KonduitTerms of Service →

PRIVACY POLICY

Effective Date: June 11, 2026 Last Updated: June 11, 2026

This Policy may change over time. When changes are material, we will update the Effective and Last Updated dates above and provide notice as described in Section 14.

This Privacy Policy explains how Team Einherjar LLC ("Konduit," "we," "us," or "our") collects, uses, shares, and protects personal information when you use Konduit, our business-operations platform available at konduit.work (the "Service").

We are the controller of the personal information described in this Policy, except for Customer Content, for which we generally act as a processor (see Section 1). If you have questions or wish to exercise your privacy rights, contact us at support@konduit.work.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.

1. Who We Are and How This Policy Works

Konduit is a software-as-a-service platform that lets businesses manage tasks, build data tables, create forms, run automations, generate documents, and view dashboards. We provide the Service primarily to businesses and the people who work within them.

Throughout this Policy:

  • "You" means the individual using the Service, whether as a workspace owner, member, guest, or someone who submits a public form.
  • "Workspace" means the collaborative environment where your team's content lives.
  • "Customer Content" means the data you and your collaborators create or upload into a workspace (tasks, table rows, form submissions, documents, files, comments, and similar).

When you use Konduit as part of an organization's workspace, that organization (typically the workspace owner) controls the workspace and its content. For that Customer Content, we generally act as a processor on the organization's behalf, and the organization acts as the controller. For account-level and billing data described below, and for our own operational and security purposes, we act as a controller.

2. Information We Collect

2.1 Account and Profile Information

When you create an account or sign in, we collect:

  • Name — your full name or display name (which may come from your Google profile or be entered by you).
  • Email address — required to create and access your account; it also serves as your unique identifier and as the address to which we send account and deletion notices.
  • Email verification status — whether your email has been confirmed.
  • Profile image — your avatar, either provided through Google sign-in or uploaded by you.
  • Avatar color — a color you select for your profile display.
  • Password — if you sign up with email and password, we store only a securely hashed version of your password. We never store your password in plain text. If you sign in with Google, we do not store a password at all.
  • Authentication method — whether you sign in via email/password or via Google.

2.2 Google Sign-In Information

If you choose to sign in with Google, we receive your name, email address, and profile picture from Google at the time you authorize the connection. We also store the authentication tokens necessary to maintain your sign-in session and refresh it when needed, along with the scope of permissions you consented to.

Google API Limited Use Disclosure. Konduit's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We use the Google account information described above solely to authenticate you and provide the sign-in feature. We do not use Google user data for advertising, do not sell it, and do not transfer it to others except as necessary to provide and improve the Service, comply with applicable law, or as part of a merger or acquisition.

2.3 Session and Activity Information

To keep you signed in and to power collaboration features, we collect:

  • Session tokens and their expiry (sessions use a rolling window of approximately 30 days).
  • Last active timestamp — updated periodically when you load the application, used to power features such as showing who is currently active in a workspace and to determine workspace inactivity (see Section 8.2).
  • Last workspace accessed — so we can return you to where you left off.
  • Notification preferences — your choices about which notifications you receive in-app and by email.
  • Account status — whether your account has been disabled by an administrator.

2.4 Customer Content You Create

When you and your collaborators use the Service, you create content that may contain personal information. This includes:

  • Tasks, lists, projects, and their metadata (titles, descriptions, assignees, due dates, status, priority, time estimates, time-tracking entries, checklists).
  • Custom field definitions and values.
  • Data table rows and structured data.
  • Comments, @mentions of other users, and emoji reactions.
  • File attachments you upload (we store the file along with metadata such as filename, size, and file type).
  • Documents, dashboards, automations, and calendar or project scheduling data.
  • An activity log recording who changed what and when within a workspace, including previous and updated values, to provide an audit trail.

You control what you put into Customer Content. We ask that you not submit sensitive personal information (such as government identifiers, health information, or financial account numbers) into free-text or content fields, as the Service is not designed to handle special categories of data.

2.5 Form Submissions

If you publish a public form, people who submit that form provide the information requested in the form. For abuse prevention and security, we also record the submitter's IP address with the submission. A submission made through a public form is treated as Customer Content of the workspace that owns the form and does not by itself count as workspace activity for purposes of Section 8.2.

