Kenosian — Privacy Policy

Summary

We collect the minimum data required to operate the API. No data is sold or shared with third parties. Retention is 30 days. Contact: peter@kenosian.com

1. Data Collected

When you use the OpenTTT / ttt-mcp API, we collect the following:

API key hash — SHA-256 hash of your API key, used for authentication and quota enforcement. The raw key is never stored.
Call timestamps — UTC timestamp of each API request, used for rate limiting and usage accounting.
IP address — Source IP of each request, used solely for rate limiting (FREE tier: 100 calls/day per IP). Not linked to any personal identity.

We do not collect: names, emails (unless voluntarily provided for billing), payment card numbers, or query content.

2. Retention Period

All API access logs (API key hash, timestamps, IP addresses) are retained for 30 days and then automatically deleted.

Billing records (tier, invoice amounts) are retained for 7 years as required by Korean tax law (National Tax Service regulations).

3. Third-Party Sharing

None. We do not sell, rent, or share your data with any third party for any purpose.

Exception: If required by a valid court order or Korean law enforcement request, we may disclose the minimum required information. We will notify you to the extent permitted by law.

4. Data Security

API keys are stored as SHA-256 hashes only. Access logs are stored on GCP infrastructure with encryption at rest. Access is restricted to authorized personnel only.

TTTPS audit chains (if applicable to your tier) are cryptographically tamper-evident — chain_integrity is verifiable independently by the subscriber.

5. Your Rights

Under Korean Personal Information Protection Act (PIPA) and, where applicable, GDPR:

Right to access — request a copy of data held about you
Right to deletion — request deletion prior to the 30-day automatic deletion
Right to correction — request correction of inaccurate data
Right to object — object to processing in specific circumstances

To exercise any right, email peter@kenosian.com. We will respond within 10 business days.

6. Governing Law

This policy is governed by the laws of the Republic of Korea. Disputes shall be subject to the exclusive jurisdiction of the courts of Seoul, Korea.

For EU residents: processing is conducted on a legitimate interest basis (API rate limiting and security). You may lodge a complaint with your local supervisory authority.

7. Contact

Privacy inquiries: peter@kenosian.com

Kenosian / Helm Protocol · Seoul, Republic of Korea