Privacy Policy

Effective June 3, 2026 · Last reviewed June 4, 2026

1. Who we are

Knowable ("we", "us", "our") is a Canadian software product operated by its founders. We are committed to protecting your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), applicable provincial privacy legislation, and — where they apply to you — the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

If you have questions about this policy or want to exercise any of the rights described below, contact us at privacy@knowable.ca.

2. What we collect and where it goes

When you use the Knowable macOS app, the following data is sent over TLS to our servers in the AWS us-east-1 (US East) region:

  • Profile information you provide at first sign-in: the display name you want Milo to call you, your date of birth (used to confirm you are 13 or older — see Section 13), your country, your current grade level, your purposes for using Knowable, and optionally how you heard about us.
  • Camera frames from your Mac's built-in camera or Continuity Camera while a session is active.
  • Text transcripts produced by Apple's on-device speech recognition when you use opt+M push-to-talk. Voice audio is transcribed locally on your Mac — only the resulting text is sent to our servers.
  • Chat messages you type to Milo, and Milo's responses.
  • Session metadata: timestamps, event log, model selection, hint counts.

Session messages and timeline events are persisted on our servers (Amazon DynamoDB, us-east-1) so you can continue sessions across your Macs. Camera frames are processed at inference time and are not stored long-term, with one exception described below.

Trace capture for model improvement (off by default). The Developer Settings panel in the macOS app includes a "Capture traces for fine-tune" toggle. When enabled, individual camera frames plus the full request and Milo's response are saved to our private S3 bucket (us-east-1) to help us train future model versions. This toggle is off by default and a session is only captured while it is on. Disable the toggle at any time. Captured traces are retained for up to 18 months; see Section 6 for what survives account deletion.

3. Identity, purchases, and authentication

When you create an account we collect your email address (for sign-up + password reset), an authentication identifier ("sub") generated by Amazon Cognito, and — if you sign in with Apple — a stable opaque identifier provided by Apple. If you elect to share your email with us via Sign in with Apple, that email is included; if you do not, we receive only the opaque identifier.

Subscription and purchase state is verified server-side via Apple StoreKit so we can grant credits and unlock subscription features. We never see your payment card details — Apple processes the payment and sends us a signed transaction receipt only.

4. Foundation models and inference

To generate hints, Milo invokes large language models hosted on Amazon Bedrock (us-east-1). The default model is Anthropic Claude Sonnet 4.6. Knowable Plus subscribers can optionally route requests to Mistral Large 3 (Mistral AI), Kimi K2.5 (Moonshot AI), or Qwen3 VL (Alibaba Cloud) from in-app Settings.

Each model is operated by its respective provider under contractual arrangements with AWS Bedrock. Camera frames, chat messages, and voice transcripts are processed by the model provider's weights to generate hints. AWS publishes data-protection terms for Bedrock model invocations.

5. Third-party service providers

We share data with the following third-party processors, all of whom act on our instructions under contractual data-processing terms:

  • Amazon Web Services (AWS) — cloud infrastructure: ECS Fargate (compute), Application Load Balancer, DynamoDB (session + entitlement storage), S3 (trace capture), CloudWatch (operational logs), and Amazon Bedrock (model inference). See AWS Privacy Notice.
  • Amazon Cognito — authentication and user identity. Stores hashed credentials and federated identity links.
  • Anthropic, PBC — provider of Claude Sonnet 4.6, our default reasoning model. Camera frames and chat content are processed by Claude under AWS Bedrock terms.
  • Mistral AI, Moonshot AI, Alibaba Cloud — providers of the optional alternative models (Mistral Large 3, Kimi K2.5, Qwen3 VL). Only invoked if you switch to one in Settings.
  • Apple Inc. — Sign in with Apple identity provider, App Store StoreKit (subscription + in-app purchase processing), and TestFlight (if you receive a TestFlight build).
  • Google LLC — Sign in with Google identity provider (when you choose Google sign-in).
  • ElevenLabs — text-to-speech provider used by default for Milo's spoken responses. Only the response text is sent. If you prefer on-device TTS, you can switch in Settings.
  • Cloudflare — bot-protection (Turnstile) on the public waitlist endpoint. A short-lived challenge token is set in your browser only during form submission.

We do not sell, rent, or share your personal information with advertisers, data brokers, or any party for cross-context behavioural advertising. The list above is exhaustive as of the effective date — if we add a new processor, this policy will be updated before the new processing begins.

6. Retention and account deletion

You can delete your account at any time from the macOS app (Settings → Account → Delete Account). On deletion we run a cascade across our systems and remove:

  • Your profile (display name, date of birth, country, grade level, purposes, and acquisition source if provided).
  • All session records, message logs, and timeline events from DynamoDB.
  • Your entitlement record, including stored credit balance and Apple-account binding.
  • Your Amazon Cognito identity record and (for Sign in with Apple users) revocation of the Apple refresh token.

