Privacy Policy

Last updated: May 24, 2026 · Effective immediately

CHYNJ Technologies ("CHYNJ", "we", "us") builds self-hosted software. This policy explains what data we collect, what we do with it, and what rights you have. The short version: we collect as little as possible, we never sell anything, and most of our products store your data only on your own device.

1. Who we are

CHYNJ Technologies is a software company based in British Columbia, Canada. You can reach our privacy contact at privacy@chynj.ca.

2. The products this policy covers

• Kaptain — an AI orchestration platform that runs on your own machine.
• Konnect — a mobile lead-capture app for Android.
• Konvertex — a desktop neural-voice studio.
• chynj.ca — this website.

3. What we collect — and don't

From our products (Kaptain, Konnect, Konvertex): Effectively nothing. These run on your own hardware, store data locally, and do not phone home. We do not receive telemetry, usage data, or your content.

From subscribers and trial users (via Stripe): Payment itself is processed by Stripe — we never see or store your full card number, CVC, or PIN. What Stripe does forward to us, and what we therefore hold, is the minimum needed to provision and manage your subscription:

• The email address you provide at checkout
• Your country (used for tax handling)
• Subscription lifecycle events — created, renewed, payment succeeded, payment failed, canceled
• The last 4 digits and card brand of your payment method (so we can include them on receipts if you ask)
• The license key we issue back to you, linked to the above

That's the entire record. Stripe holds the actual payment instrument and is the controller for it; their privacy practices govern that side. We are the controller for the email and license-key records described above.

From this website (chynj.ca): Two things, both privacy-respecting:

• Cloudflare edge logs — standard request logs (IP, user agent, timestamp, URL) retained by Cloudflare for short windows for abuse prevention and performance debugging.
• Cloudflare Web Analytics — aggregate pageview, country, referrer, and Core Web Vitals data. Cookieless. No cross-site tracking. No fingerprinting. No data sold or shared. See Cloudflare's writeup on how it works.

We do not run Google Analytics, Facebook Pixel, ad-tech, session-replay tools, or marketing cookies. The only client-side storage we set is a single dismiss-state for the privacy notice banner (a localStorage flag, not a cookie, not shared with anyone).

From you directly: If you email us, we keep the email so we can reply.

4. What we never do

• We do not sell your data.
• We do not share your data with advertisers or data brokers.
• We do not run third-party advertising on chynj.ca.
• We do not collect biometric data.
• We do not knowingly collect data from children under 13.

5. Where your data lives

Kaptain stores everything on the machine you install it on. Konnect stores leads on the phone you install it on. Konvertex stores generated audio on the laptop you install it on. Subscriber records and license-key metadata are stored in Cloudflare D1 (a hosted SQL service); see the Cloudflare privacy policy for their sub-processor details.

6. Lawful basis for processing (GDPR Art. 6)

Where the General Data Protection Regulation (GDPR), UK GDPR, or comparable laws apply, we rely on the following lawful bases:

• Contract (Art. 6(1)(b)) — processing your email address and license-key data is necessary to provide the service you purchased.
• Legitimate interests (Art. 6(1)(f)) — short-lived Cloudflare edge logs and cookieless aggregate analytics, used to keep the site online and improve it. The interest is narrow (operate the service) and the data is not used to profile you.
• Consent (Art. 6(1)(a)) — for any future feature that requires it, we will ask before processing and you can withdraw at any time.
• Legal obligation (Art. 6(1)(c)) — tax records, fraud investigations, or other legally required retention.

7. Purposes of processing

• Service provision — issuing license keys, validating subscriptions, sending receipts, responding to support requests.
• Service operation — preventing abuse, maintaining uptime, debugging.
• Service improvement — aggregate, anonymous understanding of which pages people read.
• Compliance — meeting tax, accounting, and legal obligations.