2.6 Billing Information

When you subscribe to a paid plan, our payment processor (Stripe) collects and processes your payment details. We do not collect or store full payment card numbers on our servers — card data is handled entirely by Stripe. We retain:

  • A customer identifier and subscription identifier linking your workspace to its billing record with our payment processor.
  • Your current plan, plan status, expiry dates, and any billing grace period.
  • Payment failure status, where applicable.
  • Seat count (the number of workspace members), used to calculate per-seat charges.
  • Usage metrics relevant to your plan limits (such as storage used, automation/AI actions consumed, API calls, and form submissions).
  • Add-on purchases.

Any billing address or tax information you provide during checkout is collected and held by our payment processor.

2.7 Technical, Log, and Usage Information

We automatically collect certain information when you use the Service:

  • IP address — recorded at form submission and password-reset request, and present in our server logs, used primarily for security and abuse detection.
  • Device and browser information — such as your user agent, present in standard request headers, used for debugging and security.
  • Cookies and session identifiers — described in Section 7.
  • Usage data — such as page views, feature interactions, API usage patterns, and resource consumption, used to operate the Service and enforce plan limits.
  • Error and diagnostic logs — generated by our systems. We take steps to sanitize these logs to avoid capturing unnecessary personal information.

2.8 Communications and Support

If you contact us for support or otherwise communicate with us, we collect the information you provide in those communications.

3. How We Use Your Information

We use personal information for the following purposes:

Purpose Examples
Provide and operate the Service Create and maintain your account, host and display Customer Content, power collaboration and notifications.
Authenticate you Verify your identity at sign-in via password or Google.
Process payments Manage subscriptions, seats, add-ons, renewals, and billing through our payment processor.
Send transactional email Password resets, email verification, workspace invitations, notifications, scheduled reports, and inactivity/deletion notices, via our email delivery provider.
Send product and (where applicable) marketing email Service updates and, only where permitted, optional product communications you can opt out of.
Security and abuse prevention Detect, investigate, and prevent fraud, spam, abuse, and unauthorized access.
Manage resources Determine workspace inactivity and apply the retention and deletion practices in Section 8.
Provide support Respond to your requests and troubleshoot issues.
Improve the Service Understand usage to maintain, enhance, and develop features.
Comply with law Meet legal, tax, and regulatory obligations and respond to lawful requests.

We do not use your Customer Content to train artificial-intelligence or machine-learning models, and we do not authorize our AI providers to use your Customer Content to train their models. We process Customer Content through AI features only to generate the output you request when you choose to use those features.

To operate, maintain, secure, support, and debug the Service, our authorized personnel may access your Customer Content where reasonably necessary (for example, to diagnose and fix technical problems, investigate suspected abuse or security incidents, or respond to a support request you have made). We limit such access to what is reasonably necessary for these purposes, and our personnel are subject to confidentiality obligations. This access may include your workspaces and the content within them and, where reasonably necessary to provide support you have requested or to protect the security and integrity of the Service, performing actions within your workspace on your behalf.

4. Legal Bases for Processing (GDPR / UK GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases:

  • Performance of a contract — to provide the Service, authenticate you, and process billing under our Terms of Service.
  • Legitimate interests — to secure the Service, prevent abuse, send transactional email, manage resources (including deletion of inactive free workspaces), analyze usage to improve the product, and operate our business, where those interests are not overridden by your rights.
  • Consent — for optional marketing communications and non-essential cookies. You may withdraw consent at any time.
  • Legal obligation — to retain financial records and comply with applicable law.

Where we process Customer Content on behalf of a workspace owner, that owner is responsible for establishing the legal basis for processing the personal information they collect from their own users.

5. How We Share Information

We do not sell, rent, or trade your personal information, Customer Content, or workspaces, and we do not share them for advertising or for any third party's own marketing. We share information only as described below.

5.1 Within Your Workspace

Customer Content is shared with the other members and guests of your workspace, according to the roles and permissions configured by the workspace owner. Your profile information (name, email, avatar) is visible to collaborators in workspaces you join.

