kKronavi

Legal

Privacy Policy

Effective April 16, 2026

This Privacy Policy explains how Kronavi (“Kronavi,” “we,” “us”) collects, uses, stores, and shares information across three surfaces:

  • The Kronavi marketing site at kronavi.com (including the waitlist signup form).
  • The Kronavi product— the authenticated web application and backend that audits and remediates your GoHighLevel (“GHL”) account.
  • The Kronavi— a Chrome extension that bridges your logged-in GHL session into the Kronavi product.

1. What we collect

1.1 Information you give us

  • Waitlist signup:email address and an indication of how many GHL sub-accounts you manage (bucket: just me, 2–5, 6–20, 20+).
  • Account creation: email, password (hashed; we never see it in plaintext), and the GHL Agency API Key or Private Integration Token you provide during onboarding.
  • Support and correspondence: anything you send us by email or through support channels.

1.2 Information the Kronavi captures

The Chrome extension is a bridge between your logged-in GHL session and the Kronavi product. When you activate it on app.gohighlevel.com or app.leadconnectorhq.com it captures:

  • Authentication headers(bearer tokens, token-id values) that GHL’s web app sends with its API calls.
  • Session cookies scoped to your GHL tenant.
  • Your GHL location/sub-account IDs so we know which account the session belongs to.

The extension only runs on GHL domains you have explicitly granted permission to. It does not read browsing history, monitor other tabs, read clipboard data, or access any site outside GHL. All captured values are forwarded directly to your Kronavi account and encrypted at rest before they touch our database.

1.3 Information we collect automatically

  • Usage and diagnostic logs: timestamps, request paths, response codes, error messages, and a user agent string so we can debug issues and measure performance.
  • Referrer and UTM parameters on the waitlist form, only when present, to attribute signups to marketing sources.

1.4 Information from your GHL account

Once connected, Kronavi reads data from your GHL account to run audits and, with your explicit approval, apply fixes. This includes workflows, pipelines, contacts, tags, custom fields, forms, calendars, triggers, automations, and the metadata attached to them. We only read data — we never write to your GHL account without showing you the exact change and getting your approval first.

2. How we use information

  • To operate, maintain, and improve the Kronavi product.
  • To run audits and generate findings, remediation plans, and previews specific to your account.
  • To authenticate you, keep your session live, and protect your account from unauthorized access.
  • To send transactional messages (confirmation, alerts, billing, security). We will only send marketing email if you explicitly opt in.
  • To investigate fraud, abuse, and violations of our Terms of Service.

3. How we store and protect information

  • Data is stored in Supabase (PostgreSQL) and our application runtime on DigitalOcean. Both are accessed over TLS only.
  • GHL API keys, private integration tokens, session headers, and session cookies are encrypted at rest using AES-GCM with keys held outside the database.
  • Passwords are hashed (never stored in plaintext) via Supabase Auth.
  • Row-level security policies restrict every customer row to that customer’s account.

4. How we share information

We do not sell your data. We share it only with the sub-processors that power Kronavi, under contracts that bind them to confidentiality and security obligations:

  • Supabase— database, authentication, and storage.
  • Vercel— web application hosting.
  • DigitalOcean— backend engine hosting.
  • Anthropic— the large language model that powers the reasoning in the product. We send only the minimum context needed to answer the question at hand; we do not send raw GHL exports by default.
  • GoHighLevel— every API call Kronavi makes on your behalf flows through the GHL platform. Your use of GHL remains governed by GHL’s own terms and privacy policy.

We may also disclose information when required by law, to enforce our Terms of Service, or to protect the rights, property, or safety of Kronavi, our customers, or the public.

5. Data retention

  • Waitlist email:retained until you ask us to delete it, or until 18 months after the product leaves private beta — whichever comes first.
  • Account data: retained while your account is active and for up to 90 days after cancellation to support reactivation. After that, it is permanently deleted.
  • Session headers and cookies:short-lived by design (minutes to days, depending on GHL’s rotation). Replaced automatically on every new session handshake.
  • Diagnostic logs: retained up to 30 days.

6. Your rights

You can request to access, correct, export, or delete the personal information we hold about you. You can also ask us to restrict or object to certain processing. To exercise any of these rights, email us at privacy@kronavi.com. We will respond within 30 days.

If you are in the EU/UK, you have additional rights under the GDPR, including the right to lodge a complaint with your local data protection authority. If you are in California, you have additional rights under the CCPA/CPRA.

7. Children

Kronavi is a B2B product. It is not intended for anyone under 16, and we do not knowingly collect information from children.

8. International transfers

Our infrastructure is hosted in the United States. If you access Kronavi from another country, you consent to the transfer, storage, and processing of your information in the United States.

9. Changes to this policy

If we make material changes to this policy, we will update the effective date at the top and notify active customers by email at least 14 days before the changes take effect.

10. Contact

Questions about this policy? Email privacy@kronavi.com.