Privacy Statement
This Privacy Statement explains how Applied Continuity LLC ("KnowledgeBricks," "we," "us," or "our") collects, uses, and protects information when you use the KnowledgeBricks Logistics Portal (logistics.knowledgebricks.com), a B2B SaaS platform for supply chain consultants, logistics engineers, and warehouse designers. It supplements our Trust & Security page, which contains additional technical detail about data handling.
1. Information We Collect
Account & profile
When you sign up or sign in, our authentication provider Clerk collects and provides us with your email address, first and last name, organization membership, and multi-factor authentication status. If you sign in through Microsoft Entra (enterprise SSO), we also receive the claims your Entra tenant sends in the SAML or OIDC token.
User-generated content
We store content you create inside the portal: engagement notes, project records, uploaded document links and metadata, AI session inputs and outputs you choose to save, and any messages you send through in-app support channels. You decide what to type, attach, or save; we store it to provide the service.
Microsoft 365 file metadata
If you connect your Microsoft 365 account, we store the sharing link, document title, and document type for each file you explicitly attach to an engagement. We do not store the file bytes: the content of your files remains on your Microsoft tenant. See Section 5 and our Trust & Security page for full detail.
Payment information
Billing is handled by Stripe. When you subscribe, Stripe collects and stores your payment method details (card number, expiry, CVV). We receive only a Stripe customer ID, the last four digits of your card, and billing address. We never see or store your full card number. Stripe's own privacy policy applies to payment data.
Usage telemetry
We collect page views, feature interactions, and error events through Vercel Analytics (aggregate, privacy-safe) and Microsoft Clarity (session analytics, heatmaps, scroll maps). Clarity may record replays of your interactions with the portal UI. IP addresses and browser user-agents are logged at the edge for security purposes and are not retained beyond 30 days. We do not use telemetry to build individual advertising profiles.
Communications
If you email us or submit a support request, we retain that correspondence to resolve your issue and improve the service. We may send you transactional emails (receipts, password resets, plan change confirmations) and, if you opt in, occasional product update emails. You can unsubscribe from marketing emails at any time.
2. How We Use Your Information
- Provide the service. We use your account details and content to operate, maintain, and personalize the Logistics Portal, including running estimation tools, AI cowork sessions, knowledge search, project management, and the Microsoft 365 integration.
- Process payments. We use billing data to create subscriptions, issue receipts, handle plan changes and cancellations, and comply with tax requirements.
- Provide support. We use your name, email, and account context to respond to support requests and resolve technical issues.
- Improve features. We analyze aggregated, de-identified usage telemetry to understand which features are working well and which need improvement. We do not use your individual prompts, documents, or session content for product development. We do not use any customer content to train AI models. See Section 4.
- Security and abuse prevention. We monitor for unauthorized access, fraudulent activity, API abuse, and violations of our Acceptable Use policy.
- Legal compliance. We may process or retain data to meet applicable tax, accounting, or regulatory obligations, and to respond to lawful requests from courts or government authorities.
3. Legal Bases for Processing (GDPR)
If you are in the European Economic Area or the United Kingdom, our legal bases for processing personal data are as follows. Processing necessary to perform the subscription contract you entered into with us (GDPR Art. 6(1)(b)) covers account management, service delivery, and billing. Processing based on our legitimate interests (Art. 6(1)(f)) covers security monitoring, aggregate analytics, and support communications, where those interests are not overridden by your fundamental rights. Where we send marketing emails or place non-essential cookies, we rely on your consent (Art. 6(1)(a)), which you may withdraw at any time. Processing required by law (Art. 6(1)(c)) covers tax records and responses to lawful authority requests.
4. AI Processing
The Cowork and Ask features send the text of your prompts to Anthropic's Claude API. We use Anthropic's zero-data-retention API: prompts and responses are not stored by Anthropic on their servers beyond what is required for trust-and-safety review (approximately 30 days), and they are never used to train Anthropic's AI models.
On our side, your prompt text travels over an encrypted channel to Anthropic and the response is returned to your session. We do not log prompt bodies. If you choose to save a session output (e.g., a cowork summary or Ask answer), that saved text is stored in our database under your account; if you do not save it, it is discarded when your session ends.
In plain terms: your content is never used to train AI models, by us or by Anthropic. Output generated by the AI is provided as-is for informational purposes and is not professional engineering or legal advice. See also Section 8 (AI Output) of the Terms of Service.
5. Microsoft 365 Integration
The Microsoft 365 integration is optional and requires your explicit authorization. When you connect, we request the following delegated OAuth permissions (acting as you, not as a background service account):
- Files.Read: browse OneDrive files you can access, read-only.
- Files.ReadWrite.AppFolder: read and write only inside
/Apps/KnowledgeBricks/. Microsoft enforces this boundary; we cannot access anything outside it through this scope. - User.Read: read your name, email, and profile photo to display in the UI.
- offline_access: maintain a refresh token so you do not have to re-authorize each session. You can revoke this at any time.
