Privacy Policy

Last updated: [DATE]

Koneckti (“Koneckti,” “we,” “us,” or “our”) operates a B2B deal marketplace that connects business posters with verified connectors. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what choices you have. By creating an account or using the service, you agree to the practices described below.

1. Information we collect

We collect information that you provide directly to us, information generated automatically as you use the service, and information from third parties you choose to connect.

Account information. When you sign up we collect your name, email address, phone number (verified by SMS), and password. If you sign in with LinkedIn, Google, or Apple, we receive the profile fields those providers share with us at the time you authorize the connection.

Company and deal information.When you post a deal we collect the company name, business email, business phone, website, mailing address, region, category, and the descriptive content of the deal (what you have, what you’re looking for, and the reward you’re offering to the connector). Company-identifying fields stay masked from other users until you accept a connection request.

Payment metadata. When you pay for a Standard or Featured listing we record the tier, amount, currency, transaction reference, and status returned by our payment processor. We do notsee or store full payment card numbers, bank account numbers, or CVV codes — those are handled directly by Stripe or PayPal under their own security controls.

Technical information. We log the IP address, browser user-agent, request timestamps, and approximate region of requests made to our service. We use this for security, abuse prevention, rate limiting, and operational diagnostics.

Communications. Messages exchanged through the platform are stored on our infrastructure so participants can revisit the thread. Support requests sent to us by email are stored in our support inbox.

2. Why we collect this information

To run your account. Email, password, and phone are used to authenticate you, recover access, and protect the account from takeover.

To enable matching. The deal content, region, and category fields are how connectors discover relevant opportunities. We do not sell this information; it is shown to authenticated users browsing the feed in accordance with the visibility rules of the platform.

To process payments. Payment metadata is needed to confirm that a paid listing has been purchased, to honor renewals, and to handle disputes or chargebacks if they arise.

To send transactional notifications. Your email and phone number are used to send account verifications, password resets, new-connection alerts, accepted-match alerts, payment receipts, and other operational notices. You can opt out of non-essential email categories in your profile.

To prevent fraud and abuse. IP address, phone-number metadata, and account-history signals help us detect duplicate accounts, disposable phone numbers, scraping, and other behavior that violates our Terms of Service.

3. Cookies and tracking

We use cookies only for authentication: a session cookie issued by Supabase Auth keeps you signed in across page loads. We do not currently run third-party analytics, advertising pixels, or cross-site tracking cookies. If we add analytics in the future we will update this policy and, where required by law, present a consent banner before any non-essential cookie is set.

4. Third parties we share with

We do not sell your personal information. We share information with a small set of service providers strictly to operate the platform:

Supabase— hosts our database, authentication system, and file storage. All account data, deal content, messages, and attachments live in Supabase infrastructure.

Stripe— processes credit-card payments on the Standard and Featured tiers. Stripe receives the cardholder details and returns us a transaction reference.

PayPal— processes payments made through PayPal checkout. PayPal receives your PayPal account identifier and returns us a capture reference.

Twilio— sends one-time SMS codes for phone verification and performs carrier-lookup checks to block disposable numbers.

Resend— delivers transactional email (welcome messages, password resets, deal-published confirmations, connection alerts).

LinkedIn, Google, and Apple— if you choose to sign in with one of these providers, that provider authenticates you and shares the profile fields you authorize. You may revoke the connection at any time from the provider’s account settings.

We may also disclose information when we are legally required to do so (subpoena, court order, valid law enforcement request) or when we reasonably believe disclosure is necessary to protect the rights, property, or safety of Koneckti, our users, or the public.

5. Data retention

We retain account data for as long as your account is active. Closed deals and their associated metadata may be retained for record-keeping and dispute-resolution purposes. Payment metadata is retained for the period required by tax and accounting regulations in the relevant jurisdiction. Verification and authentication logs are retained for fraud-investigation purposes and then purged.

6. Your rights

Subject to applicable law, you have the right to access the personal information we hold about you, request correction of inaccurate information, request deletion, request a portable copy of your data, and opt out of marketing emails. Operational notifications (password resets, payment receipts, connection requests on your own deals) cannot be disabled while your account is active.

Self-service flows for export and deletion are being rolled out. In the meantime, send a request to privacy@koneckti.com from the email address on the account and we will respond within a reasonable time frame consistent with our legal obligations.

7. Security

We use industry-standard safeguards including HTTPS everywhere, hashed-and-salted passwords, row-level security in the database, signed URLs for private file downloads, content-security-policy headers, and rate limiting against abusive endpoints. No system is perfectly secure; if we learn of a breach affecting your personal information we will notify you in accordance with applicable law.

8. Children

Koneckti is a business-to-business service and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, please contact privacy@koneckti.com and we will delete the account.

9. International transfers

Koneckti is operated from the United States. By using the service from outside the United States you understand that your information will be transferred to, processed in, and stored in the United States and other jurisdictions where our service providers operate.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above. Material changes will be communicated by email or by a notice in the product before they take effect.

11. Contact

Questions about this policy or requests about your information can be sent to privacy@koneckti.com.