1. What We Collect
Kyntic collects two categories of data: customer account data and network monitoring data.
Customer account data is provided by you during checkout and onboarding:
- Name and email address
- Phone number (for SMS alert delivery)
- Billing information (processed by Stripe we do not store credit card numbers)
- Site network configuration (IT and OT subnet CIDR ranges)
Network monitoring data is collected by the Kyntic appliance at your site:
- Network connection metadata: source/destination IP addresses, ports, protocols, timestamps, connection duration, byte counts
- Industrial protocol headers: Modbus function codes, DNP3 message types, EtherNet/IP CIP service codes
- Device inventory: IP addresses and protocol activity observed on your OT network
2. What We Do Not Collect
The Kyntic appliance is explicitly configured to never capture or store:
- Packet payloads or application-layer content
- File transfers or file contents
- Usernames, passwords, or authentication credentials observed on the network
- PLC program logic, register values, or process data
Only connection metadata and protocol headers are retained. The appliance cannot read the contents of your industrial process data.
3. How We Use Your Data
| Data | Purpose |
|---|---|
| Email address | Account communication and provisioning notifications |
| Phone number | SMS security alert delivery and query responses |
| Subnet ranges | Detection rule configuration |
| Network metadata | Security monitoring, anomaly detection, alert generation |
| Alert history | Compliance reporting and natural-language query responses |
4. How We Store Your Data
All network monitoring data is encrypted in transit using TLS 1.2 or higher and encrypted at rest using AES-256. Data is stored in AWS infrastructure in the us-east-1 region.
- Log bundles are stored in S3 with Object Lock (GOVERNANCE mode) preventing deletion for 7 years
- Alert records are stored in DynamoDB with automatic TTL expiration at 365 days
- Local copies on the appliance are stored in an encrypted SQLite database
5. Data Retention
- Network monitoring logs: 7 years (regulatory compliance retention period)
- Alert records in DynamoDB: 365 days (older alerts are available in S3 raw logs)
- Compliance reports: 7 years
- Account data: retained for the duration of the subscription plus 30 days after cancellation
6. Data Sharing
We do not sell, rent, or share your data with third parties for marketing purposes. Your data may be shared only in the following circumstances:
- With AWS as our infrastructure provider (data processing agreement in place)
- With Stripe for payment processing (Stripe's privacy policy applies to payment data)
- When required by law, subpoena, or valid legal process
- To protect the safety of any person or the security of our systems
7. Your Data Rights
You may request:
- A full export of your raw monitoring data at any time during your subscription
- Deletion of your account data within 30 days of subscription cancellation
- A copy of all data we hold about you (data subject access request)
- Correction of inaccurate account information
To exercise these rights, contact us via our contact form.
Note: network monitoring logs stored in S3 with Object Lock cannot be deleted before the retention period expires (7 years). This is a regulatory compliance requirement, not a choice. We can restrict access to this data but cannot delete it early.
8. Cookies and Tracking
The Kyntic website does not use cookies, analytics trackers, or any third-party tracking scripts. The website makes zero external HTTP requests beyond the HTML file itself. We do not track your browsing behavior.
9. Changes to This Policy
We will notify customers of material changes to this policy via email at least 30 days before the changes take effect.
10. Contact
For privacy questions or data requests, contact us at our contact form.