Privacy Policy

Effective June 3, 2026 · Last reviewed June 8, 2026

1. Who we are

Knowable ("we", "us", "our") is a Canadian software product operated by its founders. We are committed to protecting your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), applicable provincial privacy legislation, and — where they apply to you — the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

If you have questions about this policy or want to exercise any of the rights described below, contact us at privacy@knowable.ca.

2. What we collect and where it goes

When you use the Knowable macOS app, the following data is sent over TLS to our servers in the AWS us-east-1 (US East) region:

  • Profile information you provide at first sign-in: the display name you want Milo to call you, your date of birth (used to confirm you are 13 or older — see Section 13), your country, your current grade level, your purposes for using Knowable, and optionally how you heard about us.
  • Camera frames from your Mac's built-in camera or Continuity Camera while a session is active.
  • Text transcripts produced by Apple's on-device speech recognition when you use opt+M push-to-talk. Voice audio is transcribed locally on your Mac — only the resulting text is sent to our servers.
  • Chat messages you type to Milo, and Milo's responses.
  • Session metadata: timestamps, event log, model selection, hint counts.

Session messages and timeline events are persisted on our servers (Amazon DynamoDB, us-east-1) so you can continue sessions across your Macs. Camera frames are processed at inference time and are not stored — they live only in memory during a session and are never written to disk or to our database.

3. Identity, purchases, and authentication

When you create an account we collect your email address (for sign-up + password reset), an authentication identifier ("sub") generated by Amazon Cognito, and — if you sign in with Apple — a stable opaque identifier provided by Apple. If you elect to share your email with us via Sign in with Apple, that email is included; if you do not, we receive only the opaque identifier.

Subscription and purchase state is verified server-side via Apple StoreKit so we can grant credits and unlock subscription features. We never see your payment card details — Apple processes the payment and sends us a signed transaction receipt only.

4. Foundation models and inference

To generate hints, Milo invokes large language models hosted on Amazon Bedrock (us-east-1). The default model is Mistral Large 3 (Mistral AI). Knowable Plus subscribers can optionally route requests to Anthropic Claude Sonnet 4.6, Kimi K2.5 (Moonshot AI), or Qwen3 VL (Alibaba Cloud) from in-app Settings.

How Bedrock isolates your data from the model providers: AWS deploys each model into a dedicated "Model Deployment Account" that the model provider does not have access to. Inference happens inside that AWS-controlled account, so the model providers (Anthropic, Mistral, Moonshot, Alibaba Cloud) never see your prompts, your camera frames, or Milo's responses. AWS publishes this guarantee in its Bedrock FAQ and its data-protection terms.

AWS additionally states that "AWS and the third-party model providers will not use any inputs to or outputs from Amazon Bedrock to train" the underlying models, and that "your content is not used to improve the base models and is not shared with any model providers." Data sent to Bedrock is encrypted in transit (TLS) and at rest.

5. Third-party service providers

We share data with the following third-party processors, all of whom act on our instructions under contractual data-processing terms:

  • Amazon Web Services (AWS) — cloud infrastructure: ECS Fargate (compute), Application Load Balancer, DynamoDB (session + entitlement storage), CloudWatch (operational logs), and Amazon Bedrock (model inference). See AWS Privacy Notice.
  • Amazon Cognito — authentication and user identity. Stores hashed credentials and federated identity links.
  • Anthropic, PBC, Mistral AI, Moonshot AI, Alibaba Cloud — vendors of the foundation models we run through Bedrock (Claude Sonnet 4.6, Mistral Large 3, Kimi K2.5, Qwen3 VL). As described in Section 4, AWS deploys these models into AWS-controlled accounts that the model vendors do not have access to, so these vendors are not data processors of your content — they cannot see your prompts, frames, or Milo's responses, and AWS contractually prevents them from using your inputs or outputs to train their models.
  • Apple Inc. — Sign in with Apple identity provider, App Store StoreKit (subscription + in-app purchase processing), and TestFlight (if you receive a TestFlight build).
  • Google LLC — Sign in with Google identity provider (when you choose Google sign-in).
  • ElevenLabs — text-to-speech provider used by default for Milo's spoken responses. Only the response text is sent. If you prefer on-device TTS, you can switch in Settings.
  • Cloudflare — bot-protection (Turnstile) on the public waitlist endpoint. A short-lived challenge token is set in your browser only during form submission.

We do not sell, rent, or share your personal information with advertisers, data brokers, or any party for cross-context behavioural advertising. The list above is exhaustive as of the effective date — if we add a new processor, this policy will be updated before the new processing begins.

6. Retention and account deletion

You can delete your account at any time from the macOS app (Settings → Account → Delete Account). On deletion we run a cascade across our systems and remove:

  • Your profile (display name, date of birth, country, grade level, purposes, and acquisition source if provided).
  • All session records, message logs, and timeline events from DynamoDB.
  • Your entitlement record, including stored credit balance and Apple-account binding.
  • Your Amazon Cognito identity record and (for Sign in with Apple users) revocation of the Apple refresh token.

