Privacy Policy

Last updated: February 28, 2026

Kami, operated by Wordbricks, Inc. (“we”, “us”, “our”), operates the website kami.typo.monster and related services including the Kami API and bot integrations. This Privacy Policy describes how we collect, use, store, and protect your information when you use our services.

1. Information We Collect

1.1 Account Information

When you sign in through an OAuth provider (Google, Discord, or Notion), we receive and store:

• Your name, email address, and profile picture
• OAuth provider account identifiers (used for authentication and account linking)

You may link multiple OAuth providers to a single Kami account. We store the provider identifiers necessary to maintain these links.

1.2 Payment Information

Payments are processed by Stripe. We store your Stripe customer ID and subscription metadata (plan type, status, billing period). We do not store your credit card number, bank account details, or other sensitive payment information. Stripe’s privacy policy governs how they handle your payment data.

1.3 Uploaded Content

When you use the document conversion service, your uploaded files (Notion HTML exports) and conversion output (Markdown, Google Docs) are stored in Cloudflare R2 cloud storage, organized by your user ID and job ID. This content is retained for the duration of your job and workspace usage. You may delete workspace files at any time through the dashboard.

Anonymous conversions (without an account) are processed temporarily and are not associated with a persistent user profile.

1.4 Google Drive Data

If you use the Google Docs export feature, we request access to your Google Drive to upload converted documents. Business Plus and Enterprise users may provide their own Google API credentials (BYOK).

We only access your Google Drive to create and upload files you explicitly request. We do not read, modify, or delete any existing files in your Google Drive. Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements. We only use Google data to provide and improve the features you explicitly request, and we do not transfer Google user data to third parties except as necessary to provide the Service, as required by law, or with your explicit consent.

1.5 PRD AI Content

When you use PRD AI, your document content is sent to Google Gemini for AI processing (scaffolding, inline assist, evaluation). We store your PRD documents in your workspace. AI-processed content passes through Google’s Gemini API subject to Google’s AI terms.

1.6 Musubi Memory Data

If you use Musubi, the memory data you store is associated with your account. This data is retained until you delete it or close your account.

1.7 Usage Data

We track the following usage metrics tied to your account:

• Daily and monthly document conversion counts
• Google Docs export counts
• AI credit consumption (action type, timestamp)
• API token usage (requests per token per day)
• LLM usage metrics (model used, token counts, latency) for service optimization

1.8 Platform Integration Data

When you connect Discord or Slack through our bot integrations, we store:

• Your platform user ID, team/server ID, and display name
• Link status between your Kami account and platform accounts

This data is used to deliver job notifications and process bot commands.

1.9 Technical Data

We collect standard technical information through our hosting and analytics providers:

• IP addresses (hashed for anonymous upload rate limiting)
• Page views and performance metrics via Vercel Analytics and Vercel Speed Insights

2. How We Use Your Information

• Service delivery — To provide document conversion, Google Docs export, PRD AI, Musubi, API access, and bot integrations
• Account management — To create and maintain your account, manage subscriptions, and process payments
• Usage enforcement — To enforce plan limits on conversions, exports, API requests, and AI credits
• Notifications — To send job status updates via Discord, Slack, or email when you have enabled these integrations
• Service improvement — To monitor performance, diagnose issues, and improve the Service using aggregated usage metrics
• Security — To detect abuse, prevent fraud, and enforce rate limits

We do not use your uploaded content, PRD documents, or Musubi memory data for training AI models. Your content is processed solely to deliver the features you request.

3. Data Storage and Security

Your data is stored across the following infrastructure:

• PostgreSQL database — Account data, usage records, subscription metadata, and job metadata
• Cloudflare R2 — Uploaded files, conversion output, and workspace file versions
• Vector and graph databases — Musubi memory data (Qdrant, Neo4j)

Authentication between our services uses signed JWTs with short expiry times. API tokens are stored as SHA-256 hashes; we never store your raw API token after initial generation.

4. Third-Party Services

We use the following third-party services that may process your data:

• Google OAuth — Authentication
• Discord OAuth — Authentication and bot integration
• Notion OAuth — Authentication
• Stripe — Payment processing
• Google Gemini API — AI processing for PRD AI and bot evaluate commands
• Google Drive API — Document export to Google Docs
• Vercel — Application hosting, analytics, and performance monitoring
• Cloudflare — Worker compute, R2 storage, and queue processing

Each third-party service operates under its own privacy policy. We encourage you to review their policies.

5. Data Retention

• Account data is retained for as long as your account is active
• Conversion files in R2 are retained for the lifetime of the associated job and workspace. You may delete workspace files at any time
• Musubi memory data is retained until you delete it or close your account
• Usage records are retained for billing and analytics purposes
• API tokens can be revoked at any time; revoked tokens are retained in hashed form for audit purposes

Upon account deletion, we will remove your personal data, uploaded files, workspace content, and Musubi memory data. Aggregated, anonymized usage statistics may be retained.

6. Cookies

We use essential cookies to manage your authentication session and maintain your login state. We do not use tracking cookies, advertising cookies, or third-party marketing cookies.

Vercel Analytics collects anonymized performance data using privacy-friendly methods that do not require cookie consent.

7. Your Rights

You have the right to:

• Access your personal data stored by us
• Correct inaccurate personal data
• Delete your account and associated personal data
• Export your data in a portable format
• Disconnect linked OAuth providers and bot integrations
• Revoke API tokens at any time

To exercise these rights, contact us at monster@wordbricks.ai. You can also manage many of these directly through your account settings.

8. Children’s Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us at monster@wordbricks.ai and we will delete it promptly.

9. International Data Transfers

Your data may be processed in various locations where our infrastructure providers operate, including the United States and other countries. By using the Service, you consent to the transfer of your information to these locations.

10. Data Breach Notification

In the event of a data breach that affects your personal data, we will notify you without undue delay and no later than 72 hours after becoming aware of the breach, as required by applicable law. We will describe the nature of the breach, the data affected, and the steps we are taking in response.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or how we handle your data, contact us at monster@wordbricks.ai.