Kattia (“we”, “us”) is a job-search CRM operated by Levant Group. This policy explains what personal data we collect, why we collect it, and the rights you have over it. It applies to kattia.io and app.kattia.io.
1. Data we collect
We collect data you provide directly, data generated by your use of the product, and data from integrations you authorize:
- Account data: email address, name, password hash (via Supabase Auth) or OAuth identifier (Google).
- Profile data: job target, current role, location, resume text or file you upload.
- Application data: companies, roles, statuses, notes, attachments, timeline events you create or import.
- Google integration (optional): if you connect Google, we access read-only Gmail message metadata and bodies, and read-only Google Calendar events from your primary calendar, to surface interviews in your pipeline. We never send email as you.
- Billing data: subscription status and last-4 card digits (Stripe is the processor; we never see full card numbers).
- Usage data: page views, feature interactions, and errors, via our analytics provider (PostHog). We mask form inputs by default.
2. How we use it
- To operate the product: pipeline tracking, AI features, Gmail synthesis, calendar events.
- To process payments and manage subscriptions.
- To understand usage and improve the product.
- To send transactional email (welcome, billing, account-related notifications).
- To respond to support requests you send us.
We do not sell your data. We do not use your application content to train public AI models.
3. Processors we use
- Supabase — database and authentication (US/EU regions).
- Stripe — payments.
- Anthropic (via our LLM gateway) — AI text processing. Content you send to AI features is transmitted to the model provider under a zero-retention agreement.
- Google — OAuth and, if you authorize it, Gmail read and Calendar events read scopes.
- Resend — transactional email delivery.
- PostHog — product analytics and error capture.
- Vercel — hosting and request logs.
4. Retention
We retain account and application data for as long as your account is active. Billing records are retained for 7 years to meet tax obligations. Gmail content and synced calendar events are fetched on demand and stored only as needed to render the app; you can disconnect Google at any time from account settings.
5. Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data. To exercise any of these rights, email privacy@kattia.io. We respond within 30 days.
EU/UK residents: our legal basis for processing is (a) contract, for account and billing data; (b) legitimate interest, for analytics and product improvement; (c) consent, for the analytics cookie banner.
California residents: you have the right to know what we collect, the right to delete, and the right not to be discriminated against for exercising these rights.
6. Cookies
We use a small number of strictly necessary cookies to keep you signed in. Analytics cookies (PostHog) are set only after you consent via the in-app banner. You can revoke consent at any time from account settings.
7. Security
We encrypt data in transit (TLS 1.2+) and at rest. Row-level security policies enforce user-level isolation on the database. Webhooks are signature-verified. See our Securitypage for more detail.
8. Beta-specific notes
Kattia is currently in closed beta. During the beta period, we may delete test data, change features, or take the service offline for maintenance with limited notice. Feedback you submit may be quoted (anonymously) in public product updates.
9. Changes to this policy
We will update the “Last updated” date when we change this policy. Material changes will be announced by email to active users.
10. Contact
Privacy inquiries: privacy@kattia.io.
General support: support@kattia.io.