Legal

Privacy Policy

Last updated: 2026-04-21

Draft notice. This Privacy Policy is a working draft. It reflects our current practices but has not been reviewed by legal counsel and should be reviewed before public launch.

This Privacy Policy explains how Kipple Labs ("we," "us," or "our") collects, uses, and protects information when you visit kipplelabs.com or interact with our services (the "Services").

We designed Kipple Labs to collect as little information about you as we can while still running the business. Where we must collect information, we describe why and how below.

1. Information we collect

1.1 Information you provide

When you contact us (via email, design-partner inquiry, or similar), we collect:

  • Your name and email address
  • Organization name (if provided)
  • The content of your message and any subsequent correspondence

When you register for AXIS Prime through our registrar service (separate from this website; see axisprime.ai Privacy Policy for that flow), additional information may be collected including email, domain, and (at higher verification tiers) identity verification documents.

1.2 Information collected automatically

When you visit kipplelabs.com we collect limited technical information through our hosting provider (Cloudflare):

  • IP address (used for rate limiting and abuse detection)
  • User-agent string
  • Pages requested and response codes
  • Referrer URL where available

We do not use third-party analytics, advertising trackers, or cross-site cookies on this website. We do not place any cookies on your device other than session cookies that may be used for form submissions, if any.

1.3 Information we do not collect

  • We do not track you across other websites
  • We do not use advertising identifiers
  • We do not sell or share personal information with advertisers or data brokers
  • We do not use machine learning on your data to train models

2. How we use information

We use the information we collect to:

  • Respond to your inquiries and provide requested information
  • Deliver the products and services you have requested
  • Send transactional emails (e.g., confirmations, service updates)
  • Detect and prevent abuse, fraud, or security incidents
  • Comply with legal obligations
  • Improve our services based on aggregated patterns (never individual behavior)

3. How we share information

We do not sell your personal information. We share information only with:

  • Service providers that help us operate the site (hosting, email delivery, payment processing if applicable), under confidentiality obligations and data processing agreements
  • Law enforcement or regulators when legally required, such as in response to a subpoena or court order
  • In the event of a business transfer (acquisition, merger, or sale), after notifying you

3.1 Subprocessors (current)

  • Cloudflare (hosting, TLS, CDN, basic security logs)
  • Resend (transactional email delivery)
  • Stripe (payment processing, if and when billing is enabled)

4. How we protect information

We use industry-standard security measures:

  • All connections use TLS 1.2 or higher
  • Sensitive credentials are stored as cryptographic hashes, not plaintext, where possible
  • Access to systems is restricted to personnel who need it
  • We operate a responsible disclosure program; see SECURITY.md on GitHub

No system is perfectly secure. We cannot guarantee the security of information transmitted to us or stored on our systems.

5. Data retention

We retain information only as long as needed for the purposes described, typically:

  • Inquiry correspondence: 2 years from last contact
  • Technical logs: 7 days for abuse detection, then discarded
  • Contractual records: as required by applicable law (typically 6 years)

6. Your rights

Depending on your jurisdiction (GDPR, CCPA/CPRA, and similar regimes), you may have rights including:

  • Access to the personal information we hold about you
  • Correction of inaccurate information
  • Deletion of your information (subject to legal retention obligations)
  • Objection to certain processing
  • Data portability
  • Withdrawal of consent

To exercise these rights, email [email protected]. We will respond within 30 days.

7. International users

We are based in the United States. If you use our services from outside the US, your information may be transferred to and processed in the US. We rely on appropriate legal mechanisms (Standard Contractual Clauses where applicable) for international transfers.

8. Children

Our services are not directed to children under 16. We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it.

9. Changes to this policy

We may update this Privacy Policy. Material changes will be communicated by updating the "Last updated" date at the top of this document and, where appropriate, by direct notification.

10. Contact

Privacy inquiries: [email protected]

General inquiries: [email protected]

Security issues: [email protected]