Kwiplo

Privacy Policy

Last updated: 19 April 2026

Kwiplo is a product of NexoPrima("we", "us"). This policy explains what data Kwiplo — the Chrome extension, the backend API at api.kwiplo.com, and the website at kwiplo.com — collects, why, and how we handle it.

TL;DR

  • We never train AI on your messages.
  • Page content (LinkedIn posts, email threads) is sent to our backend and to Anthropic (our AI provider) only at the moment you click Generate or Summarize — never proactively.
  • We store your account info, drafts history for usage tracking, and the documents you upload to your knowledge base. That's it.
  • You can delete your account at any time by emailing [email protected].

1. What data we collect

Account data

When you sign up, we collect your email, password (stored as a bcrypt hash — never in plaintext), full name, and country (ISO 2-letter code). We use this to authenticate you, send a verification email, and personalize drafts.

Usage data

When you use Kwiplo, we log each AI request with:

  • The service called (draft, summarize, suggest)
  • The model used (Claude Haiku or Sonnet)
  • Token counts (input and output, for billing and limits)
  • Latency in milliseconds
  • Timestamp

We do not store the contents of your prompts or drafts in this usage log.

Page context (transient)

When you click Generate or Summarize, the extension reads the content of the page you're looking at — the post body, thread messages, profile info — and sends it to our backend so the AI can draft a relevant reply. This content is:

  • Sent only at the moment you request a draft. We do not read or transmit pages in the background.
  • Not stored on our servers after the request completes (except for the draft you explicitly save, see below).
  • Sent to Anthropic (our AI sub-processor, under their commercial terms) to generate the draft. Anthropic does not train on API content.

Knowledge Base documents

If you upload documents to your knowledge base (PDFs, DOCX, TXT, URLs), we store them so you can reference them in future drafts. Documents are chunked and embedded using Voyage AI's embedding service. You can delete any document at any time.

Drafts

Drafts you generate are not stored on our servers by default. They live in the extension's side panel and are lost when you close it, unless you copy them out.

Profile

If you fill in the optional profile fields (position, company, department, phone, signature), we store them to personalize drafts and sign-offs. You can edit or clear these at any time in the extension settings.

Analytics & tracking

We do not use Google Analytics, Facebook Pixel, or any third-party web tracker. Server access logs (standard HTTP logs: request path, status code, timing) are kept for up to 30 days for operational debugging, then rotated out.

2. What we do with your data

  • Provide the service: generate drafts and summaries, track usage against your tier limits, deliver emails you've asked for (verification, password resets).
  • Keep it working: debug errors, prevent abuse, rate limit excessive requests.
  • Improve Kwiplo: understand what tiers users pick, what surfaces (LinkedIn vs Gmail) they use most — using anonymized, aggregated counts only.

We do not sell your data to third parties. We do not advertise on Kwiplo. We do not use your prompts or drafts to train AI.

3. Who we share it with

We use a small number of trusted sub-processors to operate Kwiplo:

  • Anthropic — AI drafting and summarization (Claude Haiku, Claude Sonnet).
  • Voyage AI — text embeddings for your knowledge base.
  • Resend — transactional emails (email verification).
  • Cloudflare — CDN and DNS for kwiplo.com and api.kwiplo.com.
  • Our VPS provider — hosting the Kwiplo backend and database.

We never share data with anyone else, including advertisers, data brokers, or analytics companies. We will disclose data only if legally required (e.g. a valid court order), and only the minimum required.

4. How we secure it

  • Passwords are hashed with bcrypt. We never see or store your plaintext password.
  • All network traffic to api.kwiplo.com and kwiplo.com is TLS-encrypted.
  • Access tokens (JWT) are short-lived (1 hour). Refresh tokens are stored only in the extension's secure local storage.
  • Our database runs on a private network; only the backend can reach it.
  • API keys for sub-processors are kept server-side — never exposed to the extension.

5. Data retention

  • Account data: until you delete your account.
  • Knowledge base docs: until you delete them or your account.
  • Usage logs (for billing / rate limiting): up to 12 months, then aggregated and purged.
  • Server access logs: up to 30 days.
  • Page content sent during a draft request: not retained — discarded after the AI response is returned.

6. Your rights

You can, at any time:

  • View your account data, drafts history (via usage tab), and knowledge base documents inside the extension.
  • Update your profile and settings directly in the extension.
  • Export your account data. Email [email protected]and we'll send you a JSON dump within 30 days.
  • Delete your account and all associated data. Email [email protected]and we'll process it within 7 days.

If you're in a jurisdiction with specific privacy rights (EU GDPR, California CCPA, Malaysia PDPA, etc.), those rights apply to you regardless of whether they're listed above. Email us and we'll honor any valid request.

7. Children

Kwiplo is not intended for users under 16. We do not knowingly collect data from children. If we learn we've done so, we'll delete it.

8. Changes to this policy

If we change this policy materially — for example, adding a new sub-processor or a new data category — we'll update the "last updated" date at the top and notify active users by email at least 7 days before the change takes effect.

9. Contact

Questions, concerns, data requests, or anything unclear: [email protected]. We aim to respond within 3 business days.