5.2 Service Providers and Sub-Processors

We engage trusted third parties to help us operate the Service. These currently include:

  • Cloud infrastructure provider — provides hosting, compute, data storage, caching, file storage, and real-time coordination for the Service.
  • Payment processor (Stripe) — processes payments and manages subscriptions. We share the customer email, workspace name, seat count, and plan/add-on tier; billing and card details are provided by you directly to the processor.
  • Google — provides the optional Google sign-in feature. We receive identity information from Google as described in Section 2.2.
  • Email delivery provider — delivers transactional and other Service emails. We share recipient email addresses and the content of those emails, which may include workspace or task information depending on the email type.
  • AI model providers — power the Service's AI-assisted features (such as the assistant and the workspace generator). When you use an AI feature, the prompt and the workspace data needed to fulfill your request are sent to and processed by the provider to generate a response, subject to the provider's terms. We do not authorize these providers to use your Customer Content to train their models.

We maintain a current list of sub-processors and will make it available on request. We require our sub-processors to protect personal information consistent with this Policy. We will provide notice of material changes to our sub-processors to affected customers where required.

We do not share personal information with third-party advertising networks or third-party analytics platforms.

5.3 Legal and Safety Disclosures

We may disclose information if we believe in good faith that it is necessary to comply with a law, regulation, legal process, or governmental request; to enforce our Terms of Service; to detect, prevent, or address fraud, security, or technical issues; or to protect the rights, property, or safety of Konduit, our users, or the public.

5.4 Business Transfers

If Konduit is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information, and any choices you may have.

6. International Data Transfers

We are based in the United States, and our service providers may process your information in the United States and other countries. These countries may have data-protection laws that differ from those in your country.

Where we transfer personal information out of the EEA, the United Kingdom, or Switzerland, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses and/or the EU-U.S. Data Privacy Framework (and its UK and Swiss extensions) as adopted by our service providers, together with supplementary measures where appropriate. You may request more information about these safeguards using the contact details in Section 15.

7. Cookies and Similar Technologies

We use a small number of cookies and similar technologies:

  • Essential cookies — including a session cookie that keeps you signed in (httpOnly, secure, set to SameSite=Lax) and an invitation-tracking cookie used when you follow an invite link. These are necessary for the Service to function and do not require consent.
  • Functional storage — local storage we use to remember your preferences and improve your experience.

We do not use third-party advertising or cross-site tracking cookies. Where non-essential cookies are used and consent is required in your jurisdiction, we will request it. You can control cookies through your browser settings, though disabling essential cookies may prevent the Service from working.

We honor recognized browser-based opt-out preference signals (such as Global Privacy Control) where required by law.

8. Data Retention and Deletion

We keep personal information only as long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law.

8.1 Active Accounts and Workspaces

We retain your account information and Customer Content for as long as your account or workspace is active, so that the Service remains available to you and your collaborators.

8.2 Deletion of Inactive Free Workspaces

Free workspaces are subject to deletion after a period of inactivity. A free workspace is considered inactive if, for a continuous period of 12 consecutive months, no member has (a) successfully signed in to that workspace or (b) taken an action within that workspace that we record as member activity (such as creating or editing content). For clarity, automated events and submissions made by non-members through a public form do not count as member activity and do not keep a workspace active.

Before deleting an inactive free workspace, we will:

  1. Send at least one advance notice email to the workspace owner's account email address on file, warning that the workspace is scheduled for deletion;
  2. Provide a grace and reactivation window of at least 30 days, during which any member simply signing in to the workspace will reactivate it and cancel the scheduled deletion; and
  3. After the grace window expires without reactivation, permanently delete the workspace and all associated Customer Content.

It is your responsibility to keep your account email address current so that you receive these notices. Deletion of an inactive free workspace is permanent and irreversible. We strongly encourage free-tier users to export and back up any data they wish to keep. Active paid workspaces are exempt from this inactivity-deletion policy and are retained for as long as the subscription remains active (including any applicable billing grace period).

8.3 Deleted Content and Trash

Where the Service offers a trash or restore feature, items you delete may be held in a recoverable state for a period of time before they are permanently removed, so that you can undo accidental deletions. We do not guarantee any particular recovery window, that deleted content will remain recoverable, or that any specific item can be restored; recovery availability may differ by feature and may change at any time. You should not rely on the trash as a backup. We strongly encourage you to export and keep your own copies of any content you wish to retain.

8.4 Account and Workspace Deletion by You

When a workspace owner deletes a workspace, the workspace's Customer Content is permanently deleted, and related records (such as memberships, invitations, lists, tasks, tables, and forms) are removed. We may retain a minimal record of your user account to preserve the integrity of related data and to meet legal obligations; such retained accounts cannot be used to sign in.

