Privacy Policy
Last updated: May 6, 2026
Plain-English summary at the top, full details below. Have a licensed attorney review before commercial scale.
At a glance
Section titled “At a glance”- We are Applied Continuity LLC dba KnowledgeBricks, an Indiana LLC.
- We rely on third-party service providers for authentication, payments, database/backend, hosting and content delivery, AI/large language model services, error monitoring and analytics, and font delivery. A current list of sub-processors is available on request to support@knowledgebricks.com.
- When you ask a question through Ask a SME, the question text is logged and stored for product improvement and corpus development. Before storage, we run an automated PII redaction pass that replaces detected emails, phone numbers, SSNs, credit-card numbers, API keys, and secrets with placeholders.
- We do not sell or share your personal information for cross-context behavioral advertising.
- We do not use your subscriber data, your questions, or our Content to train third-party AI models, and our Terms forbid you from doing the same with our Content.
- You can email support@knowledgebricks.com at any time to access, correct, export, or delete your data.
1. Who we are
Section titled “1. Who we are”Applied Continuity LLC, an Indiana limited liability company doing business as KnowledgeBricks (“we”, “us”), operates knowledgebricks.com, estimating.knowledgebricks.com, and related services (collectively, the “Service”). This Policy covers all KnowledgeBricks properties unless a property posts its own policy that says otherwise. For purposes of GDPR, we are the data controller. For CCPA/CPRA purposes, we are a business.
For privacy questions, contact support@knowledgebricks.com with “Privacy Request” in the subject line.
2. Information we collect
Section titled “2. Information we collect”2.1 Account information
Section titled “2.1 Account information”When you create an account, our authentication provider processes your email address, password (hashed), name (if provided), and any third-party identity tokens (e.g., Google OAuth). The provider acts as our authentication processor; we receive an opaque user ID and limited profile information.
2.2 Billing information
Section titled “2.2 Billing information”When you subscribe, our payment processor collects and processes your payment instrument, billing address, and transaction history. We receive a customer ID, subscription status, and metadata about your plan, but never your full card number.
2.3 Subscription and access metadata
Section titled “2.3 Subscription and access metadata”We store your tier (free, standard, pro), entitlement timestamps, and any complimentary access flags in our application database. This is necessary to deliver the paid Service.
2.4 Ask a SME questions
Section titled “2.4 Ask a SME questions”When you submit a question through Ask a SME, we log:
- The question text, after automated PII redaction (see Section 3).
- The AI-generated answer returned to you.
- The tier under which the question was asked, whether the answer was paywall-locked, and how many citations were returned.
- A coarse timestamp and a bucketed indicator of recent question volume from your account or IP (used for the anonymous 3-questions-per-day rate limit and abuse detection).
- For anonymous askers, a hashed IP address used only for the daily rate limit. We do not store the raw IP in the questions log.
2.5 Server logs
Section titled “2.5 Server logs”Like most web services, our hosting and backend infrastructure generate operational logs that include IP address, user-agent, request path, response status, and latency. These logs are retained for up to 30 days and are used to operate, secure, and debug the Service.
2.6 Cookies and similar technologies
Section titled “2.6 Cookies and similar technologies”We use a small number of strictly necessary cookies and tokens — primarily to keep you signed in, to remember your dark/light mode choice, and to enforce rate limits. We do not use third-party advertising cookies.
2.7 Information we do not collect
Section titled “2.7 Information we do not collect”We do not knowingly collect data from anyone under 18. We do not request government IDs, financial account numbers, biometric data, or precise geolocation.
3. Automated PII redaction (questions log)
Section titled “3. Automated PII redaction (questions log)”Before any question is written to our database, the question text is processed by an automated redaction routine. The routine detects and replaces the following patterns with neutral placeholders such as [EMAIL], [PHONE], [SSN], [CARD], [KEY], [SECRET], [TOKEN], [NAME], and [IP]:
- Email addresses
- Phone numbers (US and international formats)
- US Social Security numbers
- Credit-card-shaped numeric strings (Luhn-style)
- API key prefixes (
sk_,pk_, AWS, GitHub tokens, and similar) - Bearer tokens and authorization headers
- Tokens embedded in URL query strings
- Names introduced as “my name is …” or “I am …”
- IPv4 addresses
Alongside the redacted text we store an aggregate, non-reversible summary of which categories were detected so we can monitor redaction effectiveness. We do not store the original raw text.
Automated redaction is a best-effort system. It will not catch every form of personal data. Please do not paste sensitive personal information, customer-confidential data, or trade secrets into Ask a SME. If you accidentally submit such data, email support@knowledgebricks.com and we will purge the affected row from our database and from any subsequent export.
4. Internal use of the questions log
Section titled “4. Internal use of the questions log”The redacted questions log is retained internally as part of our product-improvement corpus. Access is limited to KnowledgeBricks personnel. The log is not shared with third parties or used to train external AI models.
5. How we use information
Section titled “5. How we use information”We use the information described above to:
- Provide the Service and authenticate you.
- Process payments and manage subscriptions.
- Operate the Ask a SME feature, including retrieval and rate limiting.
- Improve our Content and retrieval pipeline by analyzing redacted question patterns at an aggregate level.
- Detect and prevent abuse, account sharing, fraud, and security incidents.
- Send transactional emails (account, billing, security). We do not send marketing emails without separate opt-in.
- Comply with legal obligations and enforce our Terms and Acceptable Use Policy.
