Knok (“Company”, “we”, “us”, or “our”) operates the website at https://knok.work and the email outreach and job-search automation application at https://app.knok.work (collectively, the “Platform” or “Services”). This Privacy Policy explains how we collect, use, store, process, disclose, and protect your personal information when you visit the Platform, create an account, connect your Gmail account, or otherwise use our Services.
This Privacy Policy is an electronic record under applicable information technology and privacy laws, including but not limited to the Information Technology Act, 2000 (India), the General Data Protection Regulation (EU/UK GDPR), the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), the Personal Information Protection and Electronic Documents Act (PIPEDA, Canada), the Privacy Act 1988 (Australia), the Lei Geral de Proteção de Dados (LGPD, Brazil), and other applicable privacy laws in the jurisdictions where our Services are offered. It does not require any physical, electronic, or digital signature.
By accessing or using the Platform, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please do not use the Platform. This Privacy Policy must be read together with our Terms of Service.
1. Information we collect
We collect information that is necessary to provide, improve, and secure our Services. We practice data minimization and collect only what is required for the stated purposes.
1.1 Information you provide
When you register or use the Platform, you may voluntarily provide:
Account information: your name, email address, and profile information received through Google OAuth sign-in.
Gmail authorization: your explicit consent to connect your Gmail account so we can send emails on your behalf.
Contact data: names, email addresses, and other fields you upload via CSV or enter manually.
Job-search data: your resume, job preferences, target roles, locations, and outreach messages you provide to use our job-search automation features.
Communications: support requests, feedback, or any other information you send to us.
All information you provide must be accurate and lawful. You are responsible for ensuring that you have the right to upload and use any contact data, including obtaining necessary consent from recipients.
1.2 Automatically collected information
When you use the Platform, we automatically collect:
Device and usage data: IP address, browser type and version, operating system, device identifiers, pages visited, time spent, referral source, and interaction data.
Log data: server logs containing request details, timestamps, error reports, and diagnostic information.
Location data: approximate location derived from your IP address for analytics and security purposes. We do not collect precise geolocation.
Email engagement data: open events, click events, reply events, bounce events, and unsubscribe events related to campaigns you send.
1.3 Information from third parties
We receive information from:
Google: when you sign in or connect Gmail, we receive your email address, name, profile picture, and an OAuth token required to send emails.
Analytics providers: aggregated or anonymized usage data from Google Analytics.
Hosting and infrastructure providers: operational and security logs.
2. Gmail access and limited use
Knok uses the Gmail API to send emails that you compose and approve. When you connect your Gmail account, you authorize Knok to use the following Google API scopes:
https://www.googleapis.com/auth/gmail.send — to send emails you compose and approve through your Gmail account.
https://www.googleapis.com/auth/userinfo.email — to identify your account.
https://www.googleapis.com/auth/userinfo.profile — to display your name and profile picture.
openid — to authenticate you securely.
We do not request https://www.googleapis.com/auth/gmail.readonly or https://www.googleapis.com/auth/gmail.modify. We do not read, search, download, modify, or delete your emails, inbox, sent mail, contacts, drafts, labels, or settings. We only send emails that you explicitly create and initiate.
Your Gmail password is never stored or accessed by Knok. OAuth access and refresh tokens are encrypted at rest using industry-standard encryption and are only decrypted in memory at the moment an email is sent. Our use of Gmail data complies with the Google API Services User Data Policy, including the Limited Use requirements.
You can review or revoke Knok’s access to your Gmail account at any time by visiting your Google Account permissions page or by disconnecting your account within the Platform.
3. How we use your information
We use your information to:
Provide, operate, and maintain the Services, including authentication and account management.
Send emails you explicitly compose and approve through your connected Gmail account.
Display campaign analytics such as delivery, open, click, reply, and bounce counts.
Schedule, queue, and throttle email sends to comply with provider limits and maintain deliverability.
Detect, prevent, and respond to abuse, fraud, security incidents, and violations of our Terms.
Communicate with you about your account, updates, support requests, and service-related notices.
Analyze usage trends, troubleshoot issues, and improve the Platform.
Comply with legal obligations and enforce our Terms of Service.
We do not sell, rent, or share your personal information or contact lists with third parties for their own marketing purposes.
4. Legal basis for processing
We process your personal information based on the following legal grounds, where applicable:
Contract performance: to provide the Services you requested and maintain your account.
Consent: where you explicitly agree, such as connecting your Gmail account or accepting non-essential cookies.
Legitimate interests: to improve our Services, ensure security, prevent fraud, and enforce our Terms.
Legal obligation: to comply with applicable laws, regulations, court orders, or lawful requests.
5. Cookies and similar technologies
We use cookies and similar technologies to operate and improve the Platform. These include:
Strictly necessary cookies: required for authentication, security, and core Platform functionality.
