kiflat logokiflat

Privacy Policy

Last updated: May 13, 2026

kiflat ("kiflat", "we", "us", or "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data when you use our website, applications, and services (the "Service").

By using kiflat you agree to the practices described in this policy. If you do not agree, please do not use the Service.

1. Data We Collect

We collect only what we need to operate the Service:

  • Account information: your name, email address, and hashed password.
  • Identity & monitoring data: stage names, aliases, and the platform accounts (URLs / handles) you ask us to monitor.
  • Verification data: short verification codes you place in your social bios so we can confirm ownership of an account.
  • Takedown records: the URLs you submit, the notices we file on your behalf, and the responses we receive.
  • Technical data: IP address, browser type, device information, and basic usage logs needed to operate, secure, and debug the Service.
  • Security data: if you enable two-factor authentication, we store an encrypted TOTP secret tied to your account.

We do not sell your personal data, and we do not train AI models on your content.

2. Payment Data

We do not store credit card numbers or full payment details. All payment processing is securely delegated to Stripe, a PCI DSS Level 1 certified payment processor. The only payment-related information we store on our systems is your Stripe Customer ID and your current subscription status. Stripe's handling of your payment information is governed by Stripe's own privacy policy.

3. How We Use Your Data

We use your information strictly to operate the Service, including to:

  • Create and secure your account, including 2FA where enabled;
  • Scan search engines and known piracy sites for matches against your aliases and content;
  • Prepare, sign, and submit DMCA notices, Google delisting requests, and platform abuse reports on your behalf;
  • Surface results from the Leaker Search feature so you can defend your work;
  • Process subscription billing through Stripe;
  • Communicate with you about your account, security, and the Service;
  • Detect, prevent, and respond to fraud, abuse, and security incidents;
  • Comply with our legal obligations.

4. Who We Share Data With

We share data only with service providers and recipients that are necessary to deliver the Service:

  • Search and breach-data APIs (such as Brave Search, SerpApi, and similar third-party providers): we send search queries, typically usernames or aliases, so we can locate stolen content or correlate suspected leakers against publicly available breach data.
  • Hosting providers, platforms, and search engines: when filing a DMCA takedown, delisting request, or platform report, we are legally required to share with the recipient your name (or stage name acting as your representative), the original and infringing URLs, contact information, and your electronic signature, so the notice is legally valid.
  • Stripe (payment processor): for subscription billing and fraud prevention.
  • Infrastructure providers: cloud hosting, database, and email delivery vendors that process data on our behalf under contractual confidentiality and security obligations.
  • Legal & safety: we may disclose data when required by law, subpoena, court order, or to protect the rights, property, or safety of kiflat, our users, or the public.

5. Cookies & Session Management

We use HTTP-only cookies for authenticated session management, which prevents client-side JavaScript from reading your session token and materially reduces XSS risk. We use a small number of strictly necessary cookies; we do not use third-party advertising cookies.

6. Security

We use industry-standard safeguards to protect your data, including encryption in transit (TLS), encryption at rest for sensitive fields (such as TOTP secrets), hashed passwords, access controls, and audit logging. No system is 100% secure, but we work hard to make compromise as difficult as possible.

7. Data Retention & Deletion

You can delete your account at any time using the "Delete Account" button in your Security settings. When you do, we will immediately and permanently:

  • Delete your account and profile data;
  • Delete your monitoring watches, aliases, and verified platform links;
  • Delete your support tickets and takedown history from our active databases;
  • Cancel your Stripe subscription so you are not billed again.

Limited records may be retained for a short period in encrypted backups, and we may retain the minimum information required to comply with our legal obligations (for example, billing records required by tax law, or copies of DMCA notices we are legally required to keep).

8. Your Rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, to object to or restrict certain processing, and to lodge a complaint with your local data protection authority. You can exercise most of these rights directly from your account settings, or by emailing privacy@kiflat.com.

9. International Transfers

kiflat operates globally. Your data may be processed in countries other than your own. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

10. Children

kiflat is not intended for anyone under 18. We do not knowingly collect personal data from minors. If we learn that we have, we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We'll change the "Last updated" date at the top, and for material changes we'll notify you by email or through the Service.

12. Contact

Privacy questions or requests? Email us at privacy@kiflat.com.