kisenon
DocsLegal
Sign inRequest alpha
ALPHA — these terms will be revised before general availability.

Privacy Policy

Version v1 · Effective 2026-05-23

1. Who we are

The Kisenon service (the “Service”) is operated by Seiraiyu LLC, a Georgia, USA limited liability company. This Privacy Policy explains what data we collect about you, how we use it, who we share it with, and the choices and rights you have.

2. What we collect

Account data, from your identity provider. When you sign in via Google or GitHub we receive: your email address, your name, your avatar URL, and the provider-issued user identifier.

Service usage data. The names and metadata of the projects, branches, and database endpoints you create; the audit log entries describing operations you take (operation type, timestamp, actor, target resource); connection metadata (timestamp, source IP) retained for security and abuse response.

Your database contents. The rows you store in the Postgres branches we host on your behalf. We treat these as encrypted customer data, not as analytics input or training input.

What we do not do. We do not run third-party analytics, advertising pixels, session-replay scripts, or cross-site trackers on this site or the console. We do not sell or rent your personal data.

3. How we use it

  • To provide, secure, and operate the Service.
  • To send transactional email (security alerts, billing once GA, material changes to legal terms).
  • To compute aggregate, non-identifying usage statistics for capacity planning.
  • To investigate abuse, fraud, and security incidents.
  • To comply with legal obligations.

4. Sub-processors and disclosure

We share data with the following categories of recipients:

  • Identity providers (Google, GitHub) — for OAuth sign-in. These vendors see your sign-in request and return your basic profile to us.
  • Network providers — for transit of your requests to our infrastructure.
  • Hyperscaler cold-tier storage — at Phase 3 we may use a public-cloud object store for off-site backup. The specific provider will be listed here when added.
  • Legal process — when compelled by law. We will notify you unless legally prohibited.

We do not sell your personal data. We do not share it with advertisers.

5. Where your data lives

The primary copy of your data is hosted on Seiraiyu-operated infrastructure in the United States. Backups are stored in an S3-compatible object store (currently self-hosted MinIO). If we add a hyperscaler backup region we will update this page before any data is replicated.

6. How long we keep it

  • Database contents and project metadata: while your account is active and for 30 days after deletion (grace period).
  • Audit log entries: 1 year from the event.
  • OAuth refresh tokens: rotated on a 12-hour window; access tokens are rotated approximately every 15 minutes.
  • Aggregate usage statistics: indefinitely, in non-identifying form.

7. Your rights

You may request that we:

  • Confirm whether we hold data about you and disclose what we hold.
  • Provide an export of your account data in a portable format.
  • Correct inaccurate data.
  • Delete your account and the data associated with it (subject to legal retention requirements).

Email legal@seiraiyu.com from the email address on your account. We respond within 30 days. We are not currently SOC 2, ISO 27001, GDPR-certified, or CCPA-certified, but we honor the analogous rights as a matter of policy.

8. Security

Connections to the Service are encrypted in transit with TLS (Let’s Encrypt). Data at rest is encrypted at the storage layer. Production access is restricted to named operators with audit logging. In the event of a confirmed security incident affecting your data we will notify you within 72 hours of confirmation.

9. Cookies

We use only first-party session cookies necessary to operate the Service: authentication cookies issued by NextAuth.js, and a kisenon_tos_accepted cookie that records that you have accepted these Terms. We do not use analytics cookies, advertising cookies, or third-party tracking cookies.

10. Children

The Service is not directed to children under 13 and we do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to this Policy

We may update this Privacy Policy from time to time. For material changes we will notify you by email or in-app at least 14 days before the change takes effect. The current version is identified at the top of this page.

12. Contact

Seiraiyu LLC · Georgia, USA · legal@seiraiyu.com

Seiraiyu LLC · Georgia, USA · legal@seiraiyu.com
Terms · Privacy · Open Source