Privacy Policy

Last updated: February 2026

KANONYQ (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you use our forensic narrative audit services.

Key commitment: Your manuscript is used solely to perform the requested audit. Your creative work remains yours. Period.

0) Who We Are

KANONYQ is an independent practice based in Valencia, Spain (EU).

Data controller contact: contact@kanonyq.com

As a European entity, we comply with the GDPR (General Data Protection Regulation) and apply its standards to personal data and manuscript confidentiality.

Your manuscript is used only for the requested audit and deleted within 30 days of report delivery, unless you request earlier deletion. It is not reused for any secondary purpose.

International payment processing via Stripe, Inc.

1) Information We Collect

We collect information you provide directly to us:

Account Information: Name, email address, and payment information when you purchase our services.
Manuscript Files: The document files (.docx, .pdf, .epub, .txt) you submit for audit.
Communications: Any messages, feedback, or correspondence you send to us.
Usage Data: Information about how you interact with our website, including IP address, browser type, and pages visited.

2) How We Use Your Information

We use the information we collect to:

Provide and improve our forensic audit services.
Process transactions and send related information (confirmations, invoices, reports).
Respond to your comments, questions, and requests.
Send service-related updates and administrative messages.
Monitor website use, security, and service reliability.
Detect, investigate, and prevent fraudulent transactions and abuse.

Legal bases (EU/UK GDPR, where applicable):

Contract: to provide the services you request.
Legal obligation: to comply with tax and accounting requirements.
Legitimate interests: to secure our services, prevent fraud/abuse, and improve reliability.
Consent: where required (e.g., certain cookies), which you can withdraw at any time.

3) Manuscript Confidentiality

Your manuscript is treated as strictly confidential intellectual property.

We commit to the following protections:

Exclusive Use: Your manuscript is used solely to perform the requested audit. It is not shared, published, sold, or distributed to third parties except where necessary to provide the service and subject to confidentiality obligations.
Limited Access: Access to manuscripts is limited to Thomas Sibelius and essential service providers involved in payment, secure upload, storage, or delivery, and only to the extent necessary to provide the service.
Deletion: Your manuscript files and audit working materials are permanently deleted within 30 days of report delivery, unless you request earlier deletion.
No retained manuscript copies: once deleted, we do not retain copies of your manuscript. The audit report, which may include brief excerpts from the manuscript for reference, may be retained for customer service purposes unless you request earlier deletion.

3.1) AI-Assisted Processing

The Narrative Forensics framework uses AI-assisted structural analysis as part of the audit workflow. This section explains how your manuscript data is handled during that process.

What is processed: The full manuscript text, or selected excerpts, may be submitted to a third-party AI provider's API for structural pattern mapping — including causality, pacing, scene function, continuity, and character agency. No other use is made of your text.

How it is processed: Manuscripts are processed exclusively through paid enterprise-grade API environments. Your text is never entered into public consumer chat interfaces, free-tier tools, or any system where user inputs are used to improve or train AI models.

Provider data use: Under the terms of our API agreement, the AI provider does not use client prompts, manuscript content, or model outputs to train, improve, or develop its models.

Provider-side retention: The AI provider may temporarily retain prompts and outputs for a limited period solely for abuse monitoring and policy enforcement, as described in the provider's applicable API terms. This retention is governed by the provider's own data processing agreement and is outside KANONYQ's direct control. Where available, we enable data retention minimization options offered by the provider.

No generative use: AI tools are used solely for structural analysis. They are not used to rewrite your prose, imitate your voice, generate new content, or produce any creative material attributed to you.

Deletion: All AI-related working materials — including prompts, intermediate outputs, and workflow logs — are treated as confidential audit materials and are subject to the same deletion schedule described in Section 4.

4) Data Retention

We retain different types of data for different periods:

Manuscript Files: Deleted within 30 days of report delivery (or earlier upon request).
Audit working materials: Deleted within 30 days of report delivery (or earlier upon request).
Audit Reports: Retained for 12 months for customer service purposes, then deleted (or earlier upon request).
Account Information: Retained as long as necessary to provide services or as required by law.
Transaction Records: Retained as required by applicable tax and accounting laws (commonly 7 years).
Security Logs: Retained for up to 12 months for security and abuse-prevention purposes.

Manuscript files and audit working materials are ordinarily deleted from active production systems within 30 days of report delivery, or earlier upon request. Encrypted backup copies may persist temporarily for disaster recovery purposes and are ordinarily overwritten within 90 days. Audit reports may be retained for up to 12 months for customer service purposes unless earlier deletion is requested.

You may request deletion of your data at any time by contacting contact@kanonyq.com.

5) Information Sharing

We may disclose personal information to the following categories of service providers solely as necessary to operate our service: payment processors, secure file-upload providers, cloud hosting/storage providers, AI processing providers, email delivery providers, customer support platforms, analytics providers, and professional advisors. These providers are contractually bound to use the information only for permitted service purposes.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

6) Payment Processing

We use Stripe to process payments. We do not store your credit card information on our servers. Stripe’s privacy policy governs the collection and use of your payment information.

7) Data Security

We implement appropriate technical and organizational measures to protect your information, including:

Encryption in transit (TLS/SSL).
Encryption at rest where supported by the storage system.
Access controls limiting who can view your data.
Regular security reviews and monitoring.

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8) Your Rights

Depending on your location, you may have the following rights:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data and manuscripts.
Portability: Request transfer of your data in a machine-readable format.
Objection/Restriction: Object to or restrict certain processing.
Withdrawal: Withdraw consent where processing is based on consent.

To exercise these rights, contact contact@kanonyq.com with the subject line “Privacy Request”.
We aim to respond within 30 days (or the timeframe required by law). We may need to verify your identity.

If you are in the EU/EEA (including Spain), you may also lodge a complaint with your local supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD).

9) International Data Transfers

Your information may be transferred to and processed in countries other than your own. Where international transfers occur, we apply appropriate safeguards to protect your data in accordance with applicable law.

10) Cookies and Tracking

Our website uses cookies and similar technologies to:

Remember your preferences.
Understand how you use our website.
Improve our services.

You can control cookies through your browser settings. Disabling cookies may affect website functionality.

Do Not Track / third-party tracking disclosure

At this time, KANONYQ does not respond to browser ‘Do Not Track’ signals. Third parties do not collect personal information about users’ online activities over time and across third-party websites through our website, except as necessary for basic payment, hosting, analytics, security, or service functionality described in this policy.

California-specific disclosures
California residents may have rights under the CCPA/CPRA if KANONYQ is a “business” subject to that law for the relevant period. Where applicable, those rights may include the rights to know, delete, correct, and access certain information about how personal information is collected, used, and disclosed.

11) Children’s Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

12) Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date.

Your continued use of our services after changes constitutes acceptance of the updated policy.

13) Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: contact@kanonyq.com
Subject Line: Privacy Inquiry