Introduction

Last updated: June 2, 2026

Kumbukum ("we", "us", "our") operates the kumbukum.com website and the Kumbukum service. This Privacy Policy explains what data we collect, how we use it, and your rights.

What we collect

Account information - email address, password hash, account/team membership, authentication settings, OAuth consents, API/MCP access tokens, and security events needed to operate your account.

Content you store - notes, memories, tags, saved URLs, extracted or crawled page text, email messages and email metadata, projects, graph links and relationships, Git sync repository settings and imported markdown or commit context, and any other data you save through the app, API, browser extension, email forwarding, Git sync, or MCP tools.

Usage data - basic server logs such as IP address, request timestamps, user agent, requested endpoint, and operational telemetry for security, abuse prevention, debugging, and reliability. We do not use analytics trackers.

Payment information - processed by our payment provider. We never store credit card numbers.

How we use your data

We use your data to provide and maintain Kumbukum, authenticate and secure your account, store and retrieve your knowledge, power search and graph features, ingest email and URLs, run requested Git sync operations, respond to support requests, and maintain service reliability.

When you connect Kumbukum to an MCP-compatible client or other authorized app, that client can request the data and actions allowed by the scopes you approve. MCP tools may return notes, memories, URLs, crawled pages, emails, projects, graph links, Git sync data, excerpts, search results, and item identifiers needed for follow-up tool calls.

When you use AI features or connect an AI client, relevant content may be sent to the model or provider you select only to fulfill your request. We do not use your content to train AI models.

What we do NOT do with your data

We do not use your notes, memories, emails, URLs, graph data, or other stored content to train AI models.

We do not mine your content for advertising, sell it, rent it, or share it with third parties for marketing or commercial profiling.

We do not serve ads.

Data storage and security

Your data is stored on secure servers. All connections are encrypted via TLS. Passwords are one-way encrypted. We apply reasonable security measures to protect your data, but no system is 100% secure.

You control which external clients and tools receive access. Revoke tokens, OAuth consents, and connected apps when you no longer want them to access your account.

Data retention and deletion

Your data is retained as long as your account is active. You can delete individual notes, memories, URLs, emails, graph links, projects, tokens, connected apps, or your entire account, where supported by the service.

When you delete your account, associated data is permanently removed from our systems within 30 days, except where we must retain limited records for security, legal, billing, or abuse-prevention reasons.

Your rights

You have the right to access the data we hold about you, export your data, delete your data and account, revoke connected apps and access tokens, and request corrections to your personal information.

Cookies

We use a session cookie to keep you logged in. We do not use tracking cookies, third-party cookies, or fingerprinting.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or a notice on the site. The "Last updated" date reflects the most recent revision.

Contact

Questions? Email us at hi@kumbukum.com.