Privacy Policy
Last updated: January 9, 2025
1. Introduction
Kakashi Venture Accelerator Srl ("KVA," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.
We are the First AI Native Venture Studio in Italy, and we take data protection seriously. This policy applies to all information collected through our website and any related services, sales, marketing, or events.
2. Data Controller
The data controller responsible for your personal data is:
Kakashi Venture Accelerator SrlVia Sant'Antonino, 17b
Torino, Italy
Email: info@kakashi.ventures
Data Protection Contact: alberto@kakashi.ventures
3. Information We Collect
3.1 Information You Provide
We collect information that you voluntarily provide when using our services:
- Search Queries: When you use our AI-powered search feature, we collect the queries you submit to provide relevant responses.
- Feedback: Ratings, comments, and feedback you provide about our generated content.
- Follow-up Questions: Additional questions you ask in conversation with our AI system.
- Account Information: For administrators, we collect email addresses and encrypted passwords.
3.2 Automatically Collected Information
When you access our website, we automatically collect certain information:
- Session Data: A randomly generated session identifier to correlate your interactions during a visit.
- Engagement Metrics: Time spent on pages, scroll depth, and interaction patterns to improve our content quality.
- Device Information: Browser type, user agent, and general device characteristics.
- IP Address: Used for security purposes, rate limiting, and fraud prevention.
- Timestamps: When you access our services.
3.3 Information We Do NOT Collect
We want to be clear about what we don't do:
- We do not use third-party analytics services (e.g., Google Analytics)
- We do not use advertising trackers or marketing pixels
- We do not sell your personal data to third parties
- We do not create persistent user profiles across sessions
- We do not process payment information (no e-commerce functionality)
4. How We Use Your Information
We use the collected information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing AI-generated responses to your queries | Contract performance / Legitimate interest |
| Improving content quality based on engagement metrics | Legitimate interest |
| Preventing abuse and ensuring security (rate limiting) | Legitimate interest |
| Identifying content gaps to improve our knowledge base | Legitimate interest |
| Regulatory compliance and audit trails | Legal obligation |
| Remembering your theme preference | Consent |
5. Data Sharing and Third-Party Services
We share your information with the following categories of service providers:
5.1 AI Service Providers
To provide AI-generated responses, your queries are processed by:
- Anthropic (Claude): Our primary AI provider for generating content. Their privacy policy is available at anthropic.com/privacy
- OpenAI: Used as a fallback provider and for text embeddings. Their privacy policy is available at openai.com/privacy
5.2 Infrastructure Providers
- Vercel: Our hosting provider (servers located in the EU/US). They process request logs and provide caching services.
- Supabase: Our database provider, hosting our PostgreSQL database with data stored in AWS infrastructure.
- Google Fonts: We use the Epilogue font family. Font files are loaded from Google's CDN.
5.3 No Sale of Data
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
6. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our AI service providers are located.
When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Data Processing Agreements with our service providers
- Verification that providers maintain appropriate security measures
7. Data Retention
We retain your information for the following periods:
| Data Type | Retention Period |
|---|---|
| Search queries and analytics | 90 days |
| Engagement metrics | 90 days |
| Generated page content | Indefinitely (for citation purposes) |
| Admin session data | 24 hours |
| Theme preferences (localStorage) | Until you clear browser data |
| Cookie consent preferences | 12 months |
We run automated cleanup processes to remove data that exceeds these retention periods.
8. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate personal data.
- Right to Erasure: Request deletion of your personal data ("right to be forgotten").
- Right to Restriction: Request limitation of processing of your personal data.
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interests.
- Right to Withdraw Consent: Withdraw consent at any time for processing based on consent.
To exercise any of these rights, please contact us at alberto@kakashi.ventures. We will respond to your request within 30 days.
You also have the right to lodge a complaint with a supervisory authority, such as the Italian Data Protection Authority (Garante per la protezione dei dati personali).
9. Cookies and Local Storage
We use a minimal set of cookies and local storage for essential functionality:
- Session Cookie (kva_session): For administrator authentication only. HTTP-only, secure, 24-hour duration.
- Session ID Cookie: A randomly generated identifier to correlate your interactions during a visit.
- Theme Preference: Stored in your browser's localStorage to remember your light/dark mode preference.
- Cookie Consent: Stores your cookie preferences to avoid asking repeatedly.
For detailed information about our cookie practices, please see our Cookie Policy.
10. Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (HTTPS/TLS)
- Secure password hashing for admin accounts
- Rate limiting to prevent abuse
- Input validation and sanitization
- Security headers (HSTS, X-Frame-Options, Content-Type-Options)
- Prompt injection defense for our AI systems
- Regular security updates and monitoring
While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure.
11. Children's Privacy
Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at alberto@kakashi.ventures.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
We encourage you to review this Privacy Policy periodically for any changes. Changes are effective when they are posted on this page.
13. Contact Us
If you have any questions about this Privacy Policy, please contact us:
Kakashi Venture Accelerator SrlVia Sant'Antonino, 17b
Torino, Italy
General inquiries: info@kakashi.ventures
Privacy matters: alberto@kakashi.ventures