Privacy Policy

Kyneva ("the Service", "we") is a multi-channel e-commerce analytics service operated by GeckoAI.app, a company incorporated under US law and headquartered in the United States.

Contact: developers@geckoai.app

EU representative: for any questions relating to the personal data of EU residents, please contact us at developers@geckoai.app — we handle requests within 30 days.

When you connect an e-commerce platform (Shopify, WooCommerce, PrestaShop, Stripe, BigCommerce, eBay, Etsy, TikTok Shop, Amazon Selling Partner), Kyneva accesses the following data in read-only mode via official APIs:

• Store information: name, identifier, currency, time zone, country.

• Product catalog: titles, descriptions, prices, stock, categories, images, SKU.

• Orders: number, date, amount, status, payment method, items ordered.

• Aggregated customer data: postal code, city, country. We never read the full name, exact address, phone number, or email of your store's end customers.

• Aggregated financial data: revenue, average order value, return rate, transaction fees.

Kyneva account: email, preferred language, Supabase user ID.

We use this data exclusively to:

• Display your consolidated sales statistics in the Kyneva dashboard.

• Generate automatic alerts about your sales (out-of-stock, unusual drop, demand spike).

• Produce contextual analyses from our AI Analyst assistant.

• Monitor the technical health of the connection (API logs, error rate).

We never sell your data. We do not use it to target your account with third-party advertising. We do not share it with any third party outside the technical sub-processors listed in section 6.

The processing of data through Kyneva is based on the performance of the contract you accept when creating your account (Article 6(1)(b) of the GDPR).

Data from your end customers (aggregated postal codes) is processed on the basis of the merchant's legitimate interest in analyzing their sales (Article 6(1)(f)).

• Order and product data: for as long as your platform connection remains active. Upon disconnection, deletion within 90 days.

• Kyneva account: for as long as the account is active, then deletion within 30 days of your request.

• Technical logs: rolling 90 days.

You can disconnect a connector at any time (Settings → Integrations → Disconnect), which immediately revokes our OAuth tokens and triggers deletion.

To provide the service, we use the following sub-processors, all contractually bound to comply with GDPR obligations:

• Supabase (database and authentication) — EU/US.

• Vercel (application hosting) — US, compliant with DPF (EU-US Data Privacy Framework).

• Anthropic Claude (AI model for the Analyst, no training on your data) — US.

• Perplexity Sonar (market intelligence search for competitive monitoring, queries only, no customer data transmitted) — US.

No other third party has access to your data.

All communications between Kyneva and your connected platforms are encrypted with TLS 1.2+. OAuth tokens are stored encrypted in the database. Session cookies are HttpOnly + Secure + SameSite=Lax. We apply the principle of least privilege: we only request the scopes strictly necessary to display your statistics.

Under Articles 15 to 22 of the GDPR, you have the following rights:

• Right of access to your data.

• Right to rectification.

• Right to erasure ("right to be forgotten").

• Right to restriction of processing.

• Right to data portability.

• Right to object.

To exercise these rights, write to developers@geckoai.app with the subject line "GDPR". We respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority (e.g. CNIL in France, ICO in the UK) or the supervisory authority in your country of residence.

Kyneva only uses cookies strictly necessary for the operation of the service (session, language preference, theme). No marketing tracking cookies, no third-party analytics cookies.

We may update this policy in response to regulatory changes or new features. In case of a material change, we will notify you by email at least 30 days before it takes effect.

For any questions about this policy or your data: developers@geckoai.app