Kiln helps teams turn product links, product photos, brand context, campaign direction, and uploaded media into generated marketing assets. This policy applies to Kiln's website, app, account flows, product and campaign workflows, integrations, support, and related communications for users in the United States, European Union, United Kingdom, and Canada.

This policy does not cover third-party websites, stores, or services that you choose to connect or visit. Your use of Kiln is also governed by the Terms of Service.

• Account information, such as email address, authentication records, profile details, workspace or organization membership, and settings.
• Customer content, such as product URLs, product names and descriptions, product and brand images, campaign briefs, creative direction, uploaded media, feedback, and generated images or videos.
• Integration information, such as Shopify connection state, shop metadata, product records, product images, variants, pricing ranges, tags, vendors, product URLs, and import status when you choose to connect Shopify.
• Usage and technical information, such as device and browser data, app events, log data, approximate location derived from network information, cookies, local storage, and diagnostics.
• Communications, such as support requests, feedback submissions, transactional emails, and responses to emails we send.

Billing is not currently live, and Kiln does not currently collect payment card information.

• Provide, secure, maintain, and improve Kiln.
• Authenticate users, manage workspaces, and route account-related emails.
• Analyze product, brand, campaign, and Shopify product inputs; create previews, videos, exports, and related artifacts; and preserve project history.
• Connect optional integrations, process support requests, and respond to feedback.
• Detect, prevent, debug, and investigate misuse, security issues, service failures, or legal compliance needs.

When you connect Shopify, Kiln requests read-only product access so it can import active products and copy product images into your Kiln workspace. Kiln does not request Shopify customer, order, payment, fulfillment, or write scopes.

Shopify information Kiln processes is limited to the connected shop domain, shop ID, shop name, product IDs, product handles, product names, product descriptions, product status, product type, vendor, tags, product URLs, price ranges, variant metadata, media metadata, copied product images, import job status, and webhook delivery metadata.

Shopify OAuth token material is encrypted using AES-GCM with key versioning and is stored separately from browser-accessible code. Shopify integration data is processed primarily in the United States by Fieldwork and relevant subprocessors, including Supabase for database services, Cloudflare for Workers and object storage, Shopify for the connected integration, and metadata-only telemetry or observability providers where enabled.

If you uninstall the Shopify app, Kiln revokes local Shopify token material and stops future imports. Shopify catalog cache records, external links, and copied Shopify product images are deleted after Shopify sends the required shop redaction webhook or after Kiln's 48-hour uninstall safety net runs.

Generated campaign and photo outputs remain in your Kiln workspace after Shopify disconnect, uninstall, or shop redaction unless you delete those outputs or request workspace or account deletion.

Shopify may send privacy-law webhooks for customer data requests or customer redaction. Kiln acknowledges those requests, but Kiln does not store Shopify customer records through the current integration.

Kiln uses customer content to provide the service. Depending on the feature, we may send prompts, product facts, URLs, images, videos, generated assets, and related metadata to AI, media, browser-rendering, storage, observability, and infrastructure providers so they can process that information for Kiln.

We do not sell customer content or use private customer content to train general-purpose AI models for others. You may not upload Social Security numbers, payment card details, health information, children's data, or other regulated sensitive information to Kiln.

We share information with service providers and subprocessors that help operate Kiln, including Supabase, Cloudflare, Anthropic, fal.ai, Browserbase, PostHog, Laminar, Resend, Shopify, Linear, and renderer infrastructure, depending on which features are used and which providers are enabled.

• With your organization members, as needed to support shared workspace activity.
• With third parties you direct us to connect, such as Shopify.
• When required to comply with law, enforce agreements, or protect rights and safety.
• In connection with a merger, financing, acquisition, restructuring, or sale of assets, subject to appropriate protections.

We do not sell personal information or share it for cross-context behavioral advertising.

Kiln may use cookies, local storage, and similar technologies for authentication, security, preferences, analytics, feature flags, and product diagnostics. Analytics and telemetry are configured to avoid prompts, briefs, full URLs, media URLs, object keys, emails, names, tokens, and secrets.

Kiln does not use PostHog autocapture or session replay in production, and does not use ad pixels, retargeting, or audience syncing. Kiln does not currently respond to browser Do Not Track signals. Because we do not sell personal information or share it for cross-context behavioral advertising, we do not provide a separate sale or sharing opt-out link.

We keep information while your account, workspace, products, campaigns, generated assets, or integrations remain active, and as needed to provide Kiln, maintain security, preserve audit history, comply with law, resolve disputes, and enforce agreements. Backups, logs, and cached records may persist for a limited period after deletion or account closure.

Shopify token material is revoked on disconnect or uninstall. Shopify-sourced catalog cache records and copied Shopify product images are removed when Shopify sends a shop redaction webhook or when Kiln's uninstall safety net reaches the 48-hour deadline; generated campaign and photo outputs are retained as workspace outputs unless separately deleted.

When an account is deleted, account data and customer content associated with that account are deleted, subject to limited backup, security, legal, and fraud-prevention records that may persist where allowed or required by law.

You can ask us to access, correct, delete, or export personal information by emailing hello@usekiln.ai. We may need to verify your request and may retain information where allowed or required by law.

Depending on where you live and whether applicable law covers Kiln, you may have the right to know what personal information we collect, request access or deletion, correct inaccurate information, receive a copy of information, opt out of certain processing, restrict or object to processing, withdraw consent where processing is based on consent, limit certain uses of sensitive information, or appeal a decision.

We will not discriminate against you for exercising privacy rights. California residents may also have rights to opt out of sale, sharing, or certain sensitive-information uses, but Kiln does not sell personal information, share it for cross-context behavioral advertising, or use sensitive personal information for purposes that require a separate limitation link. To make a request, contact hello@usekiln.ai.

We use technical and organizational safeguards designed to protect information, including authenticated access controls, private storage for app artifacts, encryption in transit, and AES-GCM encryption for Shopify token material. No online service can guarantee absolute security.

Kiln is not directed to children under 13, or under 16 in the European Union or United Kingdom, and we do not knowingly collect personal information from children below those thresholds. If you believe a child has provided personal information to Kiln, contact us so we can take appropriate action.

We may update this policy from time to time. If changes are material, we will take reasonable steps to notify users, such as updating this page or providing an in-app or email notice.

Fieldwork Software Co. operates Kiln. For privacy questions or requests, email hello@usekiln.ai.