Privacy Policy

Last updated: March 4, 2026

1. Introduction

KIANO.LLC ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website at it14.org and related services (collectively, the "Services").

By using our Services, you consent to the data practices described in this policy. If you do not agree with these practices, please do not use our Services.

2. Data Controller

KIANO.LLC
2105 VISTA OESTE ST NW SUITE E - 1164
ALBUQUERQUE, NM 87120, United States
Email: contact@it14.org

3. Information We Collect

3.1 Information You Provide Directly

• Account Information: Name, email address, username, and password when you register for an account.
• Billing Information: Billing address, company name (if applicable), and tax identification number. Note: credit card numbers and payment card details are collected and processed directly by Stripe and are never stored on our servers.
• Communications: Information you provide when you contact our support team, including the content of your messages and any attachments.
• Service Data: Data you upload, store, or transmit through our Services, including emails, database content, and configuration settings.

3.2 Information Collected Automatically

• Log Data: IP address, browser type and version, operating system, referring URL, pages visited, date and time of access, and time spent on pages.
• Device Information: Device type, screen resolution, unique device identifiers, and language preferences.
• Usage Data: Features used, actions taken, service configurations, and performance metrics.

3.3 Information Collected by Stripe (Payment Processor)

When you make a payment, our payment processor Stripe, Inc. collects additional information for payment processing and fraud prevention, including:

• Full credit/debit card number (processed securely by Stripe, never shared with us).
• Card expiration date and CVV/CVC.
• Billing name and address.
• IP address at the time of transaction.
• Browser fingerprint and device information.
• Behavioral data such as typing patterns and mouse movements on the payment form (used for fraud detection).

This data is collected and processed by Stripe in accordance with Stripe's Privacy Policy. We encourage you to review Stripe's privacy practices.

3.4 Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication, session management, and security.
• Stripe Fraud Detection Cookies: Stripe uses cookies and local storage to detect and prevent fraudulent transactions. These are essential for payment processing security.

We do not use advertising or third-party tracking cookies.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our Services.
• Account Management: To create and manage your account, authenticate your identity, and provide customer support.
• Payment Processing: To process your payments and manage your subscriptions through Stripe.
• Communication: To send you service-related notices, updates, security alerts, and support messages.
• Security: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.
• Service Improvement: To analyze usage patterns and improve our Services, features, and user experience.

5. Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Contract Performance: Processing necessary to fulfill our contractual obligations to you (e.g., providing the Services you purchased).
• Legal Obligation: Processing necessary to comply with applicable laws (e.g., tax and accounting requirements, retaining transaction records).
• Legitimate Interest: Processing necessary for our legitimate interests, such as fraud prevention, security, and service improvement, provided such interests are not overridden by your rights.
• Consent: Where required by law, we process your data based on your explicit consent, which you may withdraw at any time.

6. How We Share Your Information

We do not sell your personal information. We may share your information with:

• Stripe, Inc.: Our payment processor, to process transactions and detect fraud. Stripe processes data as an independent data controller. See Stripe's Privacy Policy.
• Service Providers: Third-party vendors who assist us in operating our Services (e.g., hosting providers, email delivery services), under strict confidentiality agreements.
• Legal Requirements: When required by law, subpoena, court order, or government regulation.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice to you.
• With Your Consent: When you have given us explicit permission to share your information.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:

• Account Data: Retained for the duration of your active account, plus 30 days after account deletion to allow for reactivation.
• Transaction Records: Retained for 7 years to comply with tax and accounting obligations.
• Service Data: Retained for 30 days after account termination or service cancellation, then permanently deleted.
• Log Data: Retained for up to 90 days for security and troubleshooting purposes.
• Support Communications: Retained for up to 3 years after the issue is resolved.

8. Data Security

We implement industry-standard security measures to protect your personal information, including:

• SSL/TLS encryption for all data in transit.
• Encryption at rest for stored data.
• Regular security audits and vulnerability assessments.
• Access controls limiting data access to authorized personnel only.
• Secure authentication via our OIDC/SSO provider.

While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. International Data Transfers

Your data is primarily stored and processed in the United States. If you access our Services from outside the United States, your data may be transferred to, stored, and processed in the United States where our servers are located.

When Stripe processes your payment data, it may be transferred internationally in accordance with Stripe's data processing practices, including EU Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable.

10. Your Rights

10.1 All Users

Regardless of your location, you have the right to:

• Access your personal data held by us.
• Request correction of inaccurate data.
• Request deletion of your data (subject to legal retention requirements).
• Withdraw consent at any time where processing is based on consent.

10.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You can request details about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You can request the deletion of your personal information, subject to exceptions.
• Right to Opt-Out: You can opt out of the sale of your personal information. Note: we do not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
• Right to Correct: You can request correction of inaccurate personal information.

To exercise these rights, contact us at contact@it14.org. We will respond to your request within 45 days.

10.3 EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: Obtain a copy of your personal data.
• Right to Rectification: Correct inaccurate personal data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing: Limit how we use your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests.

To exercise these rights, contact us at contact@it14.org. We will respond within 30 days.

11. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will take steps to delete such information promptly.

12. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read the privacy policies of any third-party websites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may also send an email notification. Your continued use of the Services after changes take effect constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

KIANO.LLC
2105 VISTA OESTE ST NW SUITE E - 1164
ALBUQUERQUE, NM 87120
Email: contact@it14.org
Support: support@it14.org