Privacy

What we collect

When you sign in to Calibrate Pro, we store data that's necessary to run the product:

• ·Account identity: email address, display name, role, and avatar URL from the provider you signed in with (Google / GitHub / Microsoft / magic link).
• ·Assessment data: the answers, scores, evidence notes, reflections, and confidence levels you enter, plus the timestamp of each run.
• ·Actions & roadmap items: the titles, descriptions, owners, due dates, status, and notes you create.
• ·Team membership: if you create or join a team, we store the team name, description, website, your role within it, and your activity scoped to that team.
• ·Capability ratings: the 1-5 levels you self-rate on each domain.

Where it's stored

All Calibrate Pro data is stored in a managed Postgres database provided by Supabase in the Tokyo (ap-northeast-1) region. The app itself is hosted on Vercel.

Authentication is handled by Supabase Auth. OAuth sign-in (Google, GitHub, Microsoft) hands us a verified email address and basic profile fields from those providers.

Who can see your data

• ·You.Anything you save in your personal context is only visible when you're signed in as you.
• ·Your teammates. When you're working inside a team (see the org switcher in the nav), assessments, actions, roadmap items, and capability ratings you save in that context are visible to all active members of that team.
• ·Kanso Labs admins. A small number of named individuals can see aggregated counts and basic profile information (name, email, signup date, activity counts) for operational support. We don't routinely read the contents of your assessments.

What we don't do

• ·We don't sell your data or share it with advertisers.
• ·We don't use your assessments to train AI models.
• ·We don't share your data outside the team context you created it in.

Sub-processors

We rely on a small number of trusted service providers to run the product:

• ·Supabase— database + authentication
• ·Vercel— hosting + edge delivery
• ·Resend— transactional email (invites and notifications)
• ·Google / GitHub / Microsoft — OAuth identity (only used if you choose those sign-in options)

Server logs & analytics

Vercel keeps standard access logs (IP address, user agent, page, timestamp) for operational and security purposes. We may also use privacy-respecting analytics to count visits and measure performance — never including the contents of your assessment answers or notes.

Cookies

We use cookies only for things the product needs to work: an authentication session cookie from Supabase, and a small cookie that remembers which team context you have active. We don't set tracking or advertising cookies.

Deleting your data

Email privacy@kanso.com.au(or use the contact page) and we'll delete your account and all associated personal-context data within 30 days. Team-context assessments you submitted are part of that team's record; we'll anonymise your contributions but the data itself stays with the team if other members are still active.

Children

Calibrate Pro isn't directed at children under 13. We don't knowingly collect data from them.

Changes

We may update this policy. The date below will change when we do. Material changes will be communicated by email to active accounts.

Contact

Questions about privacy or want to exercise data rights? Get in touch.