KINNIPrivacy Policy
Last Updated: February 3, 2026
1. Introduction
This Privacy Policy explains how Monolith Inc. ("Kinni", "we", "us") collects, uses, and protects your personal information when you use our services. DATA CONTROLLER: Monolith Inc. is the data controller responsible for your personal information. Our registered address is 3F-J447, 408-1 Bongcheon-ro, Gwanak-gu, Seoul, South Korea. For privacy inquiries, contact us at june@kinni.ai. We are committed to protecting your privacy and being transparent about our data practices in compliance with applicable data protection laws, including GDPR and Korea's Personal Information Protection Act (PIPA).
2. Information We Collect
We collect information in the following categories: (a) INFORMATION YOU PROVIDE: Name, email address, social media profile URLs (YouTube, Instagram, TikTok), payment information, and any communications you send us. (b) AUTOMATICALLY COLLECTED INFORMATION: IP address, browser type, device information, operating system, referring URLs, pages visited, and timestamps when you visit our website. (c) INFORMATION FROM THIRD PARTIES: Public social media data, analytics data from platforms you connect, and information from brand partners regarding collaborations. (d) AI-RELATED DATA PROCESSING: We process your email communications and brand interactions to train and improve our AI models. You may opt out of AI model training by contacting us at june@kinni.ai. Opting out will not affect your ability to use our services.
3. How We Use Your Information
We use your information for the following purposes with the corresponding legal bases: (a) SERVICE PROVISION (Legal basis: Contract performance): To provide our creator management services, facilitate brand matching, process transactions, and communicate about your account. (b) SERVICE IMPROVEMENT (Legal basis: Legitimate interests): To analyze usage patterns, improve our AI algorithms, enhance user experience, and develop new features. (c) MARKETING (Legal basis: Consent): To send promotional communications about our services. You may opt out at any time. (d) LEGAL COMPLIANCE (Legal basis: Legal obligation): To comply with applicable laws, regulations, and legal processes. (e) AUTOMATED DECISION-MAKING: We use AI to assist with brand matching recommendations and pricing suggestions. You have the right to request human review of any automated decision that significantly affects you.
4. Information Sharing
WE DO NOT SELL YOUR PERSONAL INFORMATION. We may share your data with: (a) SERVICE PROVIDERS: Third parties who assist our operations under data processing agreements, including: Railway (cloud infrastructure, Singapore), Stripe (payment processing, USA), PostHog (analytics, EU). All service providers are bound by Data Processing Agreements (DPAs) requiring them to protect your information. (b) BRAND PARTNERS: Limited profile information necessary for brand matching, only with your consent. (c) LEGAL REQUIREMENTS: When required by law, court order, or government request. (d) BUSINESS TRANSFERS: In connection with a merger, acquisition, or sale of assets, with notice to you.
5. Data Security
We implement industry-standard security measures to protect your personal information, including: encryption in transit (TLS 1.3) and at rest (AES-256), access controls and authentication, regular security assessments, and employee training. However, no method of transmission over the internet is 100% secure. In the event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as required by law.
6. Data Retention
We retain your personal information for the following periods: (a) ACCOUNT DATA: For the duration of your account plus 3 years after account closure. (b) TRANSACTION RECORDS: 7 years after the transaction date (legal requirement for tax and accounting purposes). (c) COMMUNICATION RECORDS: 3 years after the communication. (d) TECHNICAL LOGS: 12 months. (e) AI TRAINING DATA: Anonymized data may be retained indefinitely; identifiable data is deleted upon request. DELETION PROCESS: Upon account deletion request, we will delete your active data within 30 days and backup data within 90 days, except where retention is required by law.
7. Your Rights
Under applicable data protection laws, you have the following rights: (a) RIGHT OF ACCESS: Request a copy of your personal data. (b) RIGHT TO RECTIFICATION: Request correction of inaccurate data. (c) RIGHT TO ERASURE: Request deletion of your data ("right to be forgotten"). (d) RIGHT TO RESTRICT PROCESSING: Request limitation of how we use your data. (e) RIGHT TO DATA PORTABILITY: Receive your data in a machine-readable format. (f) RIGHT TO OBJECT: Object to processing based on legitimate interests or for direct marketing. (g) RIGHT TO WITHDRAW CONSENT: Withdraw consent at any time where processing is based on consent. (h) RIGHT REGARDING AUTOMATED DECISIONS: Request human review of automated decisions. We will respond to your requests within 30 days. To exercise these rights, contact us at june@kinni.ai. If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with: Korea Personal Information Protection Commission (PIPC), or your local EU Data Protection Authority if you are in the EU/EEA.
