Privacy Policy
Last updated: March 12, 2026
This Privacy Policy explains how Kahili Ventures LLC, dba Kana Systems (“Kana Systems,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects personal information in connection with our websites, applications, and related products where this Privacy Policy is posted or referenced. This Privacy Policy is designed to be readable while still reflecting key legal requirements, including the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”).
1. Scope and Key Definitions
This Privacy Policy applies to personal information that we collect online and offline when it is connected to our products, such as when you create an account, use a product, contact support, attend our events, or interact with our marketing communications. “Personal information” generally means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with a particular consumer or household. Some jurisdictions use different terms (for example, “personal data”), and we use “personal information” here for consistency.
Depending on how you use our products, Kana Systems may act as (a) a “business” under the CCPA/CPRA for certain data, and/or (b) a “service provider” or “processor” when we process personal information on behalf of a business customer under a written contract. Where we process personal information on behalf of a customer as their service provider/processor, the customer's instructions and agreements with you may apply in addition to this Privacy Policy.
2. Information We Collect
We collect personal information in three primary ways: (1) information you provide to us directly, (2) information collected automatically when you use our software, and (3) information we receive from third parties.
When you create or administer an account, or otherwise use our software, you may provide identifiers and contact details (such as name, email address, phone number, user ID, and organization details), account credentials, profile information, and settings.
When you use Kana Systems products, we may process content and files you upload or create, messages you send, metadata associated with that content, and information about how you interact with features. We also collect communications when you contact us, including support tickets, emails, chat logs, call recordings (where permitted by law and disclosed), and feedback you provide.
We also collect certain information automatically. This may include device and network information (such as IP address, browser type, device identifiers, operating system, and approximate location inferred from IP), usage data (such as pages viewed, actions taken, feature usage, timestamps, referring URLs), and logs used for security and debugging. We use cookies and similar technologies (like local storage, SDKs, and pixels) for authentication, session management, preferences, analytics, and to measure marketing effectiveness.
We may receive personal information from third parties such as identity providers (for single sign-on), collaboration or integration partners you enable, analytics providers, advertising partners (where used), and business customers who invite you to their workspace or provide your information to provision an account.
3. How We Use Personal Information
We use personal information to provide, maintain, and improve our products, including creating and administering accounts, enabling collaboration, delivering features, processing transactions, and providing customer support. We also use personal information to secure our products, prevent fraud and abuse, detect and respond to incidents, conduct audits, monitor integrity and availability, and enforce our terms.
We use information to understand usage and improve performance, such as troubleshooting, analytics, testing, research, and developing new functionality. We may use contact information to send product-related communications such as confirmations, security alerts, product updates, and administrative messages. If you sign up for marketing communications, we may send you newsletters and promotional content, and you can opt out at any time by using the unsubscribe mechanism included in those messages.
Where permitted, we may use certain information to personalize your experience, such as remembering preferences, suggesting settings, and tailoring content to your role. If we use automated systems to detect suspicious activity or enforce security controls, we do so to protect users and our products, and we aim to apply human review and proportional safeguards where appropriate.
4. How We Disclose Personal Information
We disclose personal information only as described here and in accordance with applicable law. We disclose personal information to service providers and contractors who help us run our products, such as cloud hosting, data storage, content delivery, analytics, customer support tooling, incident monitoring, email delivery, and payment processing. These providers are authorized to use personal information only as needed to provide services to us and must comply with contractual confidentiality and security obligations.
We may disclose personal information to integrations and third parties you choose to use. For example, if you connect a third-party app, import data from another service, or enable single sign-on, the third party may receive or access personal information as part of that integration. Your use of third-party services is governed by their privacy policies and terms, and you should review them carefully.
We may disclose personal information if we believe disclosure is reasonably necessary to comply with law, regulation, legal process, or governmental request; to protect the safety, rights, or property of Kana, our users, or the public; to investigate potential violations of our terms; or to detect, prevent, or address fraud, security, or technical issues.
If Kana Systems is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be disclosed as part of that transaction, subject to confidentiality protections and applicable legal requirements.
5. “Sale,” “Sharing,” Targeted Advertising, and Privacy Controls (California)
Some privacy laws, including the CCPA/CPRA, define “sale” broadly to include certain disclosures of personal information in exchange for valuable consideration, and define “sharing” to include certain disclosures for cross-context behavioral advertising. Our products may use cookies or similar technologies that could be considered “sharing” under California law when used for certain advertising or measurement purposes, depending on how our products are configured and which partners are active. California consumers have the right to opt out of the sale or sharing of personal information.