8.5 Billing and Legal Records

We retain billing and transaction records for as long as required to meet tax, accounting, and legal obligations (commonly up to 7 years), after which they are deleted or anonymized.

8.6 Logs

Operational logs are retained for a limited window for security, abuse-prevention, and troubleshooting, and are then cycled out in the ordinary course. We do not offer data backup or restoration as a service. You are responsible for exporting and retaining your own copies of any Customer Content you wish to preserve. Residual copies of information may persist briefly in routine system logs or transient caches after deletion from active systems before being overwritten.

9. Security

We take reasonable and appropriate technical and organizational measures to protect personal information, including:

  • Encryption of data in transit using TLS/HTTPS;
  • Storage of passwords only in securely hashed form;
  • Authentication via password or Google sign-in, with access controls limiting who can access workspace data;
  • Sanitization of error logs to reduce exposure of personal information.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for the security of the data you choose to upload. If we become aware of a security incident affecting your personal information, we will notify you and the appropriate authorities as required by applicable law.

10. Your Privacy Rights

Depending on where you live, you may have some or all of the following rights:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct inaccurate or incomplete information.
  • Deletion — request deletion of your personal information.
  • Portability — receive certain information in a portable format. The Service also provides self-service export of much of your Customer Content (for example, as CSV).
  • Restriction and objection — restrict or object to certain processing.
  • Withdraw consent — withdraw consent where processing is based on consent, without affecting prior processing.

To exercise these rights, contact us at support@konduit.work. We will respond within the timeframe required by applicable law (generally within 30 days under GDPR and 45 days under California law, subject to extension where permitted). We may need to verify your identity before fulfilling your request. We will not discriminate against you for exercising your rights.

You may use an authorized agent to submit a request on your behalf where permitted by law. We may require the agent to provide proof of authorization and may require you to verify your own identity directly with us.

Where Konduit processes Customer Content on behalf of a workspace owner, we will direct requests relating to that content to the relevant workspace owner, who is the controller of that information.

10.1 European, UK, and Swiss Users

If you are in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local data-protection supervisory authority. We do not use your personal information for automated decision-making that produces legal or similarly significant effects about you. Team Einherjar LLC has no establishment in the EEA, UK, or Switzerland and does not target or knowingly offer the Service to individuals in those regions; accordingly, we are not required to appoint a representative under Article 27 of the EU/UK GDPR. Should this change, we will appoint a representative and update this Policy.

10.2 California and Other U.S. State Residents

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), provides you the rights to know, access, delete, and correct your personal information, and to opt out of the "sale" or "sharing" of your personal information and to limit the use of sensitive personal information.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. Because we do not sell or share personal information in this way, we do not offer a "Do Not Sell or Share My Personal Information" link; this entire section serves as our disclosure of that fact. We do not knowingly collect or process sensitive personal information for the purpose of inferring characteristics about you.

In the prior 12 months, we have collected the categories of personal information described in Section 2 for the business purposes described in Section 3, and disclosed certain categories to the service providers described in Section 5 for those business purposes. We retain each category of personal information for the periods described in Section 8, or, where no specific period is stated, for as long as reasonably necessary for the purpose for which it was collected.

Residents of other U.S. states with comprehensive privacy laws (including, as of 2026, states such as Indiana, Kentucky, and Rhode Island, among others) may have similar rights to access, correct, delete, and obtain a portable copy of their personal information, and to opt out of targeted advertising, sale, and certain profiling. You may exercise these rights using the contact information in Section 15. You may appeal a decision we make about your request by replying to our response; if we deny your appeal, you may contact your state attorney general.

11. Sensitive Information

The Service is not intended to store special categories of personal data or "sensitive personal information." We do not intentionally collect such information, and we ask that you not enter it into content, free-text, or form fields. You are responsible for the data you and your collaborators choose to submit.

12. Children's Privacy

The Service is a business tool and is not directed to children under the age of 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal information, please contact us and we will take steps to delete it.

13. Copyright Complaints

If you believe Customer Content hosted on the Service infringes your copyright, you may send a notice to support@konduit.work. We may remove or disable access to allegedly infringing content and may terminate accounts of repeat infringers.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date above and, where appropriate, notify you by email or through the Service. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, contact us at:

Team Einherjar LLC Attn: Privacy New York, New York, United States Email: support@konduit.work

← Back to Konduit