8. Cookies and Tracking
We use cookies and similar technologies to enhance your experience and analyze usage patterns. TYPES OF COOKIES: (a) Essential cookies: Required for service operation. (b) Analytics cookies: Help us understand how you use our services (PostHog). (c) Preference cookies: Remember your settings and preferences. You can control cookie settings through your browser. We use PostHog for analytics to understand how users interact with our services.
9. International Data Transfers
Kinni is operated from Seoul, Republic of Korea. Your personal information may be transferred to and processed in countries outside your residence, including Singapore (Railway cloud infrastructure) and the United States (Stripe payment processing). TRANSFER MECHANISMS: We use Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to countries without adequate data protection. SAFEGUARDS: All international transfers are protected by encryption, access controls, and contractual obligations. We can provide a copy of our Data Processing Agreements upon request.
10. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us immediately, and we will delete it promptly.
11. California Privacy Rights
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA): (a) Right to know what personal information we collect and how it is used. (b) Right to delete your personal information. (c) Right to opt out of the sale of personal information (we do not sell personal information). (d) Right to non-discrimination for exercising your privacy rights. To exercise these rights, contact us at june@kinni.ai.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes at least 30 days before they take effect by posting a notice on our website or sending you an email. Your continued use of our services after changes constitutes acceptance.
13. Google API Services User Data
YOUTUBE DATA ACCESS: When you connect your YouTube channel to Kinni, we access the following data through YouTube API Services: (a) Channel information (name, subscriber count), (b) Video metadata (titles, descriptions, publish dates), (c) Analytics data (views, watch time, audience demographics), (d) Revenue data (if you are a YouTube Partner Program member and provide consent). OAUTH SCOPES: Kinni requests the following OAuth scopes to provide our services: (a) youtube.readonly - to access your channel and video information for analytics, (b) yt-analytics.readonly - to retrieve viewing statistics and audience insights, (c) yt-analytics-monetary.readonly - to access revenue data for YouTube Partner Program members, (d) youtube.force-ssl - to enable comment management features upon your request. PURPOSE OF USE: We use this data solely to: (a) Provide analytics dashboards and insights, (b) Generate personalized content recommendations specific to your channel, (c) Track your channel's performance over time. AI AND MACHINE LEARNING: Your YouTube data is NOT used to train general-purpose AI or machine learning models. We only use your data to provide personalized recommendations and insights specific to your account. GOOGLE API SERVICES USER DATA POLICY COMPLIANCE: Kinni's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: (a) We do not sell your YouTube data, (b) We do not use your YouTube data for advertising purposes, (c) We do not share your YouTube data with third parties except essential service providers bound by data protection agreements, (d) You can delete your YouTube data at any time by disconnecting your channel or contacting us at june@kinni.ai. REVOKING ACCESS: You may revoke Kinni's access to your Google account at any time by visiting https://myaccount.google.com/permissions and removing Kinni from the list of connected apps. DATA RETENTION: YouTube data is retained only as long as your channel is connected. Upon disconnection or account deletion, all YouTube-specific data is deleted within 30 days. RELATED POLICIES: For more information, please visit: Google Privacy Policy (https://policies.google.com/privacy), YouTube Terms of Service (https://www.youtube.com/t/terms)
14. Instagram API Services User Data
INSTAGRAM DATA ACCESS: When you connect your Instagram Business or Creator account to Kinni, we access the following data through the Instagram API: (a) Profile information (id, username, name, profile_picture_url, followers_count, follows_count, media_count, biography, website, account_type), (b) Media metadata (posts, reels, stories), (c) Engagement metrics (reach, impressions, likes, comments, saves), (d) Audience demographics, (e) Direct messages (only with separate consent for DM automation features). OAUTH SCOPES: Kinni requests the following OAuth scopes to provide our services: (a) instagram_business_basic - to access your profile information and media for analytics, (b) instagram_business_manage_insights - to retrieve engagement metrics and audience demographics, (c) instagram_business_manage_comments - to analyze comment sentiment and engagement patterns, (d) instagram_business_manage_messages - to enable DM automation features (requires separate consent). OPTIONAL