Privacy Policy

This Privacy Policy describes how we collect, use, and share information in connection with your use of the KNav service.

Last updated: December 10, 2025

This Privacy Policy describes how WhatMatters LLC ("Company," "we," "us," or "our") collects, uses, and shares information in connection with your use of the Knav website, dashboard, embed scripts, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Overview

Knav is a command palette service that involves two types of users:

  • Dashboard Users: Individuals who create accounts, configure command palettes, and embed them on websites
  • End Users: Visitors to websites where the Knav embed script is installed

This Privacy Policy covers how we handle data for both types of users.

2. Information We Collect

2.1 Information from Dashboard Users

Account Information When you create an account, we collect:

  • Email address
  • Name (optional)
  • Account preferences and settings

Workspace and Command Data When you use the Service, we collect:

  • Workspace names and settings (theme, colors, branding preferences)
  • Command configurations (labels, descriptions, action types, URLs)
  • Embed script settings

Usage Information We automatically collect:

  • Log data (IP address, browser type, device information, pages visited)
  • Service usage patterns (features used, actions taken)
  • Date and time of access

Payment Information If you subscribe to a paid plan, our payment processor (Stripe) collects:

  • Payment method details (credit card number, expiration date)
  • Billing address
  • Transaction history

We do not store complete payment card information on our servers.

2.2 Information from End Users

When someone visits a website with the Knav embed script installed, we may collect:

Interaction Data

  • Whether the command palette was opened
  • Commands searched for and selected
  • Keyboard shortcuts used
  • Timestamp of interactions

Technical Data

  • Browser type and version
  • Device type (desktop, mobile, tablet)
  • Screen resolution
  • Referring page URL
  • Anonymous session identifiers

What We Do NOT Collect from End Users

  • Personal identification information (names, email addresses)
  • Cookies for tracking across websites
  • Sensitive personal data
  • Keystroke logging beyond command palette searches

2.3 Information from Third Parties

We may receive information from:

  • Authentication providers (if you sign in via social login in the future)
  • Analytics services
  • Payment processors (transaction confirmations)

3. How We Use Information

3.1 Dashboard User Information

We use your information to:

  • Create and manage your account
  • Provide, maintain, and improve the Service
  • Process payments and send transaction confirmations
  • Send service-related communications (updates, security alerts, support)
  • Respond to your inquiries and provide customer support
  • Analyze usage patterns to improve features
  • Detect, prevent, and address fraud or security issues
  • Comply with legal obligations

3.2 End User Information

We use end user interaction data to:

  • Provide analytics to Dashboard Users about command palette usage
  • Improve the performance and functionality of the embed script
  • Identify and fix technical issues
  • Generate aggregated, anonymized insights

3.3 Aggregated and Anonymized Data

We may create aggregated or anonymized data from personal information by removing identifying details. This data may be used for:

  • Industry benchmarking and reports
  • Service improvement
  • Marketing materials (without identifying individuals)

4. How We Share Information

4.1 With Dashboard Users

We share analytics data about end user interactions with the Dashboard Users who own the respective workspaces. This data is aggregated and does not include personal identification of end users.

4.2 Service Providers

We share information with third-party service providers who assist us in operating the Service:

| Provider | Purpose | Data Shared | | -------- | ---------------------- | ------------------------------- | | Neon | Database hosting | Account data, workspace data | | Vercel | Hosting and deployment | Log data, usage data | | Resend | Email delivery | Email addresses, email content | | Stripe | Payment processing | Payment and billing information |

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose information if required to do so by law or in response to:

  • Court orders, subpoenas, or legal process
  • Requests from law enforcement or government agencies
  • Protection of our rights, property, or safety
  • Protection of the rights, property, or safety of others

4.4 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your information.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Cookies and Tracking Technologies

5.1 Dashboard Website

Our dashboard website uses:

Essential Cookies

  • Session cookies for authentication
  • Security cookies for fraud prevention

Analytics Cookies

  • Usage analytics to understand how visitors use our site
  • Performance monitoring

You can control cookies through your browser settings. Disabling certain cookies may affect Service functionality.

