Legal

Privacy Policy

Last updated: May 31, 2026

1. Who we are

Know AI is a product of Althera (“we”, “us”). Althera is the data controller responsible for the personal data described in this policy. This Privacy Policy explains what we collect, why, and the rights you have over your data.

It should be read together with our Cookie Policy and Terms of Service.

2. Data we collect

Account data

Name, email address, and password (stored hashed) when you create an account or are invited to an organization.

Organization & content data

The organizations, projects, documents, and pages you and your team create, including any text and media you upload.

Billing data

If you subscribe to a paid plan, payment is processed by Stripe. We store your subscription status and plan; we do not store full card numbers.

Usage & device data

Basic technical information such as IP address, browser type, and log data needed to operate and secure the service.

3. How we use your data

  • To provide, maintain, and secure the service.
  • To power features you request — including the AI chatbot, which answers using only your organization's own documents.
  • To process payments and manage subscriptions (via Stripe).
  • To communicate with you about your account, security, and service updates.
  • To comply with legal obligations.

4. Legal bases (GDPR)

Where the GDPR applies, we rely on: performance of our contract with you (to provide the service), your consent (for optional cookies and marketing), our legitimate interests (to secure and improve the service), and compliance with legal obligations.

5. AI processing & your content

Know AI's assistant is grounded strictly on the documents within your organization. We enforce strict isolation between organizations and projects — the service refuses cross-organization and cross-project answers. Your content is not used to train third-party foundation models.

6. Sharing & sub-processors

We do not sell your personal data. We share data only with service providers that help us run Know AI, under appropriate contractual safeguards — for example payment processing (Stripe) and infrastructure/hosting. Where data is transferred internationally, we use safeguards such as Standard Contractual Clauses.

7. Data retention

We keep personal data for as long as your account is active and as needed to provide the service. When you delete your account or organization, we delete or anonymize the associated personal data within a reasonable period, except where we must retain it to comply with legal obligations.

8. Your rights

Subject to applicable law, you have the right to:

  • Access a copy of your personal data
  • Correct inaccurate or incomplete data
  • Erase your data (“right to be forgotten”)
  • Restrict or object to certain processing
  • Data portability
  • Withdraw consent at any time, without affecting prior processing

To exercise any of these rights, contact us at the address in section 10. You also have the right to lodge a complaint with your local data protection authority.

9. Security

We use technical and organizational measures to protect your data, including encryption in transit, hashed passwords, and access controls. No method of transmission or storage is completely secure, but we work to protect your data and to notify you of incidents as required by law.

10. Contact us

Questions about this policy or your data? Contact Althera at vasco@althera.pt.