Privacy Policy

We keep this short and specific. If you want the one-line version first: we collect only what is needed to calibrate your Digital Twin, we do not sell it, and you can leave with every output under the Portability Covenant.

The long version is below, broken into plain-English answers to the questions Marcus's operations lead and Elena's head of strategy actually ask before a data handoff.

What we collect

Identity. Name, work email, agency name, and role, submitted through the Parallax Test intake form or the Stump Session booking form.
Agency data. Brand-context documents (PDF, DOCX, or Markdown) and campaign CSV exports (media-buy results, creative performance data) uploaded to the Parallax Test.
Usage. Cookieless page analytics via a combination of PostHog, Plausible, and Umami. No personal cookies are set for analytics, and we do not use cross-site trackers or ad-tech pixels.
Booking. Date, attendees, and answers to the five qualifying questions captured by Cal.com when a Stump Session is scheduled.
Operational email. If you reply to one of our transactional emails, that message is retained in the founder inbox with the rest of the thread.

Why we collect it

To calibrate a Digital Twin specifically to your agency. During the Founding Cohort phase, uploaded materials are read by the founder only — no junior analysts, no offshore reviewers, no third-party labeling teams.

Identity and booking data let us schedule the Stump Session, send the confirmation email, and respond to your application within 48 hours. Cookieless analytics tell us which pages deserve more work and which do not — they cannot identify an individual reader.

We use a short list of vetted subprocessors. Each one is contracted under written terms that restrict use of your data to the service they provide:

Cloudflare R2 — file storage (buckets khorvad-parallax-brand-context and khorvad-parallax-campaign-csv, US-east default, Frankfurt on the Isolated Tier).
Resend — transactional email delivery via transactional.khorvad.com.
Cal.com (self-hosted) — booking and qualifying-question capture.
Neon — Postgres database (US-east default).
PostHog / Umami / Plausible — cookieless product and page analytics.
Sentry / GlitchTip — error monitoring (stack traces only, no form payloads).

We do not use ad-tech pixels, marketing cookies, or third-party data brokers. We do not sell your data. We do not rent your data. [PLACEHOLDER — counsel review]: the subprocessor list above will move to a signed Data Processing Agreement addendum at launch, with notification procedures for subprocessor changes.

Where we store it

US-east by default (Neon database + R2 object storage). Customers on the Isolated Tier (D-32) can elect Frankfurt residency under a Data Processing Agreement; no cross-region replication for Isolated Tier data without written consent.

How long we keep it

Uploaded files (brand-context documents, campaign CSVs): 24 months by default, or deleted on written request within 14 business days.
Account and billing data: for the duration of the agreement plus 12 months, for tax and compliance recordkeeping.
Transactional email: retained until the thread is closed out in the founder inbox, then archived.

[PLACEHOLDER — counsel review]: retention periods may shorten based on counsel guidance, particularly for GDPR and CCPA obligations.

Your rights

You can at any time:

Access your data — we will produce a plain-English summary plus raw export within 14 business days.
Delete your data — we will confirm deletion across all subprocessors within 14 business days of request.
Export your data — under the Portability Covenant, calibration weights, outputs, and uploaded materials are portable by design.
Object to processing — tell us in writing and we will stop.

For customers covered by GDPR, all of the above applies plus rectification and restriction rights. For customers covered by CCPA/CPRA, all of the above applies plus the right to opt out of sale (we do not sell; this right is preserved for transparency).

Session replay

Session replay is disabled at launch. This is an intentional choice — we do not want to ship a cookie-consent layer for a feature we have not yet decided we need.

If this ever changes, we will ship the Klaro open-source cookie-consent layer before enabling session replay, and this page will be updated with a dated change note.

Security summary

See the full write-up at /security. The short version: TLS 1.3 in transit, AES-256 at rest, founder-only access during the Founding Cohort phase, and no cross-agency training (Benchmark Mode only uses a Khorvad-authored pattern library).

Contact

Privacy questions: legal@khorvad.com
Data Processing Agreement requests: dpa@khorvad.com
Security concerns (vulnerability disclosure): security@khorvad.com