5.2 Embed Script

The Knav embed script:

  • Does NOT set cookies on end user browsers
  • Does NOT track end users across websites
  • Uses session-based identifiers that do not persist after browser closure
  • Operates with minimal data collection by design

6. Data Retention

6.1 Dashboard User Data

We retain your account information for as long as your account is active. After account deletion:

  • Account data is deleted within 30 days
  • Backup copies may persist for up to 90 days
  • Aggregated analytics data may be retained indefinitely

6.2 End User Data

End user interaction data is retained according to the Dashboard User's subscription tier:

  • Free tier: 90 days
  • Pro tier: 90 days
  • Enterprise tier: Custom retention periods

6.3 Legal Requirements

We may retain certain information longer if required by law or to protect our legal interests.

7. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of sensitive data at rest
  • Regular security assessments
  • Access controls and authentication
  • Secure cloud infrastructure
  • Regular backups

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

8.1 Account Information

You can:

  • Access your account information through the dashboard
  • Update or correct your information at any time
  • Delete your account by contacting us or using the dashboard settings

8.2 Communications

You can opt out of promotional emails by:

  • Clicking "unsubscribe" in any promotional email
  • Updating your communication preferences in the dashboard

You cannot opt out of service-related communications (security alerts, billing notices).

8.3 Data Export

You may request a copy of your data by contacting us at randy@whatmatters.so.

9. Rights for Users in Specific Jurisdictions

9.1 European Economic Area (EEA) and UK - GDPR

If you are in the EEA or UK, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract: To provide the Service you requested
  • Legitimate Interests: To improve our Service, prevent fraud, and ensure security
  • Consent: Where you have provided explicit consent
  • Legal Obligation: To comply with applicable laws

Data Transfers

Your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses.

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority.

9.2 California - CCPA/CPRA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request information about the categories and specific pieces of personal information we collect
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt out of the sale or sharing of personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

Do Not Sell or Share My Personal Information

We do not sell personal information as defined by the CCPA. We do not share personal information for cross-context behavioral advertising.

Categories of Personal Information Collected

In the past 12 months, we have collected:

  • Identifiers (email address, name, IP address)
  • Commercial information (transaction history, subscription details)
  • Internet activity (usage data, interaction data)
  • Geolocation data (general location based on IP)

To exercise your California privacy rights, contact us at randy@whatmatters.so.

9.3 Other Jurisdictions

If you are located in another jurisdiction with data protection laws, you may have similar rights. Please contact us to exercise any applicable rights.

10. Information for Website Owners

If you are a Dashboard User embedding Knav on your website, you are responsible for:

  • Informing your website visitors about third-party services, including Knav
  • Updating your website's privacy policy to disclose the use of Knav
  • Ensuring compliance with applicable privacy laws in your jurisdiction
  • Obtaining any necessary consents from your website visitors

We recommend including language in your privacy policy such as:

"This website uses Knav, a third-party command palette service, to provide navigation functionality. Knav may collect anonymous interaction data such as command searches and selections. For more information, see Knav's Privacy Policy at https://knav.app/privacy."

11. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at randy@whatmatters.so.

12. Third-Party Links and Services

The Service may contain links to third-party websites or enable interactions with third-party services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party websites or services you visit or use.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website
  • Updating the "Last Updated" date at the top
  • Sending an email notification (for material changes)

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

WhatMatters LLC Email: randy@whatmatters.so Address:

Data Protection Officer (if applicable): Email: randy@whatmatters.so

For data subject requests (access, deletion, correction), please email randy@whatmatters.so with the subject line "Privacy Request."

15. Additional Information

15.1 Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

15.2 Do Not Track

Our Service does not currently respond to "Do Not Track" browser signals. However, our embed script is designed with privacy in mind and minimizes data collection by default.

15.3 Data Protection Principles

We adhere to the following data protection principles:

  • Lawfulness, Fairness, and Transparency: We process data lawfully and transparently
  • Purpose Limitation: We collect data for specified, legitimate purposes
  • Data Minimization: We collect only what is necessary
  • Accuracy: We keep data accurate and up to date
  • Storage Limitation: We retain data only as long as necessary
  • Integrity and Confidentiality: We protect data with appropriate security measures

By using Knav, you acknowledge that you have read and understood this Privacy Policy.

KNav

AI assistant that lives on your website.
No code required.

Crafted with ♥ in Austin, TX by WhatMatters

© 2025 KNav. All rights reserved.