← Back to Kiteview

Privacy Policy

Effective April 29, 2026

Summary

Kiteview is a competitive-intelligence platform operated by Kiteview, Inc. (“Kiteview,” “we,” “our”). We build a dashboard, an API, and a browser extension that help your team monitor competitors. This page explains what data we collect, why we collect it, and what you can do about it. We do not sell your data, we do not show you ads, and we do not share your competitive intelligence with anyone outside your account.

What the browser extension does with your data

The Kiteview browser extension is intentionally narrow. It does not read your browsing history, log keystrokes, sell ad attribution, or send any analytics back to Kiteview. Specifically:

  • API key storage. When you click “Connect” in the extension popup, you are redirected to kiteview.co to authorize the extension. On success, kiteview.co generates an API key scoped to your account and sends it back to the extension. The key is stored locally in your browser’s extension storage (chrome.storage.local). It never leaves your device except when the extension calls the Kiteview API on your behalf.
  • Active tab URLs. When you open the extension popup, click the toolbar icon, or use a keyboard shortcut, the extension reads the current tab’s URL so it can (a) show you whether that domain is already a tracked competitor, (b) offer a one-click “Add this competitor” button, and (c) suggest the right competitor row when you save a snippet of selected text. We never read tab URLs in the background without an explicit action from you.
  • Right-click actions. “Add to Kiteview” sends only the page’s domain (e.g. example.com) to your Kiteview account. “Save selection to Kiteview” sends the text you highlighted plus the page’s URL and title, and attaches them to the matching tracked competitor.
  • Toolbar badge polling. Every five minutes the extension calls /api/v1/dashboard on kiteview.co to count unread critical signals so it can show a count on the toolbar badge. This is the same data your dashboard would show — it does not include any new collection.
  • Argus queries. When you ask Argus a question through the extension, the question text plus the current tab’s URL and title are sent to your Kiteview account so Argus can ground its answer in the page you’re looking at. We do not log Argus queries for advertising or training third-party models.
  • What we do not collect. We do not store a history of every URL you visit. We do not read page content unless you explicitly highlight text and choose “Save selection to Kiteview.” We do not have a content script running on every site.

What the website and API collect

  • Account data. When you sign up we store your email, hashed password (when applicable), full name, role, company name, and company URL.
  • Competitive intelligence you create. The competitors you track, the URLs you monitor, the signals and snippets we ingest on your behalf, your ratings and feedback on those signals, and any briefs you generate.
  • Onboarding profile. The answers you provide during onboarding, including a short AI-summarized profile of your company that we use to personalize triage.
  • Billing data. Stripe handles your payment information; we never see card numbers. We store the Stripe customer ID, subscription status, tier, and billing interval so we know what plan you are on.
  • API keys. If you create an API key (manually or via the browser extension), we store a cryptographic hash of the key plus the first few characters as a prefix for display. We never store the raw key after you create it.
  • Operational logs. We log API requests for debugging and abuse prevention. Logs are retained for up to 30 days.
  • AI usage logs. Each AI run we make on your behalf — Argus chat, weekly briefs, signal triage, competitor enrichment — is recorded with the route name, model used, token counts, and computed cost. This is how we keep your spend transparent in Settings → Usage and how we bill metered overage. Retained 90 days.
  • Argus question history. Successful Argus questions and answers are stored so we can improve the agent over time and so you can revisit past research. Retained 90 days. Failed queries are not stored.
  • Error reports. When the application throws an unexpected error, we send a stack trace to our error-monitoring provider (Sentry) along with your user ID and request URL so we can fix the bug. We do not attach competitive-intelligence content to error reports.

Service providers we use

We share the minimum data needed to operate the service with the following providers, under written contracts that forbid them from using your data for any other purpose:

  • Supabase — database and authentication.
  • Vercel — web and API hosting.
  • Stripe — payment processing.
  • OpenRouter, Anthropic, OpenAI, Perplexity— large-language-model inference for triage, summarization, and Argus. Prompts include the data needed to answer the request (e.g. recent signals, competitor context). We use providers that contractually do not train on customer data.
  • Firecrawl, Newscatcher — public web scraping and news ingestion. These services are sent competitor URLs and queries, not your account data.
  • Resend — transactional email (sign-up confirmations, billing receipts, alerts you opted into).
  • Sentry — error monitoring and performance traces. Receives stack traces, request URLs, and user IDs of users whose sessions hit errors. Does not receive competitive-intelligence content.
  • Upstash Redis — ephemeral storage for rate limits, idempotency keys, and short-lived counters. Holds no long-term personal data.

Cookies and tracking

We use first-party cookies that are strictly necessary to keep you signed in and to remember your preferences. We do not use third-party advertising cookies. We do not run marketing pixels for retargeting. We use a privacy-respecting analytics tool to count page views in aggregate; it does not identify individual visitors.

On first visit you’ll see a banner letting you opt in or out of optional cookies and trackers we may add later (e.g. session replays for support investigations or product analytics). Your choice is stored in your browser and re-applied on every visit. You can change it any time by clearing the kiteview-cookie-consent entry in your browser’s site data and reloading.

Your rights

You can access, export, or delete your account data at any time from Settings → Account in the dashboard, or by emailing privacy@kiteview.co. You can revoke any API key (including the browser extension’s key) from Settings → API Keys. Account deletion is permanent and removes all competitive intelligence we’ve stored on your behalf within 30 days.

If you are in the EEA, UK, or California, you have additional rights under GDPR and CCPA, including the right to object to processing and the right to lodge a complaint with your local data-protection authority.

Data retention

Account data is retained while your account is active and for 30 days after account deletion to allow recovery from accidental deletion. API request logs are retained for up to 30 days. Competitive intelligence (signals, briefs, ratings) is retained for the life of your account; you can delete individual records at any time.

Security

We protect your data with industry-standard encryption in transit (TLS 1.2+) and at rest. Database access is restricted by row-level security policies tied to your account. API keys are stored only as cryptographic hashes. We disclose security incidents that affect your data promptly, in line with applicable law.

Children

Kiteview is built for businesses and is not directed at children under 13. We do not knowingly collect personal information from children.

Changes to this policy

If we materially change this policy we will notify registered users by email at least 7 days before the new policy takes effect.

Contact

Questions, requests, or concerns? Email privacy@kiteview.co.