Kodiak

Privacy Policy

Version 2026-06-06

Data we collect

Email address, authentication/session metadata, submitted claims, generated certificates, payment/credit records, API usage, and support messages.

IP addresses

IP addresses are processed transiently for rate-limiting and abuse prevention only, and are deleted from Kodiak's application records within 24 hours. Network infrastructure (reverse proxies, hosting providers) may process connection metadata transiently to operate the service.

How data is used

We use data to provide the service, prevent abuse, maintain certificate history, process payments, support users, and improve reliability.

Public verification

Certificate verification routes may expose certificate metadata needed to verify integrity. Do not submit private claims unless you are comfortable with that operational model.

Third-party processing

To produce certificates, the claims you submit are sent to third-party AI model providers (e.g., OpenRouter and the underlying model vendors) and to third-party search and data services (academic, news, government-data, legal, and web-search APIs) used to gather evidence. Payments are processed by Stripe and transactional email is sent via Resend. These providers handle data under their own terms. Do not submit secret, personal, or sensitive information inside a claim.

Data retention

We retain account, certificate, and billing records for as long as your account is active or as needed to operate the service and meet legal obligations. To request account or data deletion, contact us below.

Contact

Privacy questions: support@azurecarbon.com.