Back to Kachd

Privacy Policy

Effective date: March 18, 2026

Last updated: April 29, 2026

Kachd ("the Platform") is operated by NorfBay LLC ("NorfBay," "we," "us"). Kachd is a trade name and product brand of NorfBay LLC. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using kachd.com or any Kachd application you agree to the practices described here.

Legal Entity

This service is operated by NorfBay LLC. For legal correspondence, contact legal@kachd.com.

1. Information We Collect

1.1 Account information

When you sign up we collect your email address, username, and optional display name. Authentication is handled by Better Auth; we receive your verified identity but never see or store your password.

1.2 Profile information

You may optionally add a profile avatar, bio, and custom status. Avatars are stored on Cloudflare R2 and served through our CDN.

1.3 Content you create

  • Messages sent in community channels, threads, and direct messages.
  • Files uploaded to file channels or as chat attachments.
  • Communities, channels, products, and other structures you create.
  • Reactions, pins, and reports you submit.

1.4 Payment information

All payment processing is handled by Stripe. We store your Stripe customer ID and transaction metadata (amounts, dates, subscription status) but never receive or store credit card numbers, bank account details, or other financial credentials. Sellers who receive payouts connect their Stripe account directly with Stripe Connect.

1.5 Automatically collected data

  • IP address and approximate geolocation (country level) for rate limiting and abuse prevention.
  • Browser type, operating system, and device information from standard HTTP headers.
  • Timestamps of actions (message sent, file downloaded, login) for service operation.

1.6 Information we do NOT collect

  • We do not use tracking pixels, third-party analytics, or advertising cookies.
  • We do not scan the contents of your uploaded files for advertising or profiling purposes.
  • We do not build behavioral profiles or sell data to data brokers.

2. How We Use Your Information

  • Operate the service: Deliver messages, serve files, process uploads, and maintain real-time features.
  • Process payments: Handle subscriptions, file purchases, community access fees, and creator payouts.
  • Enforce policies: Detect abuse, enforce rate limits, process DMCA requests, and moderate reported content.
  • Communicate with you: Send transactional notifications (payment receipts, account security alerts). We do not send marketing emails.
  • Improve the Platform: Diagnose errors, monitor performance, and plan capacity.

3. How We Store Your Data

3.1 File storage

Uploaded files are stored on Cloudflare R2 using content-addressed storage. Files are deduplicated by SHA-256 hash, meaning identical files are stored only once regardless of how many users upload them. Files are accessed via time-limited presigned URLs, never via permanent public links.

3.2 Database

Account data, messages, and metadata are stored in a PostgreSQL database hosted by Neon with encryption at rest and in transit.

3.3 Authentication

User authentication and session management are provided by Better Auth, which maintains its own security certifications and data handling practices.

3.4 Real-time communications

Real-time message delivery and presence indicators use Pusher Channels. Voice channels are routed through our self-hosted LiveKit server. Voice data is transmitted in real time and is not recorded or stored.

4. Data Sharing

We do not sell, rent, or trade your personal information. We share data only in these circumstances:

  • Service providers: Cloudflare (file storage, CDN, edge compute), Stripe (payments), Pusher (real-time messaging), and Neon (database hosting). Each provider processes data solely to deliver their service to us.
  • Legal requirements: When compelled by valid legal process, court order, or applicable law.
  • Safety: To protect the rights, safety, or property of NorfBay LLC, our users, or the public.
  • Business transfer: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

Community owners and moderators can see members' usernames, display names, avatars, and messages within their communities. They cannot access your email address, payment details, or data from other communities.

5. Data Retention and Deletion

5.1 Messages

Messages are hard-deleted when you or a moderator deletes them. There is no soft-delete, recycle bin, or recovery mechanism. Deleted messages are permanently removed from the database.

5.2 Files

When you delete a file, its reference is removed. Due to deduplication, the underlying storage object is deleted from R2 only when no other references to it remain (reference count reaches zero).

5.3 Account deletion

You may request complete account deletion by emailing privacy@kachd.com. Upon verification, we will delete your account record, profile data, and authentication credentials. Messages you sent will have their author information anonymized. Files you uploaded that are still referenced by other users will have their uploader association removed.

5.4 Backups

Database backups are retained for up to 7 days for disaster recovery. Deleted data will be purged from backups as they rotate.

6. Cookies and Local Storage

We use only essential cookies and local storage:

  • Authentication cookies: Set by Better Auth to maintain your login session.
  • Preferences: Theme, sidebar state, and notification settings stored in browser local storage.

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. No cookie consent banner is needed because we only use strictly necessary cookies.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your personal data.
  • Export your data in a machine-readable format.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, email privacy@kachd.com. We will respond within 30 days.

8. Security

  • All data in transit is encrypted via TLS 1.3.
  • All data at rest is encrypted (database, file storage).
  • File uploads are validated by MIME type, extension, and size before storage.
  • Server actions and API routes are protected by per-user rate limiting.
  • Authentication tokens are short-lived and rotated automatically.
  • Administrative actions require platform owner verification.

No system is perfectly secure. If you discover a security vulnerability, please report it responsibly to security@kachd.com.

9. International Users

NorfBay LLC operates the Platform from the United States. If you access the Platform from outside the US, your data may be transferred to and processed in the United States and other countries where our service providers operate. By using the Platform, you consent to this transfer.

10. Children's Privacy

The Platform is not intended for anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will promptly delete it. If you believe a child under 13 has provided us with personal information, please contact privacy@kachd.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top and, where appropriate, notify you via the Platform or email. Your continued use after changes take effect constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or requests, contact us at privacy@kachd.com.