Lawful bases (GDPR / UK GDPR)
Section titled “Lawful bases (GDPR / UK GDPR)”| Purpose | Lawful basis |
|---|---|
| Account creation, authentication, access | Performance of a contract |
| Payment processing | Performance of a contract |
| Operational logs, abuse prevention | Legitimate interests (security and Service integrity) |
| Question logging and aggregate analysis | Legitimate interests (product improvement) with PII redaction |
| Transactional emails | Performance of a contract |
| Marketing communications (if any) | Consent |
6. AI training
Section titled “6. AI training”We do not sell, license, or otherwise make subscriber data, the questions log, or our Content available for training, fine-tuning, or evaluation of any third-party AI model. Our sub-processors are contractually limited to processing data for the purpose of delivering their service to us; we have selected sub-processors that contractually do not use customer API content to train their general models. Specifically:
- Our AI / large language model service providers (used for embeddings and answer generation) are accessed via their commercial APIs, which by default do not retain or train on submitted content.
- We may use the redacted questions log internally to improve our own retrieval, ranking, and Content gaps. We do not export it to third parties for training.
The reciprocal restriction — that you may not use our Content to train any AI system — is in our Terms Section 8.
7. Sharing and disclosure
Section titled “7. Sharing and disclosure”We share information only with:
- Sub-processors that operate parts of the Service on our behalf (see Section 8).
- Professional advisors (attorneys, accountants, auditors) under confidentiality.
- Government authorities when required by valid legal process or to protect the rights, property, or safety of any person.
- Successors in connection with a merger, acquisition, or sale of assets, subject to a successor’s commitment to honor this Policy.
We do not sell personal information for monetary consideration, and we do not “share” personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.
8. Sub-processors
Section titled “8. Sub-processors”We engage sub-processors in the following categories to operate parts of the Service on our behalf:
| Category | Purpose |
|---|---|
| Hosting and content delivery provider | Hosting, serverless compute, edge cache |
| Authentication provider | Account creation, sign-in, session management |
| Database / backend service provider | Application database, file storage |
| Payment processor | Payment processing, billing, tax |
| AI / large language model service providers | Embeddings for retrieval and answer generation for Ask a SME |
| Error monitoring and analytics provider | Error reporting, product analytics |
| Transactional email provider | Account, billing, and security emails |
| Font delivery provider | Web font delivery |
A current list of the specific sub-processors in each category is available on request to support@knowledgebricks.com. We will update this disclosure when we add or change sub-processor categories. For changes that materially affect the categories of personal data processed, we will provide notice via the Service or email.
9. International transfers
Section titled “9. International transfers”Our Service is hosted in the United States. If you access it from outside the US — including the EU/EEA, UK, Canada, or Brazil — your information will be transferred to and processed in the United States. Where applicable, we rely on Standard Contractual Clauses (2021 EU SCCs, with the UK Addendum where relevant) with our sub-processors to safeguard transfers.
10. Retention
Section titled “10. Retention”| Data category | Retention |
|---|---|
| Account record | While your account is active, plus 30 days after deletion request |
| Billing records | 7 years (US tax retention) |
| Operational logs | Up to 30 days |
| Ask a SME questions log (redacted) | Indefinite, in aggregate; individual entries deleted on verified DSR request |
| Anonymous rate-limit counters | 24 hours |
11. Your rights
Section titled “11. Your rights”Depending on where you live, you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete data (“right to be forgotten” / right to deletion).
- Port data to another service in a structured, machine-readable format.
- Object to or restrict certain processing.
- Opt out of any “sale” or “sharing” — though we do not sell or share for advertising.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with your supervisory authority (EU/EEA, UK) or your state attorney general (California and similar).
To exercise any right, email support@knowledgebricks.com with “Privacy Request” in the subject line. We will verify your identity through your registered email and respond within 45 days (CCPA) or 30 days (GDPR), and may extend by an additional period as permitted by law if your request is complex.
We will not discriminate against you for exercising your privacy rights.
12. Security
Section titled “12. Security”We use commercially reasonable technical and organizational measures, including TLS in transit, encryption at rest at our sub-processors, scoped access tokens, principle-of-least-privilege database roles, and automated PII redaction in the questions log. No system is perfectly secure; if we become aware of a breach affecting your personal data we will notify you and applicable regulators within the timeframes required by law.
13. Children
Section titled “13. Children”The Service is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us personal information, contact support@knowledgebricks.com and we will delete it.
14. California-specific disclosures (CCPA / CPRA)
Section titled “14. California-specific disclosures (CCPA / CPRA)”In the past 12 months we have collected the categories of personal information described in Sections 2 and 2.4 (identifiers, commercial information, internet/network activity, and the contents of questions submitted to Ask a SME after redaction). We collect this information directly from you and from our sub-processors. We use it for the purposes described in Section 5. We have not sold personal information for monetary consideration and we have not “shared” personal information for cross-context behavioral advertising.
California residents may exercise the rights to know, delete, correct, and limit the use of sensitive personal information, and may designate an authorized agent to act on their behalf, by contacting support@knowledgebricks.com.
15. Changes to this Policy
Section titled “15. Changes to this Policy”We may update this Policy from time to time. The “Last updated” date at the top reflects the latest version. For material changes, we will notify you via the Service or by email at least fifteen (15) days before they take effect.
16. Contact
Section titled “16. Contact”Applied Continuity LLC dba KnowledgeBricks 6101 North Keystone, Suite 100 #1326 Indianapolis, IN 46220 United States support@knowledgebricks.com