Privacy Policy
Last updated: 27 May 2026
KineticBrain™ ("we", "us", "our") operates KineticCopy™ (copy.kineticbrain.ai), a WordPress plugin for AI-powered copywriting. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use KineticCopy.
We are the data controller for the personal data processed through our services. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Danish Data Protection Act (Databeskyttelsesloven), and the ePrivacy Directive 2002/58/EC as implemented in Danish law.
1. Data Controller
KineticBrain™
Denmark, European Union
Email: [email protected]
2. What Data We Collect
2.1 Purchase and Account Data
When you purchase KineticCopy, we collect:
- Email address (for license delivery and support)
- License key and activation status
- Purchase date and subscription tier
- Credit balance and purchase history
2.2 Plugin Usage Data
KineticCopy collects minimal usage data to provide its services:
- License validation requests (your domain, license key, plugin version)
- Credit transaction logs (which actions consumed credits, timestamps)
We do not collect or have access to your WordPress content, your generated text, your voice model data, or your site visitors' data. These remain on your own server.
2.3 Data Processed Locally (on Your Server)
The following data is stored in your WordPress database and never sent to our servers:
- Your Claude API key (encrypted at rest)
- Your voice model / Writing DNA profile
- All generated content
- Brand DNA settings and tone preferences
- Content Library entries and pinned posts
2.4 Data Sent to Third-Party AI Provider
When KineticCopy generates content or scans your posts, it sends data directly from your WordPress installation to the Anthropic Claude API. This includes:
- Your published post content (for Site Intelligence voice model training)
- Content generation prompts (including brand context and your voice model)
- Brain AI chat messages
This data is sent directly from your server to Anthropic. It does not pass through our servers. Anthropic does not use API data to train its models. See Anthropic's Privacy Policy.
2.5 Payment Data
All payments are processed by Stripe. We do not store your full card details. Stripe processes and stores payment data as an independent data controller. We only receive a tokenised reference and the last four digits of your card.
3. Legal Basis for Processing (GDPR Article 6)
| Purpose | Legal Basis | GDPR Article |
|---|---|---|
| License delivery and management | Performance of contract | Art. 6(1)(b) |
| Processing payments | Performance of contract | Art. 6(1)(b) |
| Credit balance management | Performance of contract | Art. 6(1)(b) |
| License validation | Legitimate interest | Art. 6(1)(f) |
| Transactional emails | Performance of contract | Art. 6(1)(b) |
| Security and fraud prevention | Legitimate interest | Art. 6(1)(f) |
| Marketing communications | Consent | Art. 6(1)(a) |
4. How We Use Your Data
We use your personal data to deliver and activate your license, process payments, manage your credit balance, send account-related notifications, provide support, detect and prevent abuse, and comply with legal obligations.
We do not sell your personal data, use your content to train AI models, share your data with other users, display advertising, or access your WordPress content or generated text.
5. Third-Party Processors and Data Transfers
| Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Stripe Inc. | Payment processing | US | EU SCCs + DPF |
| Anthropic PBC | AI content generation (direct from your server) | US | EU SCCs |
Important: Anthropic receives data directly from your WordPress installation, not from our servers. Your relationship with Anthropic when using BYOK is direct - you are their customer. When using credits (our hosted API access), we act as the data controller for that processing.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| License and account data | Until account deletion request + 30 days |
| Credit transaction logs | 24 months |
| Payment records | 5 years (Danish Bookkeeping Act / Bogforingsloven) |
| Support correspondence | 2 years from resolution |
| License validation logs | 90 days |
Data stored locally on your WordPress server (voice model, content, settings) is under your control. We cannot delete it - you manage it through your WordPress installation.
7. Your Rights Under GDPR
As a data subject in the European Union, you have the following rights:
- Right of access (Art. 15) - request a copy of your personal data
- Right to rectification (Art. 16) - request correction of inaccurate data
- Right to erasure (Art. 17) - request deletion of your data
- Right to restriction (Art. 18) - request limits on how we use your data
- Right to data portability (Art. 20) - receive your data in machine-readable format
- Right to object (Art. 21) - object to processing based on legitimate interest
- Right to withdraw consent (Art. 7(3)) - withdraw consent at any time
- Right regarding automated decisions (Art. 22) - our AI tools are content-creation aids only and do not make automated decisions with legal effects on you
Send requests to [email protected] with "GDPR Request" in the subject line. We will respond within 30 days.
You also have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet), Carl Jacobsens Vej 35, 2500 Valby, Denmark - datatilsynet.dk. If you are in another EU member state, you may also contact your local supervisory authority.
8. Cookies
The KineticCopy sales website (copy.kineticbrain.ai) uses only essential cookies for site functionality. We do not use advertising cookies, cross-site tracking, or analytics cookies that require consent.
The KineticCopy WordPress plugin does not set any cookies in your visitors' browsers. It stores its settings in your WordPress database using standard WordPress options.
9. Children's Privacy
KineticCopy is not directed at children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us with personal data, please contact us.
10. Security
We implement encryption in transit (TLS 1.2+), encrypted API key storage (AES-256) on your server, secure license validation endpoints, and access controls on our systems. If we become aware of a data breach posing high risk, we will notify you and the Datatilsynet within 72 hours (GDPR Art. 33).
11. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated by email or in-plugin notice. Continued use after a change constitutes acceptance.
12. Contact Us
KineticBrain™
Denmark, European Union
Email: [email protected]
For GDPR requests, include "GDPR Request" in your subject line.