Last Modified: July 4, 2025 Thank you for your interest in Kernel Technologies, Inc., (“Kernel,” “we”, “our” or “us”). Kernel provides browser infrastructure for developers building agents and automation. This Privacy Notice explains how information about you, that directly identifies you, or that makes you identifiable (“personal information”) is collected, used and disclosed by Kernel in connection with our website at onkernel.com (the “Site”) and our services offered in connection with the Site (collectively with the Site, the “Service”).

1. Information We Collect

a. Information You Provide

Account Information: Name, email address, organization information, and login credentials when you create an account. Payment Information: Billing details if you purchase a paid plan. Communication Data: Feedback, support requests, or other messages you send us.

b. Automatically Collected Information

Usage Data: We log how you interact with our Services, including API requests, browser session start/end times, script execution logs, URLs visited by automated sessions, user agent strings, and success/failure status of automation tasks. Device Information: IP address, browser type, operating system, device identifiers, and connection metadata. Cookies and Tracking: We use cookies and similar technologies for authentication, session persistence, product analytics (e.g., feature usage, latency), and improvement. See Section 12 (Cookie Policy) for more detail. Browser Automation Data: When you run automated sessions via Kernel, we may collect metadata and logs related to the activity performed, such as the DOM structure accessed, screenshots, timing data, input/output events, and error traces. Unless explicitly configured by the customer, we do not store page content or full session video. Users are responsible for configuring privacy-sensitive automation appropriately.

2. How We Use Your Information

We use the information we collect to:
  • Provide and maintain our Services
  • Respond to your inquiries and support requests
  • Analyze usage patterns and improve the platform
  • Communicate with you about product updates, security alerts, or important notices
  • Prevent abuse, fraud, and ensure security and compliance

3. Sharing and Disclosure

We do not sell your personal information. We may share information with:
  • Service Providers who help operate our infrastructure (e.g., cloud providers, analytics vendors)
  • Subprocessors who process data on our behalf (see our Subprocessor List if applicable)
  • Legal Authorities if required by law or to protect our rights, users, or the public

a. Third Party Data Sharing requirements

Service Providers and Subprocessors: We share personal information with third-party vendors who provide infrastructure, analytics, logging, and support services. These subprocessors may receive log metadata, account identifiers, or automation telemetry as needed to operate the Service. A list of our current subprocessors is available here. Customer-Controlled End-User Data: If you use Kernel to automate workflows involving end-user data (e.g., filling forms), you are the data controller of that information. Kernel only processes this data as instructed via your automations and does not persist it beyond session scope unless you explicitly request storage or logging.

4. Data Retention

We retain your data as long as necessary to provide the Services and comply with legal obligations. You may request deletion of your account and associated data by contacting us at privacy@onkernel.com. We retain different categories of data for different periods:
  • Account Data: Retained until account deletion or 90 days after prolonged inactivity.
  • Automation Logs & Metadata: Retained for up to 30 days unless configured otherwise by the user.
  • Billing Records: Retained for 7 years to comply with financial regulations.
  • Backups: Encrypted backups containing metadata are retained for up to 35 days before being purged.
Upon deletion requests, we anonymize or delete data from active systems and backups within 30 days. You can initiate deletion via privacy@onkernel.com.

5. Your Rights

Depending on your location, you may have rights under applicable data protection laws (e.g., GDPR, CCPA), including:
  • Access to the data we hold about you
  • Request correction or deletion
  • Object to or restrict processing
  • Data portability

a. Privacy Rights Process

To exercise your privacy rights, please contact us at privacy@onkernel.com with the subject line “Privacy Request”. We may require verification, such as confirming your account details or providing proof of identity.
  • We respond within 30 days for GDPR/UK requests and within 45 days for CCPA/CPRA requests.
  • We may extend the response period by another 30 days (GDPR) or 45 days (CPRA) where necessary, in which case you will be notified.

6. Notice for California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with certain rights regarding your personal information.

a. Categories of Personal Information We Collect

In the past 12 months, we may have collected the following categories of personal information:
  • Identifiers (e.g., name, email address, IP address)
  • Commercial information (e.g., billing data, records of products purchased)
  • Internet or other electronic network activity (e.g., logs, session metadata)
  • Geolocation data (approximate IP-based location)
  • Professional or employment-related information (e.g., company name, role)

b. Your Rights Under CCPA/CPRA

As a California resident, you have the right to:
  • Know what categories of personal information we collect and use
  • Access the personal information we have about you
  • Delete your personal information (subject to certain exceptions)
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of personal information (we do not sell your data)
  • Limit the use and disclosure of sensitive personal information (if collected)
To exercise any of these rights, email us at privacy@onkernel.com or use our Privacy Request Form (if applicable). We may need to verify your identity before processing your request. We will not discriminate against you for exercising any of your CCPA/CPRA rights.

7. Notice for Users in the EU, EEA, and UK (GDPR)

If you are located in the European Union (EU), European Economic Area (EEA), or the United Kingdom (UK), you have certain rights under the General Data Protection Regulation (GDPR) and UK GDPR. We process your personal data on one or more of the following legal bases:
  • Contractual necessity — to provide and maintain the Services you’ve signed up for
  • Legitimate interests — to improve the platform, prevent abuse, and secure our systems
  • Consent — for optional features like marketing communications
  • Legal obligation — when required to comply with the law

b. Your Rights

Under GDPR, you may have the right to:
  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data (“right to be forgotten”)
  • Restrict or object to certain processing
  • Receive a copy of your data in portable format
  • Withdraw consent (for any processing based on consent)
To exercise these rights, contact us at privacy@onkernel.com. We may ask you to verify your identity before fulfilling your request.

c. International Data Transfers

If you use our Services from the EU/EEA or UK, your data may be transferred to and processed in countries outside of your jurisdiction, including the United States. Where applicable, we rely on:
  • Standard Contractual Clauses (SCCs)
  • Other lawful transfer mechanisms recognized under GDPR

d. Children’s Privacy

Our Services are not intended for children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal information from children. If we learn we have collected such data, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@onkernel.com.

8. HIPAA Considerations

While Kernel is not a Covered Entity under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), we may act as a Business Associate to customers who are Covered Entities or Business Associates themselves. Kernel is capable of supporting HIPAA-compliant use cases and can sign Business Associate Agreements (BAAs) with enterprise customers upon request. If your organization intends to process Protected Health Information (PHI) using Kernel, please request more information to initiate a BAA or learn more about our safeguards.

9. Security

We implement technical and organizational security measures, including:
  • Encryption in Transit and at Rest (TLS 1.2+ and AES-256)
  • Role-Based Access Controls for internal systems
  • Audit Logging and regular review of admin actions
  • Vulnerability Management and dependency scanning
  • Isolated Environments per customer
In the event of a data breach involving personal information, we will notify affected users and regulators as required by law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We’ll notify you of material changes via email or our website.

11. Contact Us

If you have questions or concerns about this Privacy Policy, contact us at: Kernel Technologies, Inc., 2093 Philadelphia Pike #8213 Claymont, DE 19703 privacy@onkernel.com