Keendai -- Privacy Policy

Effective date: 2026-05-05 Last updated: 2026-05-05

This Privacy Policy describes how Keendai ("Keendai", "we", "us", "our"), a service operated by H2Op, collects, uses, and shares information about you when you use the Keendai service (the "Service") at keendai.com and app.keendai.com.

1. Scope

This Policy applies to:

• Visitors to keendai.com and app.keendai.com
• Customers who create an account and use the Service
• Individuals whose business contact information is mined and processed by the Service as lead data

This Policy does NOT govern data processed by third-party services we integrate with (Apollo, Hunter, Stripe, Google, etc.). Those services have their own privacy policies, linked in Section 7.

2. Information we collect

2.1 Account information (you provide directly)

• Name, email, password (hashed)
• Workspace name and configuration
• Billing details (processed by Stripe; we receive a token, not card data)
• Optional: company name, industry, role
• API credentials you provide for BYOK integrations (Apollo, Hunter, CRM, etc.) -- stored encrypted in Google Cloud Secret Manager

2.2 Usage information (collected automatically)

• IP address (used for rate limiting and security; not retained beyond 30 days in identifiable form)
• Browser type, device type, operating system
• Pages visited, features used, click events, time on page
• Referrer URL
• Search queries within the Service
• Lead exports performed
• Mining job parameters and results

2.3 Lead data (mined and stored on your behalf)

The Service mines publicly available business signal data and contact data from sources including:

• Google Maps Places API (business names, addresses, phones, ratings, reviews)
• YouTube Data API (channel names, descriptions, public contact info from descriptions)
• Reddit (public posts, when configured)
• Web scraping of business websites (publicly accessible pages)
• Jobs boards (public job listings, when configured)
• Meta Ads Library (public advertiser data)
• Apollo (verified contacts, when integrated)
• Hunter (verified emails, when integrated)
• Telnyx Lookup (phone line type metadata)
• WHOIS (domain registration metadata)

Lead data is processed and stored in the Service to enable Customer's lead-generation use case.

2.4 Cookies and tracking

We use:

• Essential cookies for authentication and session management
• Analytics cookies via Google Analytics 4 and Microsoft Clarity (for usage and performance analysis)
• Anti-fraud via reCAPTCHA Enterprise

Customers and visitors can opt out of analytics via browser settings or, where required, via the cookie consent banner.

3. How we use information

We process information to:

• Provide, operate, and improve the Service
• Authenticate users and enforce security
• Process billing via Stripe
• Send transactional emails (account verification, billing receipts, important notices)
• Send marketing emails about the Service (only with consent or where permitted by law; opt-out available)
• Respond to support requests
• Enforce our Terms and prevent fraud or abuse
• Comply with legal obligations
• Generate aggregate, de-identified analytics for product improvement

We do NOT sell personal information to third parties for monetary or other valuable consideration.

4. Lawful basis for processing

For United States users (the only jurisdiction we serve), processing is conducted under:

• Contract: to provide the Service to Customers
• Legitimate interest: to operate, secure, and improve the Service
• Consent: where required (e.g., marketing communications)
• Legal obligation: where compliance with law requires processing

5. How we share information

5.1 Subprocessors

We share information with the following subprocessors, each contractually bound to confidentiality and data-protection terms:

This list may be updated. Material additions will be communicated via in-product notice or email.

5.2 With Customers

If you are a Workspace member, the Workspace owner has full access to all data within that Workspace, including data attributable to you.

5.3 Legal disclosures

We may disclose information when required by law, court order, or to protect rights and safety.

5.4 Business transfers

In connection with a merger, acquisition, or asset sale, information may be transferred to the successor entity.

6. Data retention

You may request earlier deletion under Section 9.

7. Third-party services

When you connect third-party services (Apollo, Hunter, Google Sheets, HubSpot, Salesforce, etc.), your interactions with those services are governed by their respective privacy policies. We recommend reviewing them.

8. Security

We implement administrative, technical, and physical safeguards to protect information, including:

• TLS 1.2+ encryption in transit
• Encryption at rest via Google Cloud's managed encryption (with optional Customer-Managed Encryption Keys for Enterprise tier)
• Multi-factor authentication available on all accounts; required on Owner role on paid tiers
• API key storage in Google Cloud Secret Manager, never logged
• Workforce Identity Federation for staff GCP access; no service-account keys downloaded to laptops
• Audit logs for all admin actions
• Regular vulnerability scanning of containers and dependencies
• Cloud Armor WAF protection on customer-facing endpoints

No system is perfectly secure. If we discover a security incident affecting your data, we will notify affected Customers per applicable law.

9. Your rights

9.1 California residents (CCPA / CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect about you
• Request deletion of your personal information
• Request correction of inaccurate personal information
• Opt out of the "sale" or "sharing" of personal information (we do not sell personal information)
• Limit the use of sensitive personal information
• Non-discrimination for exercising these rights

To exercise these rights, contact us at privacy@keendai.com.

9.2 All Customers

Regardless of jurisdiction, you may:

• Access your account data via the Workspace settings
• Export Customer Data as CSV
• Request correction of inaccurate data via support
• Request deletion of your account and Customer Data
• Withdraw consent for marketing communications via the unsubscribe link

We aim to respond within 30 days.

9.3 Lead-data subjects

If you are a person whose business contact information has been processed as lead data through our Service (i.e., a prospect mined and contacted by one of our Customers), you may:

• Request information about whether your data has been processed
• Request deletion of your business contact information from our system
• Send a request to privacy@keendai.com

We will process your request within 30 days. Note that opting out of one Customer's outreach does not prevent another Customer from independently mining or contacting you, as we do not maintain a global do-not-contact list across Customers (a feature we may add in future versions).

10. International data transfers

The Service is offered in the United States. Data is stored and processed in the United States. The Service is NOT intended for use by individuals in the European Union, United Kingdom, or other regions with cold-email restrictions analogous to GDPR.

11. Children's privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it.

12. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via in-product notice or email at least 30 days before the change takes effect. The "Last updated" date at the top reflects the most recent revision.

13. Contact

For privacy questions or requests:

• Email: privacy@keendai.com
• Mail: 2160 Barranca Parkway #1210, Irvine, CA 92606, United States