Performance cookies: used for analytics, such as Google Analytics, to understand how visitors use the Platform.
Functional cookies: used to remember your preferences and improve your experience.
You can manage your cookie preferences through the cookie banner on our marketing site or through your browser settings. Declining non-essential cookies may limit some analytics features but will not prevent you from using the core Services.
6. How we share your information
We do not sell your personal information. We share data only in the following circumstances:
Service providers: we engage trusted vendors to provide hosting (GoDaddy, RackNerd), DNS/CDN (Cloudflare), analytics (Google Analytics), email infrastructure, and customer support. These providers process data only on our behalf and under contractual confidentiality and security obligations.
Legal compliance: we may disclose information if required by law, court order, regulatory process, or lawful government request.
Protection of rights: we may disclose information to protect our rights, property, safety, or the rights, property, or safety of our users or the public.
Business transfers: in connection with a merger, acquisition, financing, or sale of assets, we may transfer information under confidentiality and notice obligations.
7. International data transfers
Your information may be processed or stored on servers located in the United States, India, or other countries where our service providers operate. When we transfer personal data internationally, we implement appropriate safeguards, including:
EU Standard Contractual Clauses for transfers outside the European Economic Area.
UK International Data Transfer Agreement or Addendum for transfers from the United Kingdom.
Adequacy decisions where recognized by applicable regulators.
Encryption and contractual protections.
8. Data retention and deletion
We retain your information for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy, or as required by applicable law:
Account data: retained while your account is active and for a reasonable period thereafter.
Campaign and contact data: retained while your account is active unless you delete it earlier.
Job-search data: retained while you use the feature or until you delete it.
OAuth tokens: retained only while your Gmail account remains connected and are deleted when you disconnect.
Log data: retained for a limited period for security, debugging, and legal compliance.
Legal obligations: certain records may be retained longer where required by tax, financial, consumer protection, or other applicable laws.
When you delete your account or specific data, we remove it from active systems within 30 days, except where retention is required by law or for legitimate security or legal purposes. Some residual copies may remain in backups for a limited period.
9. Data security
We implement reasonable technical and organizational security measures to protect your information, including:
HTTPS/TLS encryption for data in transit.
Encrypted storage for OAuth tokens and sensitive data at rest.
Role-based access controls and multi-factor authentication for production systems.
Regular security reviews, monitoring, and vulnerability management.
Incident response procedures for detecting, containing, and reporting security incidents.
No system is completely secure. You are responsible for maintaining the confidentiality of your Google account credentials and for notifying us of any unauthorized use of your account.
10. Data breach response
In the event of a personal data breach, we will:
Assess the breach and take immediate steps to contain it.
Notify relevant supervisory authorities within legally required timeframes, such as 72 hours under GDPR where applicable.
Notify affected individuals without undue delay where required by law.
Provide clear information about the breach and recommended protective measures.
11. Your rights and choices
Depending on your jurisdiction, you may have the following rights:
Right to access: request a copy of the personal information we hold about you.
Right to rectification: request correction of inaccurate or incomplete information.
Right to erasure/deletion: request deletion of your personal information, subject to legal retention requirements.
Right to restrict processing: request limitation on how we process your data in certain circumstances.
Right to data portability: request your data in a structured, commonly used, machine-readable format.
Right to object: object to processing based on legitimate interests, including direct marketing.
Right to withdraw consent: withdraw consent for optional processing at any time.
11.1 California residents (CCPA/CPRA)
If you are a California resident, you have the right to:
Know what personal information is collected, used, shared, or sold.
Delete personal information subject to certain exceptions.
Opt out of the sale of personal information (we do not sell personal information).
Correct inaccurate personal information.
Non-discrimination for exercising your privacy rights.
11.2 EU/UK residents (GDPR/UK GDPR)
If you are in the European Union or United Kingdom, you have the rights listed above under GDPR Articles 15–22, plus the right to lodge a complaint with a supervisory authority.
11.3 Exercising your rights
To exercise any of these rights, contact us at shaurya29.works@gmail.com. We will verify your identity and respond within the timeframe required by applicable law, typically 30 days under GDPR or 45 days under CCPA. There is no fee for most requests unless they are excessive or repetitive.
12. Children's privacy
The Platform is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately and we will take steps to delete it.
13. Third-party links and services
The Platform may contain links to third-party websites, services, or resources, including Google services. We are not responsible for the privacy practices, content, or security of those third parties. We encourage you to review their privacy policies before providing any information.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be notified through prominent notices on the Platform or by email, with advance notice where required by law. The “Last updated” date at the top of this page indicates when the policy was last revised. Your continued use of the Platform after changes take effect constitutes acceptance of the updated Privacy Policy.
15. Contact us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at: