Last updated: May 27, 2026
1. Data Controller
Nyx Intelligence, the trading name of Arthur Dimeglio, a sole proprietor (entrepreneur individuel) registered in France ("Nyx Intelligence", "we", "us") is the data controller for personal data processed through Koan (koan.nyx-intelligence.com). Koan is an AI inbox agent that triages incoming messages, drafts replies in your voice, and follows up so you capture revenue you would otherwise leave on the table.
2. Data We Collect
Account data
- Email address (for authentication)
- Subscription tier and payment status (via Stripe)
- Account creation date
- Business profile and the voice and rules you enter
Connected inboxes & messages
To triage and reply, Koan connects to the email or messaging accounts you authorize and processes the messages within them.
- OAuth access tokens and identifiers for connected email or messaging accounts
- The content of messages you ask Koan to triage, draft replies for, or follow up on
- Contacts and conversation history needed to keep context
- Draft and sent replies generated through Koan
Usage data
- Pages viewed and features used (via Vercel Analytics and PostHog)
- Browser type, device, and approximate location (country level)
- Performance metrics (Core Web Vitals via Vercel Speed Insights)
Product analytics (PostHog) run on EU infrastructure and are only enabled after you consent via the cookie banner. Analytics are used in aggregate, never sold, and never used for advertising.
Data we do NOT collect
- We do not sell personal data to third parties
- We do not use personal data for advertising or profiling
3. How We Use Your Data
- To provide and operate Koan and its features
- Authentication and account management
- Subscription billing via Stripe
- Platform performance monitoring and security
- Responding to your requests and support
The legal bases for this processing are the performance of our contract with you (providing the service), your consent (optional analytics), and our legitimate interest in securing and improving the platform.
4. Third-Party Services (Sub-processors)
| Service | Purpose | Data shared |
|---|---|---|
| Supabase (EU) | Authentication, database, storage | Email, user ID, your content |
| Stripe | Payment processing | Email, payment method |
| Vercel | Hosting, anonymous analytics | Anonymous usage metrics |
| PostHog (EU) | Product analytics (consent-based) | Anonymous usage metrics |
| Anthropic | AI triage and reply drafting | Message content and your drafts |
| Email / messaging providers | Reading and sending messages you authorize | Message content via OAuth |
5. Data Retention
- Account data: retained while your account is active, deleted within 30 days of account closure
- Usage analytics: anonymized, retained for up to 12 months
- Payment records: retained as required by tax law (typically 7 years)
6. Your Rights (GDPR)
Under the EU General Data Protection Regulation and French data protection law, you have the right to:
- Access: request a copy of your personal data
- Rectification: correct inaccurate data
- Erasure: request deletion of your data ("right to be forgotten")
- Portability: receive your data in a structured, machine-readable format
- Objection: object to processing based on legitimate interest
- Restriction: request limited processing
- Withdraw consent: at any time, for consent-based processing such as analytics
To exercise these rights, email privacy@nyx-intelligence.com. You also have the right to lodge a complaint with the CNIL, the French data protection authority (www.cnil.fr).
7. Cookies
We use essential cookies for authentication and, with your consent, optional analytics cookies. See our Cookie Policy for the full list.
8. Security
- TLS encryption for all data in transit
- Row-level security in our Supabase database
- No plaintext password storage (handled by Supabase Auth)
- Access to connected third-party accounts is scoped to what the service needs and revocable at any time
9. International Transfers
Data is processed primarily in the EU (Supabase EU, PostHog EU, and Nyx Intelligence in France). Some processing may occur in the United States (e.g. Vercel, Stripe). We rely on appropriate safeguards such as the EU Standard Contractual Clauses for any cross-border transfers, in line with the GDPR.
10. Children
Koan is not intended for anyone under 16, and we do not knowingly collect data from children.
11. Changes
We may update this policy. Material changes will be notified in-app or by email. Continued use after an update constitutes acceptance.
12. Contact
Data protection contact: privacy@nyx-intelligence.com
Nyx Intelligence, the trading name of Arthur Dimeglio, a sole proprietor (entrepreneur individuel) registered in France.