Kodiak

Privacy Policy

Version 2026-06-06

Kodiak is built privacy-first: who you are is not linked to what you check. We keep only what is needed to run the service and verify certificates, and the certificates themselves are stored anonymously.

What we collect

If you create an account: your email and session/authentication metadata, and — for purchases — payment/credit records via our processor. When you run a check: the claim text is recorded as part of its certificate and kept in the anonymous public ledger (described below), and we record minimal usage counts (for daily limits and billing) plus any support messages you send us.

Your checks are anonymous by default

Certificates are stored in an anonymous, publicly-verifiable ledger (cryptographically chained and externally anchored) with no account identifier — the database does not link who you are to the claims you check. Linking your account to your search history is opt-in and off by default — it is the only data tied to your identity. Until you enable it (from your account page), your account carries no record of which certificates it produced; you can turn it off or delete saved history at any time, and neither affects the anonymous public ledger.

Billing is de-linked

Payment and credit records reference a private charge event, not your certificate or claim, so billing cannot be joined to what you searched.

No tracking, no profiling, no training

We run no advertising trackers, no analytics SDKs, and no behavioral profiling. We never sell or share your data, and we do not train models on your claims.

IP addresses

IP addresses are processed transiently for rate-limiting and abuse prevention only, and are deleted from Kodiak's application records within 24 hours. Network infrastructure (reverse proxies, hosting providers) may process connection metadata transiently to operate the service.

How data is used

We use data to provide the service, prevent abuse, maintain the anonymous certificate ledger, process payments, support users, and improve reliability.

Public verification

Certificate verification routes may expose certificate metadata needed to verify integrity. Do not submit private claims unless you are comfortable with that operational model.

Third-party processing

To produce certificates, the claims you submit are sent to third-party AI model providers (e.g., OpenRouter and the underlying model vendors) and to third-party search and data services (academic, news, government-data, legal, and web-search APIs) used to gather evidence. Payments are processed by Stripe and transactional email is sent via Resend. These providers handle data under their own terms. Do not submit secret, personal, or sensitive information inside a claim.

Data retention

Anonymous certificates persist as part of the verifiable ledger. Account and billing records are retained while your account is active or as needed for legal and accounting obligations. Deleting your account removes your private records; the anonymous certificates, which carry no identity, remain. To request account or data deletion, contact us below.

Contact

Privacy questions: support@azurecarbon.com.