Last Updated: February 24, 2026
BizBooks LLC ("we", "us", or "our") operates the Kantivo Platform ("Platform", "Service") at kantivo.io and related subdomains. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our cloud-based subscription management, partner network, and affiliate tracking platform.
By using the Kantivo Platform, you agree to the collection and use of information in accordance with this Privacy Policy.
Key Point: Cloud Platform
The Kantivo Platform is a cloud-hosted service. Your organization data, partner records, and commission information are stored securely in our cloud infrastructure. This is different from our desktop accounting software (Kantivo App), which stores financial data locally.
1. Information We Collect
1.1 Account & Organization Information
- Name, email address, and password (for account creation)
- Organization name and business details
- Billing information (processed securely by Stripe — we do NOT store credit card details)
- Role and permissions within your organization
1.2 Partner & Affiliate Information
If you join as a partner (affiliate, reseller, or white-label), we collect:
- Name, email, company name, phone, and website
- Partner type and tier
- Referral tracking data (referral codes, click timestamps, campaign tags)
- Commission and payout records
- Stripe Connect account information (for payouts)
1.3 Customer & Subscription Data
Organizations using the Platform to manage their customers store:
- Customer names, emails, and subscription details
- Subscription plans, billing cycles, and payment status
- Referral attribution data (which partner referred which customer)
1.4 Automatically Collected Information
- IP address and approximate location (for security and fraud prevention)
- Browser type and operating system
- Pages visited and features used (anonymous usage analytics)
- Session timestamps (login, last activity)
- Referral click data (IP address, user agent, referer header — for attribution tracking)
1.5 Information We Do NOT Collect
- Social Security Numbers or Tax IDs (though we may request a W-9 for payouts exceeding $600)
- Bank account credentials or passwords
- Credit card numbers (Stripe handles all payment data)
- Personal browsing history outside the Platform
2. How We Use Your Information
2.1 Platform Operations
- Provide and maintain the Platform services
- Process subscriptions, commissions, and payouts
- Track referrals and attribute customers to partners
- Generate reports and analytics for your organization
- Enforce tier limits (products, partners, customers)
2.2 Billing & Payments
- Process platform subscription payments via Stripe
- Process partner payouts via Stripe Connect
- Send invoices, receipts, and payment notifications
- Manage trial periods and plan changes
2.3 Communications
- Send transactional emails (partner invitations, approvals, commission notifications, payout confirmations)
- Send service announcements and security alerts
- Respond to support requests
- Send subscription renewal reminders
- BCC notifications to organization administrators (if configured)
2.4 Product Improvement
- Understand usage patterns to improve features
- Monitor performance and fix bugs
- Plan future features based on demand
2.5 Security & Fraud Prevention
- Detect and prevent fraudulent referral activity
- Monitor for unauthorized access
- Enforce rate limiting and access controls
- Investigate and respond to security incidents
3. Data Storage & Security
3.1 Cloud Infrastructure
All Platform data is stored in cloud-hosted PostgreSQL databases with:
- Encryption at rest and in transit (TLS/SSL)
- Regular automated backups
- Access restricted to authorized personnel only
- Hosted in the United States
3.2 Security Measures
- Passwords: Hashed using bcrypt (one-way, irreversible)
- Authentication: JWT tokens with expiration
- API Security: Rate limiting, CORS protection, Helmet.js security headers
- Payment Data: Handled by Stripe (PCI DSS Level 1 certified)
- Database: Parameterized queries to prevent SQL injection
- Access Control: Role-based permissions (owner, admin, partner, sales rep)
3.3 Data Retention
- Active Organizations: Data retained for the duration of your subscription
- Canceled Organizations: Data retained for 90 days after cancellation, then deleted (you may export beforehand)
- Partner Records: Retained for as long as the partner relationship is active, plus 1 year after termination
- Commission & Payout Records: Retained for 7 years for tax compliance
- Referral Click Data: Retained for 1 year, then anonymized
4. Data Sharing & Disclosure
4.1 We Do NOT Sell Your Data
We do NOT sell, rent, or trade your personal information to third parties.
4.2 Organization-Level Data Sharing
Within the Platform, data is shared within organizational boundaries:
- Organization admins can see all partners, customers, and commissions within their organization
- Partners can see their own referrals, commissions, and payout history
- Sales reps can see their own referrals and commissions
- Data is isolated between organizations — one org cannot see another org's data
4.3 Third-Party Service Providers
Stripe (Payments & Payouts):
- Processes platform subscriptions and partner payouts
- Receives: email, name, payment method, payout amounts
- Privacy: stripe.com/privacy
Neon (Database Hosting):
- Hosts our PostgreSQL database infrastructure
- Data encrypted at rest and in transit
- Privacy: neon.tech/privacy
Render (Application Hosting):
SMTP Provider (Email Delivery):
- Delivers transactional emails (invitations, approvals, payout notifications)
- Receives: recipient email address and email content
4.4 Legal Requirements
We may disclose your information if required by law:
- To comply with a subpoena, court order, or legal process
- To protect our rights, property, or safety
- To enforce our Terms of Service
- To prevent fraud or illegal activity
- In connection with a merger, acquisition, or sale of assets
5. Your Rights & Choices
5.1 Access Your Data
- View your organization data, partner records, and commission history in your dashboard
- Request a complete data export by emailing privacy@kantivo.io
5.2 Correct Your Data
- Update your profile, organization settings, and partner details in the Platform
- Contact support@kantivo.io for corrections to records you cannot edit directly
5.3 Delete Your Data
- Cancel your subscription to initiate data deletion (90-day retention period)
- Request immediate deletion by emailing privacy@kantivo.io
- Note: Commission and payout records may be retained for tax compliance (up to 7 years)
5.4 Opt-Out of Marketing Emails
- Click "Unsubscribe" in any marketing email
- Email privacy@kantivo.io
- Note: You cannot opt-out of essential service emails (security alerts, payout confirmations, subscription changes)
6. Cookies & Tracking
6.1 Cookies
We use cookies for:
- Authentication: JWT tokens stored in localStorage for session management
- Referral Tracking: A 90-day tracking cookie is set when a user clicks a partner referral link, enabling us to attribute sign-ups to the correct partner
- Analytics: Anonymous usage analytics to improve the Platform
6.2 Referral Tracking
When someone clicks a partner referral link (/ref/CODE), we record:
- The referral code and associated partner
- IP address and user agent (for fraud detection)
- HTTP referer header (to understand traffic sources)
- Optional campaign tag (for marketing attribution)
This data is used solely for referral attribution and fraud prevention.
7. Children's Privacy
The Kantivo Platform is not intended for use by children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@kantivo.io.
8. International Data Transfers
- Data Location: All Platform data is stored on servers in the United States
- Cross-Border: If you are located outside the United States, your data will be transferred to and processed in the United States
- By using the Platform, you consent to this transfer
EU Users (GDPR)
If you are in the EEA, you have rights under GDPR including: access, rectification, erasure, restriction, portability, and objection. To exercise these rights, email privacy@kantivo.io.
California Residents (CCPA)
California residents have rights under the CCPA including: right to know, right to delete, right to opt-out of sale (we do NOT sell data), and right to non-discrimination. To exercise these rights, email privacy@kantivo.io.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect. Your continued use of the Platform after changes constitutes acceptance of the updated policy.
10. Contact Us
If you have questions about this Privacy Policy:
Privacy Inquiries
BizBooks LLC
Commonwealth of Virginia
Email: privacy@kantivo.io
Response Time: We will respond to privacy inquiries within 30 days.
Summary (TL;DR)
What We Collect:
- Account info (name, email, org name) for Platform access
- Partner data (referral codes, commissions, payouts) for the partner program
- Payment info via Stripe (we don't store credit cards)
- Usage analytics (anonymous) to improve the Platform
What We DON'T Do:
- We do NOT sell your data to anyone
- We do NOT share data between organizations
- We do NOT store credit card numbers
- We do NOT track you outside the Platform
Your Rights:
- Access, correct, or delete your data anytime
- Export your data on request
- Opt-out of marketing emails
- Cancel and have data deleted after 90 days
Questions? Email privacy@kantivo.io
© 2026 BizBooks LLC. All rights reserved.