We store your refresh token (encrypted at rest with AES-256-GCM), the sharing link to each file you explicitly attach, and the document title and type you provide. We do not store the bytes of your files. They pass through server memory only during an export operation and are discarded immediately. We do not store file previews, folder structures you did not link, email, calendar entries, or any data from other users in your tenant.
Export operations write output only to your /Apps/KnowledgeBricks/
folder in OneDrive. You can disconnect the integration at any time from
/account/integrations; on disconnect,
your refresh token is deleted from our database and no further Graph calls
are possible. For additional technical detail, see our
Trust & Security page.
6. Data Sharing & Sub-processors
We do not sell your personal data to third parties, and we do not share it for third-party advertising purposes. We share data only with the sub-processors necessary to operate the service:
| Service | Purpose | Data processed | Region |
|---|---|---|---|
| Vercel | Application hosting & edge delivery | All app traffic, edge logs | USA (US-East primary) |
| Supabase | Database & object storage | App data, encrypted tokens, backups | USA |
| Clerk | Identity & authentication | Email, name, IP address, MFA status | USA |
| Stripe | Billing & payment processing | Payment method, billing email, invoices | USA |
| Anthropic | AI inference (Cowork & Ask features) | Prompt text you submit (zero-retention API) | USA |
| Microsoft Graph | OneDrive / SharePoint API (optional) | File metadata + bytes you choose to export | Your Microsoft tenant region |
| Microsoft Clarity | Session analytics & UX research | Page interactions, heatmap data, session replays | USA |
We may also disclose personal data if required by law, court order, or government authority, or to protect the rights, property, or safety of KnowledgeBricks, our users, or the public.
7. Data Retention
- Active account data: retained for the life of your account plus 30 days after deletion, to allow you to recover from accidental cancellation and to fulfill any pending contractual obligations.
- Encrypted database backups: retained for 30 days, then automatically purged.
- Audit logs (integration connect/disconnect, file actions, admin events): retained for 1 year, then purged.
- Stripe billing records: retained for 7 years to satisfy tax and accounting legal requirements. These records may include your billing email, invoice amounts, and subscription history.
- Microsoft 365 tokens: deleted immediately on disconnect or account deletion. We do not retain revoked or expired tokens.
- AI session prompts: not stored on our servers unless you explicitly save the output. Anthropic's zero-retention policy means prompts are not retained by them beyond approximately 30 days for trust-and-safety review.
8. Your Rights
Depending on where you are located, you may have the following rights with respect to your personal data. We aim to fulfill all verified requests within 30 days.
- Access. Request a copy of the personal data we hold about you.
- Correction. Request correction of inaccurate or incomplete personal data.
- Deletion. Request erasure of your personal data. Note that some data may be retained where required by law (e.g., Stripe billing records) or where a legitimate interest overrides the request.
- Portability. Request an export of your account data in a structured, machine-readable format.
- Objection / restriction. Object to processing based on legitimate interests, or request that we restrict processing while a dispute is pending.
- Withdraw consent. Where processing is based on consent (e.g., marketing emails), withdraw that consent at any time without affecting prior processing.
- Lodge a complaint. You have the right to file a complaint with your local data protection supervisory authority (for example, the ICO in the UK or your EU member-state authority).
To exercise any of these rights, email privacy@knowledgebricks.com . We may ask you to verify your identity before acting on a request.
9. International Transfers
Our servers and primary sub-processors are located in the United States. If you are accessing the service from the European Economic Area, the United Kingdom, or another jurisdiction with data transfer restrictions, your personal data will be transferred to and processed in the US.
For EEA-to-US transfers, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. For UK-to-US transfers, we rely on the UK International Data Transfer Addendum (IDTA) to the EU SCCs. Where required, we will enter into a Data Processing Addendum (DPA) with your organization. Contact security@knowledgebricks.com to request a DPA.
10. Children
The KnowledgeBricks Logistics Portal is a professional B2B service intended for adults. We do not knowingly collect personal data from anyone under the age of 16 (or under 13 in the United States). If you believe we have inadvertently collected data from a minor, please contact us at the address in Section 13 and we will delete it promptly.
11. Security
We apply industry-standard security controls to protect your data, including TLS 1.2+ in transit, AES-256 encryption at rest, application-layer token encryption, and regular dependency patching. Our Trust & Security page describes these controls in detail, including our hosting architecture, backup policy, and logging practices. No security measure is perfect; if you discover a potential vulnerability, please report it to security@knowledgebricks.com.
12. Changes to This Statement
We may update this Privacy Statement from time to time. For material changes (such as new categories of data collection, new sub-processors, or significant changes to how we use data), we will provide at least 30 days' advance notice by emailing your account address or posting a prominent banner in the portal. The "Last updated" date at the top of this page will always reflect the most recent revision. Continued use of the service after the effective date of a material change constitutes acceptance of the updated statement.
13. Contact
For privacy inquiries, data subject requests, or to request a Data Processing Addendum:
Applied Continuity LLCAttn: Privacy
6101 N Keystone Ave, Suite 100 PMB 1326
Indianapolis, IN 46220
United States
Email: privacy@knowledgebricks.com
For security-specific questions (vendor questionnaires, DPA, architecture review), email security@knowledgebricks.com. For general support, use /contact.