Privacy Policy

Identity information: name, email address, hashed password, profile image URL, username.

Contacts: names, emails, phone numbers, cities, countries, coordinates, companies, job titles, tags, notes, birthdays, communication preferences.

Interactions: meeting type, date, location, notes linked to contacts.

Relationships: connections between contacts, introductions, favors, and reciprocity tracking.

Travel: visited countries, trip history (cities, dates, notes), country wishlist.

We do not collect browsing behavior, analytics, advertising identifiers, or any data beyond what you explicitly enter.

All data exists solely to power your personal network management. Konterra does not serve ads, sell data, share data with third parties for marketing, or monetize your information in any way.

Your data is used exclusively to render your dashboard, globe visualization, and network insights — visible only to you.

Database: Neon PostgreSQL hosted in EU (Frankfurt, aws-eu-central-1). Data is encrypted at rest (AES-256) and encrypted in transit (TLS/SSL).

Application hosting: Vercel (edge network with global PoPs). No persistent user data is stored on Vercel — it serves as compute only.

Backups are managed by Neon within the same EU region and subject to the same encryption standards.

Only you, the authenticated user, can access your data through the application.

Admin access exists for operational support only (e.g., debugging, account recovery). Admins cannot view passwords — they are irreversibly hashed with bcrypt.

No third party has access to your personal data. Konterra has no data-sharing agreements with any external entity.

HTTPS enforced on all connections with HSTS preload.

Passwords hashed with bcrypt (cost factor 10) — never stored in plain text.

JWT-based sessions with no server-side session storage.

Cascade-delete architecture: deleting your account removes all associated data immediately.

Security headers: X-Frame-Options (SAMEORIGIN), X-Content-Type-Options (nosniff), Strict-Transport-Security, Referrer-Policy (strict-origin-when-cross-origin), Permissions-Policy (camera, microphone, geolocation disabled).

No cookies beyond the authentication session token.

Export: you can export all your data at any time in JSON, CSV, or vCard format from the Settings panel.

Deletion: you can permanently delete your entire account and all associated data from the Settings panel. Deletion is immediate and irrecoverable.

Portability: exported data is in standard formats that can be imported into other tools.

Your data is retained for as long as your account is active.

Upon account deletion, all data (contacts, interactions, connections, favors, introductions, trips, tags, visited countries, wishlist) is permanently removed from the database. There is no soft-delete or recovery period.

Neon (neon.tech): database hosting. Subject to Neon's privacy policy. Only stores data you enter into Konterra.

Vercel (vercel.com): application hosting and serverless compute. No persistent user data stored.

OpenCage (opencagedata.com): geocoding service. Only city and country names are sent for coordinate lookup — no personal data, names, emails, or identifiers are transmitted.

For data requests, questions, or concerns about your privacy, contact us at: privacy@konterra.app