What survives deletion:

  • CloudWatch operational logs — request metadata such as user ID prefix, session ID, timestamps, and error stacks. Retained for 30 days then automatically purged. No camera frame content is logged.
  • Anti-abuse records — a record that an Apple ID previously claimed the free-tier monthly grant. This is the minimum data needed to prevent abuse of the free tier across deleted-and-recreated accounts.
  • Waitlist records — if you signed up for the marketing waitlist with an email that you later used for an account, the waitlist record is independent and not removed by account deletion. Email us to remove it.

7. Your rights

Wherever you live, you have the right to:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct inaccurate or incomplete information.
  • Deletion — request that we delete your personal information (see Section 6 for the cascade scope).
  • Withdrawal of consent — withdraw consent for non-essential processing at any time. This may limit certain features.
  • Portability — request a machine-readable export of your session data.

To exercise any of these rights, email privacy@knowable.ca. We will respond within 30 days.

8. Cross-border transfers

Knowable is operated from Canada but our infrastructure is hosted in the United States (AWS us-east-1). Any data you provide is therefore transferred to and processed in the US, and may be subject to US legal process. Under PIPEDA we ensure comparable protection through AWS's contractual safeguards.

If you are in the EU, UK, or Switzerland, this transfer relies on the EU-US Data Privacy Framework (where applicable) and AWS's Standard Contractual Clauses as supplementary safeguards.

9. Users in the EU, UK, or EEA (GDPR)

If you are located in the European Union, the United Kingdom, or the European Economic Area, the following applies in addition to the rights above.

Lawful basis. We process your data on the following bases: performance of a contract (operating the service you signed up for) and legitimate interests (operational logging, anti-abuse protection of the free tier).

Automated decision-making. Hints are generated by foundation model inference. This is not a decision with legal or similarly significant effects on you, but you are entitled to know about it under Article 22.

Supervisory authority. You have the right to lodge a complaint with your local data-protection authority (e.g. the UK ICO, Ireland's DPC, France's CNIL). We are happy to address concerns directly first — contact privacy@knowable.ca.

10. California residents (CCPA / CPRA)

Categories of personal information collected. Identifiers (email, account sub, display name); demographic information (date of birth, country, grade level); preference information (purposes for using Knowable, acquisition source); internet/network activity (session data, request metadata); audio/visual data (camera frames, voice transcripts during active sessions); commercial information (subscription state).

Sources. Directly from you when you use the app or platform site.

Business purposes. Providing the service, processing purchases, security and anti-abuse.

Sale / sharing. We do not sell or share your personal information for cross-context behavioural advertising. We have not done so in the preceding 12 months.

Rights. California residents have the right to know, delete, correct, limit use of sensitive personal information, and opt out of any future sale or share. Submit requests to privacy@knowable.ca.

11. Operational logging

Our backend writes operational logs to Amazon CloudWatch for debugging, performance monitoring, and security investigation. These logs include request metadata such as user ID prefixes, session IDs, timestamps, HTTP status codes, response times, and error stacks. Camera frame content and full chat content are not logged. Logs are automatically purged after 30 days.

12. Cookies and browser storage

knowable.ca (this marketing site). No analytics cookies, advertising trackers, or pixels. Fonts are self-hosted, so no third-party font CDN logs your visit. If you submit the waitlist form, Cloudflare Turnstile may set a short-lived challenge cookie during submission.

platform.knowable.ca (educator portal). The platform site stores your Amazon Cognito session tokens (ID, access, refresh) in your browser's localStorage to keep you signed in. This is strictly necessary for the service to function. No analytics cookies are set.

13. Children's privacy

Knowable is intended for users aged 13 and older. Our marketing positions Knowable as a tool for high school students.

Age verification at sign-up. When you first sign in, we ask for your date of birth. If you are under 13 we immediately delete the account we provisioned for sign-up — no profile data, session records, or other personal information is retained.

If a parent or guardian discovers that an under-13 child has signed up for Knowable despite the age check, contact privacy@knowable.ca and we will delete the account and associated data promptly.

14. Educator accounts

Educator accounts at platform.knowable.ca are currently invite-only while we complete additional safety review. The data described above continues to apply when an educator account is created; class-membership records and per-student sharing preferences are stored in DynamoDB and removed on account deletion. Contact support@knowable.ca to request educator access.

15. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email to registered users at least 14 days before taking effect. The "Effective" and "Last reviewed" dates at the top of this page reflect the current version. Non-material updates (formatting, clarifications) only refresh the "Last reviewed" date.

16. Contact

For privacy questions, requests, or to exercise any right under this policy:
privacy@knowable.ca