process the request automatically and return a reference ID. If you also hold a Kavex account, account deletion is a separate flow — log in and visit settings, or email privacy@kavex.io.
  • Right to access: email privacy@kavex.io from the address in question to receive a copy of all data we hold.
  • Right to rectification:if data is incorrect, email us and we'll correct or remove it.

Legal basis:legitimate interest in providing B2B prospecting services with publicly available business contact data, balanced against the data subject's privacy interests.

Refunds

Credits never expire. If a job fails or completes below estimate, we auto-refund the difference. Account-closure credits are non-refundable since we've already paid the underlying API costs. Full terms are in our Refund Policy; email billing@kavex.io for refund requests.

Limitation of liability

Kavex is provided "as-is." We're not responsible for how you use the data we surface. We don't guarantee result success rates (upstream sources change and availability varies) — though we do auto-refund failed jobs. Maximum liability is capped at credits paid in the past 12 months.

Changes

We'll email account holders before any material change to this policy. Last updated date appears at the top.

Contact

Strenor Labs LLC
30 N Gould St Ste N, Sheridan, WY 82801, United States
Filing ID: 001989970

Questions? privacy@kavex.io