Effective August 20, 2025
(or the date you acknowledge this updated Privacy Policy within our Services, if earlier)
Epiphanymind ("we," "us," or "our") is an AI safety and research company working to build reliable, interpretable, and steerable AI systems under the product name K2Sonnet. This Privacy Policy explains how we collect, use, disclose, and process your personal data when you use our website and other places where Epiphanymind acts as a data controller—for example, when you interact with K2Sonnet or other products as a consumer for personal use ("Services") or when Epiphanymind operates and provides our commercial customers and their end users with access to our commercial products ("Commercial Services").
This Privacy Policy does not apply where Epiphanymind acts as a data processor and processes personal data on behalf of commercial customers using our Commercial Services—for example, if your employer provisions you a K2Sonnet for Work account. In those cases, the commercial customer is the data controller; please review their policies for how they handle your data.
Please see our Non-User Privacy Policy for information on how our large language models are trained and how personal data from third-party sources may be used when developing or delivering our products and services.
This Privacy Policy also describes your privacy rights. More information about these rights, and how to exercise them, is in Section 4 ("Rights and Choices").
1. Collection of Personal Data
We collect the following categories of personal data:
Personal data you provide directly
- Identity and Contact Data (e.g., name, email, phone) when you sign up for a K2Sonnet account or request information.
- Payment Information if you purchase access to K2Sonnet or related services.
- Inputs and Outputs ("Prompts" and "Inputs" you submit; "Responses" and "Outputs" we generate), including third-party integrations you enable. Any personal data included in your Inputs will be collected and may appear in Outputs.
- Feedback you submit (e.g., ratings, suggestions). If you thumb up/down an Output, we store the entire conversation thread.
- Communication Information when you contact us (e.g., via chat), including the contents of your messages.
Personal data we receive automatically ("Technical Information")
- Device & Connection Info: device type, OS, browser, referrers, network, IP (and derived location), device or advertising identifiers, time zone, and—if you permit it—device location.
- Usage Info: dates/times of access, pages viewed, links clicked, search terms, and technology used.
- Log & Troubleshooting Info: performance logs, errors encountered, feature state at error time, and related communications.
- Cookies & Similar Technologies: cookies, scripts, and similar tools to recognize you, personalize your experience, market to you, and analyze service usage. See our Cookie Policy for details.
Personal data to train our models
We also obtain personal data from third-party sources to train our models, including:
- Publicly available data on the internet
- Commercially licensed datasets
- User-provided data (Inputs, Outputs, and Feedback, unless you opt out)
- Content flagged for safety/policy review
- Internally generated data
For more on model training data and privacy impact minimization, see our separate Non-User Privacy Policy.
2. Uses of Personal Data
Under applicable data protection laws, we use your personal data to:
- Provide, maintain, and facilitate K2Sonnet and related services under our Terms of Service
- Offer optional features that enhance functionality and user experience
- Communicate with you about our services and events
- Create and administer your K2Sonnet account
- Process payments for our products and services
- Prevent and investigate fraud, abuse, policy violations, and unlawful activity
- Debug, monitor security, resolve disputes, and improve performance
- Conduct research and improve our Services, including model training (unless you opt out)
- Enforce our Terms of Service and Usage Policy
3. How We Disclose Personal Data
We may share your data with:
- Affiliates & corporate partners for internal business purposes
- Service providers & business partners (e.g., hosting, auditing, research)
- During corporate transactions (e.g., merger, acquisition)
- Third-party sites & services you choose to interact with (subject to their policies)
- Regulatory or legal authorities as required by law or to protect rights and safety
- With your consent, when you direct us to disclose data
Our Subprocessor List details third parties we engage when acting as a data processor.
4. Rights and Choices
Depending on your jurisdiction, you may have rights to:
- Know what personal data we process about you
- Access & port your data
- Request deletion of your personal data or individual conversations
- Request correction of inaccurate data
- Object to or restrict processing
- Withdraw consent (without affecting prior lawful processing)
- Opt out of targeted marketing (we do not "sell" personal data)
- Not be subject to automated decisions producing legal or similarly significant effects
To exercise any of these rights, email privacy@k2sonnet.com. We may ask you to verify your identity.
5. Data Transfers
Your data may be transferred to servers in Hong Kong and other countries.
- Where transfers occur outside the EEA/UK, we rely on adequacy decisions or standard contractual clauses under GDPR.
- In limited cases, we rely on legal derogations for transfer.
6. Data Retention & Security
- We retain personal data as long as necessary for the purposes outlined, then delete, destroy, or anonymize it in accordance with applicable law.
- Aggregated or de-identified data may be retained indefinitely for research and service improvement.
- We implement appropriate technical and organizational measures to protect your data.
7. Children
Our Services are not for children under 18. If you become aware of a minor's data, contact us at privacy@k2sonnet.com; we will investigate and delete as appropriate.
8. Changes to Our Privacy Policy
We may update this policy. When we do, we'll notify you and update the Effective Date. You can review past versions in our Privacy Center.
9. Contact Information
- Epiphanymind, Hong Kong office
- Email us at privacy@k2sonnet.com or contact our DPO at dpo@k2sonnet.com
You may lodge complaints with supervisory authorities in your jurisdiction.
10. Legal Bases for Processing
| Purpose | Data Types | Legal Basis |
|---|---|---|
| Provide & maintain Services | Identity, Contact, Payment, Technical, Feedback, Inputs/Outputs | Contractual necessity |
| Enhance features & experience | Identity, Feedback, Inputs/Outputs, Technical | Consent (e.g., precise location), legitimate interests |
| Communicate marketing & announcements | Contact, Communication Info | Consent (for certain marketing), legitimate interests |
| Account administration & payments | Identity, Payment | Contractual necessity |
| Security, fraud prevention, investigations | Identity, Payment, Inputs/Outputs, Technical | Legitimate interests, legal obligation |
| Debugging & troubleshooting | Technical, Feedback | Legitimate interests |
| Research & improvement (incl. model training) | Feedback, Inputs/Outputs, partner data | Consent (where required), legitimate interests |
| Policy & terms enforcement | Identity, Inputs/Outputs, Technical | Contractual necessity, legitimate interests |
11. Supplemental Disclosures for Canada
- We process personal data based on your consent unless otherwise permitted by law.
- Data may be transferred to Hong Kong and other countries under our Subprocessor List.
- To exercise Canadian rights, email privacy@k2sonnet.com.