Legal
PRIVACY POLICY
Last updated: April 2026 · legal@kernlapp.com
KERNL App, LLC ("KERNL," "we," or "us") operates the KERNL franchise operations platform. This Privacy Policy explains how we collect, use, store, and share personal information when you use our platform or visit our website.
Contact: legal@kernlapp.com · KERNL App, LLC · 2712 Transportation Ave, Suite K · National City, CA 91950
1. Information We Collect
| Category | Examples | Why |
|---|---|---|
| Account information | Name, email, password | To create and secure your account |
| Business information | Company name, franchise system, location count | To configure your account |
| Payment information | Billing address, last four digits of card (Stripe handles the rest — we never store raw card numbers) | To process subscriptions |
| Usage data | Features used, pages visited, clicks, time spent | To improve the platform |
| Log data | IP address, timestamps, browser type, error logs | Security, fraud prevention, debugging |
| ToS acceptance record | Timestamp, IP address, version accepted | Legal compliance under the E-SIGN Act |
2. How We Use Your Information
We use personal information to: provide and maintain the Service; process payments; send transactional emails (confirmations, receipts, alerts); respond to support requests; detect fraud and security incidents; comply with legal obligations; and improve the platform.
We do not sell your personal information. We do not share it for advertising. We do not use your data to train AI or machine learning models without your separate written consent.
3. Cookies and Tracking
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| Auth session token | Supabase | Keeps you logged in. Required — disabling prevents login. | Session |
| Theme preference | KERNL | Remembers light/dark mode. | 1 year |
| ph_* analytics | PostHog (EU) | Aggregate product analytics. No cross-site tracking. | 1 year |
We do not use advertising cookies, retargeting pixels, or social media tracking of any kind. Manage cookies in your browser settings, but note that disabling the auth cookie will prevent you from logging in.
4. Sub-Processors (Who We Share Data With)
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database and authentication | USA (AWS us-west-1) |
| Vercel | Web hosting and CDN | USA / Global CDN |
| Stripe | Payment processing | USA |
| Resend | Transactional email delivery | USA |
| PostHog | Product analytics | EU |
We do not sell or share your data with any other third party, except as required by law or in connection with a business transfer (with advance notice to you).
5. Data Retention
Account data is kept for the duration of your subscription plus 90 days after termination. Customer data is available for export for 30 days after termination, then deleted. Payment records are kept for 7 years (tax compliance). ToS acceptance records are kept for 7 years (legal compliance). You may request written confirmation of deletion after your account closes.
6. California Residents — CCPA/CPRA Rights
If you are a California resident, you have the right to:
- Know what personal information we hold and how it is used.
- Delete your personal information (subject to legal exceptions).
- Correct inaccurate personal information.
- Opt out of sale or sharing — we currently do neither.
- Non-discrimination — exercising these rights will not affect your access or pricing.
To exercise these rights, email legal@kernlapp.com with the subject line "California Privacy Request." We respond within 45 days.
7. EU / UK Residents — GDPR Rights
If you are in the EEA, UK, or Switzerland, you have the right to access, correct, delete, and port your personal data. You may object to processing based on legitimate interests and withdraw consent at any time. Email legal@kernlapp.com. We respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
For transfers of personal data from the EEA, UK, or Switzerland to the US, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.
8. KERNL as Data Processor
When processing personal data on behalf of a franchisor customer, KERNL acts as a data processor (GDPR) or service provider(CCPA/CPRA). We process such data only on the franchisor's instructions — not for our own purposes. Franchisor customers may request a Data Processing Agreement (DPA) by emailing legal@kernlapp.com.
If you are a franchisee with questions about how your franchisor uses your data in KERNL, contact your franchisor — they are the data controller for that relationship.
9. Security
We use TLS encryption in transit, AES-256 at rest, row-level security on all database tables, access controls, and timestamped audit logging. No system is perfectly secure. In the event of an incident affecting your data, we will notify you as required by applicable law.
10. Children's Privacy
KERNL is a business-to-business platform for adults. We do not knowingly collect personal information from children under 13. Contact legal@kernlapp.com if you believe we have done so inadvertently.
11. Changes to This Policy
For material changes, we will notify you by email and in-app notice at least 14 days before the change takes effect. Continued use after the effective date constitutes acceptance.
12. Contact
legal@kernlapp.com
KERNL App, LLC · 2712 Transportation Ave, Suite K · National City, CA 91950
Compliant with CalOPPA (Cal. Bus. & Prof. Code § 22575), CCPA/CPRA (Cal. Civ. Code § 1798.100 et seq.), and GDPR (Regulation (EU) 2016/679). Last reviewed April 2026.