1. Introduction

Metalympics Limited ("we," "us," or "our"), a company incorporated in Hong Kong SAR, operates the Knobase service ("Service"), a no-code AI platform for transforming expertise into interactive, monetizable AI agents for creators, professionals, educators, and organizations. This Privacy Policy explains how we collect, use, disclose, and protect your personal data in compliance with Hong Kong's Personal Data (Privacy) Ordinance (PDPO) (Cap. 486), Google's API Services User Data Policy, Microsoft's identity platform guidelines, and other applicable laws. By using the Service, you consent to the practices described herein.

2. Scope and Applicability

This Privacy Policy applies to all users of the Service, including:

  • Individuals, creators, and professionals.

  • Organizations and their members.

  • Educational institutions, staff, and students.

  • Visitors to our websites and applications.

3. Types of Personal Data Collected
We collect the following types of personal data, depending on how you use the Service:

  • Account Information: Name, email address, organization (if applicable), role, and other registration details.

  • User-Uploaded Content: Documents, files, links, databases, and other materials uploaded to the Knowledge Base.

  • Interaction Data: Prompts, responses, usage analytics (e.g., session duration, feature engagement), and insights from AI interactions.

  • Technical Data: IP addresses, device identifiers, browser types, and usage logs.

  • Behavioral Data: Interaction frequency, content preferences, and patterns to personalize the Service.

  • OAuth Data: When using Google or Microsoft sign-in or integrations, we may access basic profile information (e.g., name, email) with your consent.

  • Educational or Organizational Data: For affiliated users, anonymized metrics like progress insights or query trends.

4. Purposes of Data Collection

We collect and process personal data for the following purposes:

  • To provide and personalize the Service, including creating AI agents, deployments, and insights.

  • To improve the Service through analytics and AI enhancement.

  • To enable monetization features, such as subscription access.

  • To ensure safety and security, including content moderation.

  • Enabling agent owners to analyze anonymized interaction data for insights, with user consent.

  • With your explicit consent, to send marketing communications.

  • To comply with legal obligations.

5. Legal Basis for Processing

Our processing is based on:

  • Consent: For marketing or sensitive data.

  • Contractual Necessity: To fulfill Terms.

  • Legitimate Interests: For improvements and security.

6. Data Sharing and Third Parties
We may share personal data with:

  • Authorized Personnel: Within your organization.

  • Service Providers: For hosting or AI processing, under strict contracts.

  • Third-Party Integrations: With consent, e.g., chat platforms or OAuth providers.

  • We may share anonymized chat histories with agent owners for analysis; identifiable data requires explicit consent.

  • Legal Authorities: As required by law. We do not sell personal data.

7. User-Uploaded Content

Uploaded content is stored and processed to generate AI agents. We use encryption and controls to protect it.

8. Third-Party Integrations

Integrations may access data with consent. You can revoke permissions in settings. Review third-party policies.

9. Handling of Google and Microsoft User Data (OAuth Compliance)
When you use Google or Microsoft OAuth for sign-in or integrations (e.g., connecting Google Drive or Microsoft services for knowledge uploads):

  • Data Accessed: Basic profile info (name, email, profile picture) and, if authorized, access to files or data from connected services (e.g., documents for AI agent creation). We only request scopes necessary for functionality.

  • Data Usage: Used to authenticate users, personalize AI agents, and enable features like data syncing. Data is processed securely to provide the Service and is not used for unrelated purposes.

  • Data Sharing: Not shared with third parties except as needed for Service providers (e.g., cloud storage) under confidentiality agreements. No sharing for advertising.

  • Data Storage & Protection: Stored in secure, encrypted environments (AES-256 at rest, TLS 1.3 in transit) with role-based access, audits, and incident response.

  • Data Retention & Deletion: Retained while your account is active or as needed for the Service; deleted within 30 days of request or account termination. Request deletion at info@knobase.ai.

10. Cross-Border Data Transfers

Transfers outside Hong Kong use standard clauses to meet PDPO standards.

11. Data Retention

  • Account info: Until termination, deleted within 6 months.

  • Uploaded content: Deleted upon request.

  • Interaction data: Anonymized after 2 years.

  • Logs: 90 days.

12. Security Measures

Encryption, MFA, audits, breach notifications within 72 hours.

13. Children's Privacy

For users under 18: Require parental consent via email or organization. Strict filtering for safety.

14. Your Rights Under PDPO

Access, correct, delete, withdraw consent. Requests to info@knobase.ai, responded within 40 days.

15. Policy Updates

Notified 30 days in advance.

16. Contact Us

Data Protection Officer

Email: info@knobase.ai

Address: Metalympics Limited, Rm 16, Entrepreneurship Centre, 5/F, Core F, Cyberport 3