Privacy
policy.

Kynos is a product of Zenith Kids, Inc., a 501(c)(3) nonprofit organization incorporated in the United States. All references in this policy to "the platform" or "Kynos" refer to the detection software, APIs, dashboards, and services we provide.

Visiting kynos.zenithkids.org does not require an account. We log standard server access metadata (IP address, user-agent, referrer, timestamp) for a short retention window in order to keep the site available and to detect abuse. We do not use third-party marketing or advertising trackers.

When you submit a contact form, we collect the fields you provide (name, email, company, role, message) so we can respond. That information is stored by our form provider (Netlify Forms) and mirrored to our internal inbox. We do not sell it, share it, or use it for marketing lists.

When a platform customer integrates with Kynos, the integration sends us the content of conversations between end users that the customer has designated for monitoring, along with session and message metadata. This data is processed to produce risk scores, behavioral signals, alerts, and cryptographically signed evidence records.

Customers are responsible for obtaining appropriate consent from their own users under applicable law and under their own terms of service. Kynos acts as a data processor on behalf of the customer.

Conversation data submitted by a customer is used for three purposes: (1) to produce risk scores and alerts for that customer, (2) to preserve a tamper-evident evidence chain tied to that customer's sessions, and (3) to serve aggregate service health metrics that do not expose individual content.

We do not use customer conversation content to train public-facing generative models. Model retraining that uses any customer-derived content requires explicit, contract-level agreement with that customer.

Law enforcement access to customer data is initiated by the customer, not by us. When a customer escalates a session, the evidence bundle belongs to that customer and is theirs to share with law enforcement under applicable legal process.

We cooperate with valid legal requests. We publish a transparency note summarizing the categories of requests we have received on an annual basis.

Customer detection data is retained according to the retention settings in the customer's agreement with us, with defaults that favor preserving tamper-evident evidence through the life of any downstream investigation. Customers may request export and deletion of their data subject to legal holds.

Website analytics and server logs are retained on the order of weeks, not years.

We apply two-factor authentication, role-based access, rate limiting, and account lockout to all operator and administrator accounts. Evidence bundles are signed with Ed25519 keys we control and timestamp using a neutral third-party RFC 3161 authority. Transport is encrypted end-to-end.

No security program is perfect. If you believe you have found a vulnerability, write to security@zenithkids.org and we will engage quickly.

If you are an end user of a platform that uses Kynos and you have questions about how your data is handled, the right place to start is with that platform. If you are a customer, law enforcement partner, or research collaborator and you want to exercise rights over your data, write to privacy@zenithkids.org and we will respond within a reasonable time.