Privacy policy

Draft — not legal advice. Operator must run this past a qualified UK / EU privacy lawyer before publication. Placeholders are marked [bracketed].

Last updated: (insert date on publication) Effective: (insert date on publication)

1. Who we are

knownly ("we", "us", "the service") is operated by marangonijunior Limited (company number 16641108), a private company limited by shares registered in England and Wales. The data controller for the purposes of UK GDPR and EU GDPR is marangonijunior Limited, reachable at contact@marangonijunior.co.uk.

2. What we collect

We collect only what we need to make knownly work.

• Your assessment answers. The 40 Likert responses, your computed scores, the share-slug for your report, and an optional display name.
• Your email address — only if you create an account or buy a paid report. We use it to send magic-link sign-in URLs, receipts, and (one time only) a follow-up email three days after your assessment.
• Payment metadata — handled by Stripe. We see order ID, amount, currency, status, and the email you gave Stripe; we never see card numbers.
• Feedback you submit — text you write in the feedback form, including your display name and email if you choose to provide them.
• Server logs — IP address, user agent, and request path, kept for 30 days for abuse prevention and operational debugging, then deleted.
• Analytics — we use Plausible, a privacy-respecting analytics tool. Plausible does not use cookies and does not collect personally identifiable information. See plausible.io/privacy.
• Firebase Analytics (Google) — if you accept the cookie consent banner. We use Firebase Analytics to understand which pages people find useful. This is a non-essential cookie. Data flows to Google as a sub-processor. You can decline (no data sent) or change your mind later by clearing the knownly_consent_v1 cookie. See firebase.google.com/policies/analytics and policies.google.com/privacy.

We do not sell, rent, or share your data with advertisers.

3. What we do with it

• Assessment answers + scores — to generate your free preview and, if you pay, your full report.
• Email — to send sign-in links, receipts, the one-time follow-up email, and (if you opt in) a single feedback request. You can unsubscribe from any of these at any time.
• Payment metadata — to fulfil paid orders, issue refunds when requested, and meet our accounting obligations.
• Feedback — to improve knownly. We may publish approved feedback with your display name (if you consented to display) on the landing page or About page.
• Server logs — to keep the service running safely and respond to abuse.

We do not use your data to train any third-party AI model. The AI content in your report (prayer, reflection) is generated by Anthropic Claude at the moment you request the report; we send your DISC blend and language to Anthropic's API and receive the generated text. Anthropic's data-handling terms apply to that exchange; see anthropic.com/privacy.

4. Where it lives

knownly is hosted in the European Union (Vercel EU region, Neon EU region). Email is sent via Resend. Payments are processed via Stripe. AI generation is performed via Anthropic (US/EU). Analytics, if you accept the banner, are processed by Google (Firebase Analytics). All processors are bound by their respective data-processing agreements.

5. How long we keep it

• Account + assessments you own: until you delete your account. Then everything is removed.
• Anonymous assessments (no account attached): automatically deleted twelve (12) months after creation.
• Server logs: 30 days.
• Payment records: retained for seven (7) years as required by UK / EU accounting law, even if you delete your account; we will retain only the minimum required fields (order ID, amount, date, VAT, customer email at time of purchase).
• Feedback: kept until you ask us to remove it.

6. Your rights

Under UK GDPR and EU GDPR you have the right to:

• Access the data we hold on you (export at /api/me/export)
• Correct anything inaccurate
• Delete your account and all associated data (/api/me/delete)
• Object to processing for marketing (we don't do marketing emails, but the legal right stands)
• Restrict processing in some circumstances
• Portability — your export is in JSON, suitable for moving to another service
• Complain to the UK ICO (ico.org.uk) or your local EU data protection authority

To exercise any of these rights, use the in-app controls or email contact@marangonijunior.co.uk.

7. Cookies

Strictly-necessary cookies (no consent required):

• A session cookie when you are signed in (HTTP-only, secure, SameSite=Lax, 30-day refresh)
• A cookie to remember your language preference
• A cookie to remember whether you've dismissed any banners
• knownly_consent_v1 — records your choice on the non-essential cookie banner so we don't show it on every page

Non-essential cookies (consent required, fired only if you accept the banner):

• Firebase Analytics (Google) — measurement and event tracking cookies. Lets us see which pages are most visited. You can decline; the SDK is not loaded if you do.

You can change your mind at any time by clearing the knownly_consent_v1 cookie — the banner will reappear on your next visit.

8. Children

knownly is intended for users aged 16 and over. We do not knowingly collect data from anyone under 16. If you believe a child has used the service, please contact contact@marangonijunior.co.uk and we will delete the relevant data.

9. Changes to this policy

We will update this policy when it needs updating. Material changes will be summarised at the top of the page and, where applicable, emailed to signed-in users. The "last updated" date at the top of this page is always current.

10. Contact

For any privacy question or request: contact@marangonijunior.co.uk.