Where required, we provide a “Do Not Sell or Share My Personal Information” mechanism and will honor opt-out requests. We also recognize opt-out preference signals such as the Global Privacy Control (GPC) in contexts where the law requires it and where we can reasonably associate the signal with the browser or device making the request.
If you opt out, you may still see contextual ads, and certain uses of cookies may remain necessary for functionality, security, and fraud prevention.
6. Sensitive Personal Information
Certain data elements may be considered “sensitive personal information” under the CCPA/CPRA (for example, precise geolocation in some contexts, certain government identifiers, or account log-in credentials). Where we process sensitive personal information, we do so only as needed to support our products, secure accounts, prevent fraud, comply with law, and perform other permitted purposes. California consumers may have the right to limit the use and disclosure of sensitive personal information to what is necessary to perform services or provide goods as reasonably expected.
7. Security and Encryption
We maintain an information security program designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. Our safeguards include administrative, technical, and physical measures appropriate to the nature of the data and the risks presented.
We use encryption in transit for data transmitted between your devices and our servers using industry-standard transport encryption (such as TLS). We also use encryption at rest for certain data stored on our systems using industry-standard encryption methods (for example, AES-256 or equivalent technologies), where appropriate for the system and data type. We use access controls designed around least privilege, multi-factor authentication for administrative access where feasible, environment segmentation, logging and monitoring, vulnerability management, and secure software development practices.
No method of transmission or storage is completely secure. However, we work to continually improve our controls, and we maintain incident response procedures designed to investigate and respond to suspected security events in a timely manner.
8. Data Retention
We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. In practice, this means we generally retain account information while your account is active. If you close your account or request deletion, we will take steps to delete or de-identify personal information in accordance with applicable law and our operational requirements.
We may retain certain information for longer periods where needed for legitimate business purposes such as security, fraud prevention, backups, dispute resolution, enforcing agreements, and complying with legal obligations (for example, retaining certain billing or tax records). Backup systems may store residual copies for a limited period after deletion, after which they are overwritten or otherwise rendered inaccessible in the normal course of operations.
9. Your Privacy Rights and Choices
You may have rights and choices regarding your personal information depending on where you live. These rights may include the right to request access to personal information, the right to request deletion, the right to request correction, the right to obtain a portable copy of certain data, and the right to opt out of certain processing such as the sale or sharing of personal information under the CCPA/CPRA.
To exercise your rights, you (or an authorized agent) can contact us using the methods described in the “Contact Us” section below. We will verify your request consistent with applicable law, which may require us to confirm you have access to the email address or account associated with the request, or to request additional information to prevent fraud. We will not discriminate against you for exercising your rights, although certain features may be unavailable if we cannot process personal information necessary for our products.
If you are using our products through a business or organization (for example, your employer or a customer account), your rights requests for content or account data may need to be directed to that organization, and we may refer your request to them or process it as instructed under our contract with them.
10. California Privacy Notice (CCPA/CPRA)
This section provides additional disclosures for California residents.
Under the CCPA/CPRA, California residents have rights that may include: the right to know/access, the right to delete, the right to correct, the right to data portability, the right to opt out of sale or sharing, and the right to limit the use and disclosure of sensitive personal information (where applicable).
We collect the categories of personal information described in Section 2 above and use them for the business and commercial purposes described in Section 3. We disclose personal information to the categories of recipients described in Section 4. If we engage in practices that constitute “selling” or “sharing” under California law in a particular context, we provide an opt-out mechanism and honor opt-out preference signals such as GPC as required.
11. Children and Minors
Kana System’s products are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, please contact us so we can take appropriate steps to delete the information.
If we learn that we have collected personal information from a child in a manner that requires parental consent, we will take steps consistent with applicable law to obtain consent or delete the information. For minors who are older than 13, additional protections may apply in certain jurisdictions, including California rules for opting in to certain data disclosures in limited circumstances.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we do, we will update the “Last Updated” date above and, where required, provide additional notice (for example, via the Service or email). Your continued use of the Service after an update means you understand the updated policy, to the extent permitted by law.
13. Contact Us
If you have questions, concerns, or requests related to privacy, you can contact Kana Systems by:
Email: privacy@kana.systems
If you are submitting a rights request, please include enough information for us to verify your identity and locate your information (for example, the email address associated with your account). If you use an authorized agent, we may request proof of authorization as permitted by law.