← Back to Kapow

Privacy Policy

Last updated: March 24, 2026

This Privacy Policy explains how Kapow ("we," "us," or "our") collects, uses, and protects your information when you use the Kapow application, website (gokapow.com), and related services (collectively, the "Service").

We take privacy seriously. Kapow is built on a local-first architecture, which means the vast majority of your data never leaves your machine.

---

1. Kapow's Role vs. Anthropic's Role

Understanding who handles what data is important.

1.1 Kapow (the Orchestration Layer)

Kapow manages agents, tasks, workflows, and team coordination. All of this data lives on your machine. We collect only the minimal data described in this policy - primarily for licensing, authentication, and basic analytics.

1.2 Anthropic (the AI Model)

The AI model powering your agents is Claude, developed by Anthropic, PBC. When agents interact with Claude through Kapow, your prompts and Claude's responses are transmitted directly between your machine and Anthropic's servers.

Kapow does not intercept, read, store, or process your Claude conversations. This data flows directly from your device to Anthropic.

Anthropic's data handling is governed by their own privacy policy:

• Consumer plans (Pro/Max): Anthropic Privacy Policy
• Commercial plans (API): Anthropic Commercial Terms

Key points about Anthropic's data practices:

• Consumer plans (Pro/Max): Anthropic may use your data to improve their models unless you opt out in your Anthropic account settings. Opted-in data is retained for up to 5 years. Opted-out data is retained for up to 30 days.
• API plans: Anthropic does not use your data for model training by default under their commercial terms.

We recommend reviewing Anthropic's privacy settings to understand and control how your Claude data is handled. This is separate from anything Kapow controls.

---

2. What Kapow Collects - Website (gokapow.com)

When you visit our website, we may collect:

2.1 Automatically Collected

• Standard web analytics: Page views, referral source, browser type, device type, country
• Cookies: Session cookies for authentication, preference cookies for site settings

2.2 Information You Provide

• Account registration: Email address, name
• Payment information: Processed by our payment provider (Stripe). We do not directly store your credit card number, bank account, or other financial details. See Section 6 for details on Stripe's role.
• Support inquiries: Any information you include when contacting us

---

3. What Kapow Collects - Application

When you use the Kapow desktop application, the following limited data may be transmitted:

3.1 License Validation

• License key
• Account email address
• Machine identifier (hashed, for license seat management)
• Subscription status

This data is transmitted to our licensing server to verify your subscription is active. License checks occur at application launch and periodically during use.

3.2 Anonymous Usage Metrics

• Feature usage patterns (which features are used, not the content within them)
• Application version
• Operating system type and version
• Session duration

These metrics help us understand which features are used and prioritize development. They do not include any content - no task text, agent configurations, file contents, credentials, or conversation data.

3.3 Error and Crash Reports (Opt-In)

If you opt in to crash reporting:

• Application error logs
• Stack traces
• System information at time of crash

Crash reports may contain fragments of operational data. We use these solely for debugging and delete them after the issue is resolved.

---

4. What Kapow Does NOT Collect

This is the important part. We do not collect, access, transmit, or store:

• Agent data - Agent configurations, personalities, rules, capabilities
• Task content - Task descriptions, plans, deliverables, progress logs
• Knowledge base - Documents, research, references stored in your knowledge base
• Agent memories - Short-term and long-term agent memory contents
• Credentials and secrets - API keys, passwords, tokens, or any secrets you store in Kapow's vault
• File contents - Any files on your machine that agents access or create
• Chat history - Conversations between you and agents
• Claude conversation data - Your prompts to Claude and Claude's responses (this goes directly to Anthropic)
• Screenshots or screen content - Any visual data from your machine
• Browsing history - Any web browsing performed by agents

All of this data stays on your machine. Period.

---

5. Local-First Architecture

Kapow is designed so that your operational data never needs to leave your machine.