8. Retention

We keep personal data only as long as needed for the purposes above:

• Subscriber records (email, license keys, subscription events): for the life of your subscription, plus up to 7 years afterward to meet Canadian tax and accounting requirements.
• Support emails: kept indefinitely so we can reference prior conversations; you can request deletion at any time.
• Cloudflare edge logs: retained by Cloudflare per their default policy (short windows, typically days).
• Aggregate analytics: indefinite, but contains no personal data — it's counts and country-level rollups.

9. Your rights as a data subject (GDPR Art. 15–22, UK GDPR, CCPA)

If GDPR, UK GDPR, the CCPA, or a comparable framework applies to you, you have the right to:

• Access the personal data we hold about you (Art. 15).
• Rectify inaccurate or incomplete data (Art. 16).
• Erase your data, subject to overriding legal obligations (Art. 17 / "right to be forgotten").
• Restrict processing in certain circumstances (Art. 18).
• Portability — receive a copy of your data in a machine-readable format (Art. 20).
• Object to processing based on legitimate interests (Art. 21).
• Withdraw consent at any time where processing is based on consent (Art. 7(3)).
• Not be subject to automated decision-making with legal effect on you (Art. 22). We do not perform any such automated decision-making.
• CCPA-specific — "Do Not Sell or Share" your data. We don't sell or share, ever, regardless of jurisdiction.

To exercise any of these rights, email privacy@chynj.ca. We respond within 30 days. Because we collect very little, most requests resolve quickly to "here is your record" or "deleted, confirmed". We honor these rights globally, regardless of where you live.

10. Children

Our services are not directed at children under 13 (or under 16 in jurisdictions where that is the digital-consent age). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, email privacy@chynj.ca and we will delete it.

11. Security

License-key data is transmitted over HTTPS and stored encrypted at rest by Cloudflare D1. The Kaptain, Konnect, and Konvertex applications run on your own hardware — their security model is whatever you apply to that hardware. We publish security policy at security.txt; report vulnerabilities to security@chynj.ca.

12. International transfers

CHYNJ Technologies is based in Canada. Cloudflare and Stripe may process data in jurisdictions outside Canada (the United States and elsewhere) per their standard infrastructure. Where required (e.g. transfers from the EU/UK to the US), our sub-processors rely on the European Commission's Standard Contractual Clauses and equivalent UK transfer mechanisms.

13. Sub-processors

We use the following third-party services to operate CHYNJ:

• Cloudflare — website hosting (Pages), edge network, D1 database (subscriber + license records), R2 binary storage, Web Analytics (cookieless aggregate pageviews), Email Routing (forwarding inbound mail to our team inbox).
• Stripe — payment processing for subscriptions. Stripe is also an independent controller for the payment-instrument data it holds directly.

We do not use any ad-tech, marketing-automation, or session-replay sub-processors. If we add a new sub-processor, we will update this list and notify subscribers by email before they begin processing.

14. Data controller & contact

CHYNJ Technologies is the data controller for the personal data described in this policy. Our designated privacy contact (acting in the capacity of a DPO for inquiries) is reachable at:

• Privacy contact: privacy@chynj.ca
• Legal: legal@chynj.ca
• Security disclosures: security@chynj.ca

We are not required to formally appoint a Data Protection Officer under GDPR Art. 37, as we do not engage in large-scale processing of special-category data or systematic monitoring. Our privacy contact handles the equivalent function.

15. Supervisory authority

If you are in the EU or UK and believe we have mishandled your data, you have the right to lodge a complaint with your local supervisory authority. A list of EU supervisory authorities is published by the European Data Protection Board; UK residents can contact the Information Commissioner's Office (ICO). Canadian residents can contact the Office of the Privacy Commissioner of Canada (OPC). We’d prefer you give us a chance to make it right first, but you don't have to.

16. Changes to this policy

If we materially change this policy we will update the "Last updated" date at the top, and for subscribers we will send notice by email. Continued use of our products after a change constitutes acceptance of the updated policy.

17. Contact

Questions, requests, or complaints: privacy@chynj.ca.

← Back to CHYNJ  ·  Read the Terms of Service