DM ACCESS: Direct message access (instagram_business_manage_messages) is an optional feature that requires explicit, separate consent. If enabled, we process only the first 200 characters of messages for classification purposes. PURPOSE OF USE: We use this data solely to: (a) Provide analytics dashboards and performance insights, (b) Generate AI-powered content recommendations specific to your account, (c) Track brand collaboration performance, (d) Enable DM automation for brand inquiries (if consented). AI AND MACHINE LEARNING: Your Instagram data is NOT used to train general-purpose AI or machine learning models. We only use your data to provide personalized recommendations and insights specific to your account. DATA RETENTION: Instagram data is retained only as long as your account is connected. DM logs are retained for 90 days for service improvement purposes. Upon disconnection or account deletion, all Instagram-specific data is deleted within 30 days. DATA DELETION PROCESS: You can request deletion of your Instagram data at any time by: (a) Disconnecting your Instagram account in Kinni settings, (b) Contacting us at june@kinni.ai, (c) Using Meta's data deletion callback (we automatically process Meta's deauthorization and data deletion requests within 30 days). DATA SECURITY: All Instagram data is encrypted using AES-256 at rest. We verify Meta webhook signatures using HMAC-SHA256 to ensure data integrity. WE DO NOT: (a) Sell your Instagram data, (b) Use your Instagram data for advertising purposes, (c) Share your Instagram data with third parties except essential service providers bound by data protection agreements. REVOKING ACCESS: You may revoke Kinni's access to your Instagram account at any time by: (a) Disconnecting in Kinni settings, (b) Removing Kinni from Facebook Settings > Business Integrations, (c) Removing Kinni from Instagram Settings > Apps and Websites. RELATED POLICIES: For more information, please visit: Meta Privacy Policy (https://www.facebook.com/privacy/policy/), Instagram Terms of Use (https://help.instagram.com/581066165581870), Meta Platform Terms (https://developers.facebook.com/terms/)
15. TikTok API Services User Data
TIKTOK DATA ACCESS: When you connect your TikTok account to Kinni, we access the following data through TikTok API Services: (a) Basic profile information (open_id, display name, avatar URL), (b) Profile details (username, bio description), (c) Account statistics (follower count, following count, video count, likes count), (d) Video list and performance metrics (views, likes, comments, shares). OAUTH SCOPES: Kinni requests the following OAuth scopes to provide our services: (a) user.info.basic - to display your profile and identify your account, (b) user.info.profile - to show your username and bio, (c) user.info.stats - to track follower growth and generate performance reports, (d) video.list - to analyze content performance and provide AI recommendations. PURPOSE OF USE: We use this data solely to: (a) Provide analytics dashboards showing your TikTok performance, (b) Track follower growth and engagement trends over time, (c) Generate AI-powered content strategy recommendations, (d) Identify top-performing videos and content patterns. AI AND MACHINE LEARNING: Your TikTok data is NOT used to train general-purpose AI models. We only use your data to provide personalized insights specific to your account. TIKTOK DEVELOPER TERMS COMPLIANCE: Kinni's use of TikTok Developer Services adheres to the TikTok Developer Terms of Service. Specifically: (a) We do not sell your TikTok data, (b) We do not use your TikTok data for advertising purposes, (c) We do not share your TikTok data with third parties except essential service providers, (d) All access tokens are encrypted with AES-256 before storage. REVOKING ACCESS: You may disconnect your TikTok account at any time through your Kinni account settings. You can also revoke access directly from TikTok's app settings under "Manage app permissions." DATA RETENTION: TikTok data is retained only while your account is connected. Upon disconnection or account deletion, all TikTok-specific data (videos, metrics, analytics) is deleted within 24 hours. Access tokens are cleared immediately upon disconnection. DATA DELETION REQUESTS: We support TikTok's authorization.removed webhook to automatically process disconnection requests. When you revoke access from TikTok, your data is automatically marked for deletion. DATA SECURITY: All TikTok data is encrypted using AES-256 at rest. We verify TikTok webhook signatures to ensure data integrity. RELATED POLICIES: For more information, please visit: TikTok Privacy Policy (https://www.tiktok.com/legal/privacy-policy), TikTok Terms of Service (https://www.tiktok.com/legal/terms-of-service), TikTok Developer Terms (https://developers.tiktok.com/terms/)
16. Contact Us
For privacy-related inquiries, please contact us at: Monolith Inc. (Data Protection Contact), 3F-J447, 408-1 Bongcheon-ro, Gwanak-gu, Seoul, South Korea. Email: june@kinni.ai. We aim to respond to all requests within 30 days.