5.1 Data That Stays Local

• All agent definitions and configurations
• All tasks, subtasks, and progress logs
• Knowledge base documents
• Agent short-term and long-term memories
• Credentials vault (AES-256-GCM encrypted, stored locally)
• Media files and deliverables
• Round table summaries and work logs
• Application settings and preferences

5.2 Data That Leaves Your Machine

Only the following data is transmitted externally:

Data	Destination	Purpose
License key + email	Kapow licensing server	Subscription validation
Machine ID (hashed)	Kapow licensing server	Seat management
Anonymous usage metrics	Kapow analytics	Product improvement
Crash reports (opt-in)	Kapow error tracking	Bug fixes
Auth tokens	Kapow auth server	Account authentication
Claude prompts/responses	Anthropic servers	AI model interaction
Payment info	Stripe	Payment processing and subscription billing

---

6. Third-Party Services

We use the following third-party services that may process your data:

6.1 Anthropic (Claude AI)

• What they receive: Your prompts and receive Claude's responses
• Their role: AI model provider
• Their policy: Anthropic Privacy Policy
• Our involvement: None. Data flows directly between your machine and Anthropic.

6.2 Stripe (Payments)

• What they receive: Payment information, billing address, email
• Their role: Payment processing, subscription management, and billing
• Their policy: Stripe Privacy Policy

6.3 Supabase (Authentication)

• What they receive: Email address, authentication data
• Their role: User authentication, account management, and PostgreSQL database
• Their policy: Supabase Privacy Policy

6.4 Vercel (Website Hosting)

• What they receive: Standard web request data (IP address, browser info)
• Their role: Website hosting for gokapow.com
• Their policy: Vercel Privacy Policy

6.5 Analytics Provider

• What they receive: Anonymous usage metrics, page views
• Their role: Website and product analytics
• Details: We use privacy-focused analytics that do not track individual users across sites

---

7. How We Use Your Information

We use the information we collect to:

• Provide the Service: License validation, account authentication, subscription management
• Improve the Service: Understand feature usage to prioritize development
• Fix problems: Diagnose and resolve bugs and crashes
• Communicate: Send important account and service notifications
• Comply with law: Meet legal obligations when required

We do not sell your personal information. We do not use your data for advertising. We do not share your data with third parties except as described in this policy.

---

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

• All data in transit is encrypted using TLS/HTTPS
• Credentials stored locally are encrypted with AES-256-GCM
• License validation uses secure token-based authentication
• We follow industry-standard security practices for our infrastructure

No system is perfectly secure. While we work to protect your data, we cannot guarantee absolute security.

---

9. Data Retention

• Account data: Retained while your account is active and for 30 days after deletion
• Usage metrics: Aggregated and anonymized. Raw data retained for up to 12 months
• Crash reports: Deleted after the issue is resolved, no longer than 90 days
• Payment records: Retained as required by law and our payment processor's policies
• License validation logs: Retained for up to 12 months

---

10. Your Rights (GDPR and Global Privacy)

Regardless of where you are located, you have the right to:

• Access your personal data we hold
• Correct inaccurate personal data
• Delete your account and all associated server-side data
• Export your personal data in a portable format
• Object to processing of your data for analytics (opt out of usage metrics)
• Withdraw consent for optional data collection (crash reports)

10.1 How to Exercise Your Rights

• Delete account: Contact support@gokapow.com. We will delete all server-side data associated with your account within 30 days.
• Opt out of analytics: Toggle off in application Settings.
• Opt out of crash reports: Toggle off in application Settings.
• Data export: Contact support@gokapow.com.
• For Anthropic data: Contact Anthropic directly per their privacy policy. We do not have access to your Claude data.

10.2 Local Data

Since your operational data (agents, tasks, knowledge base, etc.) is stored locally on your machine, you have full control over it at all times. You can view, modify, export, or delete it directly. No request to us is needed.

---

11. International Data Transfers

Our servers are located in the United States. If you are located outside the US, your limited account data (email, license info) will be transferred to the US. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

---

12. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected data from a user under 18, we will delete it promptly.

---

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email or in-app notification at least 30 days before the changes take effect.

We encourage you to review this policy periodically. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

---

14. Contact Us

If you have questions about this Privacy Policy or our data practices:

• Email: privacy@gokapow.com
• Website: gokapow.com/contact

For data protection inquiries in the EU, you may also contact your local supervisory authority.

---

Summary: Kapow is local-first. Your agent data, tasks, credentials, and content stay on your machine. We collect only what we need to run the service - your email, license info, and anonymous usage metrics. Claude data goes to Anthropic, not to us. You can delete your account and all server-side data at any time.