What survives deletion:

  • CloudWatch operational logs — request metadata such as user ID prefix, session ID, timestamps, and error stacks. Retained for 30 days then automatically purged. No camera frame content is logged.
  • Trace capture S3 objects — if you previously enabled the "Capture traces for fine-tune" developer toggle, captured frames and transcripts may remain in our private S3 bucket for up to 18 months from capture. Email privacy@knowable.ca with a deletion request and we will purge those objects within 30 days.
  • Anti-abuse records — a record that an Apple ID previously claimed the free-tier monthly grant. This is the minimum data needed to prevent abuse of the free tier across deleted-and-recreated accounts.
  • Waitlist records — if you signed up for the marketing waitlist with an email that you later used for an account, the waitlist record is independent and not removed by account deletion. Email us to remove it.

7. Your rights

Wherever you live, you have the right to:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct inaccurate or incomplete information.
  • Deletion — request that we delete your personal information (see Section 6 for the cascade scope).
  • Withdrawal of consent — withdraw consent for non-essential processing (e.g. trace capture) at any time. This may limit certain features.
  • Portability — request a machine-readable export of your session data.

To exercise any of these rights, email privacy@knowable.ca. We will respond within 30 days.

8. Cross-border transfers

Knowable is operated from Canada but our infrastructure is hosted in the United States (AWS us-east-1). Any data you provide is therefore transferred to and processed in the US, and may be subject to US legal process. Under PIPEDA we ensure comparable protection through AWS's contractual safeguards.

If you are in the EU, UK, or Switzerland, this transfer relies on the EU-US Data Privacy Framework (where applicable) and AWS's Standard Contractual Clauses as supplementary safeguards.

9. Users in the EU, UK, or EEA (GDPR)

If you are located in the European Union, the United Kingdom, or the European Economic Area, the following applies in addition to the rights above.

Lawful basis. We process your data on the following bases: performance of a contract (operating the service you signed up for), consent (for the optional trace-capture toggle), and legitimate interests (operational logging, anti-abuse protection of the free tier).

Automated decision-making. Hints are generated by foundation model inference. This is not a decision with legal or similarly significant effects on you, but you are entitled to know about it under Article 22.

Supervisory authority. You have the right to lodge a complaint with your local data-protection authority (e.g. the UK ICO, Ireland's DPC, France's CNIL). We are happy to address concerns directly first — contact privacy@knowable.ca.

10. California residents (CCPA / CPRA)

Categories of personal information collected. Identifiers (email, account sub, display name); demographic information (date of birth, country, grade level); preference information (purposes for using Knowable, acquisition source); internet/network activity (session data, request metadata); audio/visual data (camera frames, voice transcripts during active sessions); commercial information (subscription state).

Sources. Directly from you when you use the app or platform site.

Business purposes. Providing the service, processing purchases, security and anti-abuse, model improvement (only when trace capture is enabled).

Sale / sharing. We do not sell or share your personal information for cross-context behavioural advertising. We have not done so in the preceding 12 months.

Rights. California residents have the right to know, delete, correct, limit use of sensitive personal information, and opt out of any future sale or share. Submit requests to privacy@knowable.ca.

11. Operational logging

Our backend writes operational logs to Amazon CloudWatch for debugging, performance monitoring, and security investigation. These logs include request metadata such as user ID prefixes, session IDs, timestamps, HTTP status codes, response times, and error stacks. Camera frame content and full chat content are not logged. Logs are automatically purged after 30 days.

12. Cookies and browser storage

knowable.ca (this marketing site). No analytics cookies, advertising trackers, or pixels. Fonts are self-hosted, so no third-party font CDN logs your visit. If you submit the waitlist form, Cloudflare Turnstile may set a short-lived challenge cookie during submission.

platform.knowable.ca (educator portal). The platform site stores your Amazon Cognito session tokens (ID, access, refresh) in your browser's localStorage to keep you signed in. This is strictly necessary for the service to function. No analytics cookies are set.

13. Children's privacy

Knowable is intended for users aged 13 and older. Our marketing positions Knowable as a tool for high school students.

Age verification at sign-up. When you first sign in, we ask for your date of birth. If you are under 13 we immediately delete the account we provisioned for sign-up — no profile data, session records, or other personal information is retained.

If a parent or guardian discovers that an under-13 child has signed up for Knowable despite the age check, contact privacy@knowable.ca and we will delete the account and associated data promptly.

14. Educator accounts

Educator accounts at platform.knowable.ca are currently invite-only while we complete additional safety review. The data described above continues to apply when an educator account is created; class-membership records and per-student sharing preferences are stored in DynamoDB and removed on account deletion. Contact support@knowable.ca to request educator access.

15. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email to registered users at least 14 days before taking effect. The "Effective" and "Last reviewed" dates at the top of this page reflect the current version. Non-material updates (formatting, clarifications) only refresh the "Last reviewed" date.

16. Contact

For privacy questions, requests, or to exercise any right under this policy:
privacy@knowable.ca