Privacy Policy

useknockout ("we," "us," "our") operates the website useknockout.com and the background-removal API at api.useknockout.com. For questions about this policy, contact us at hi@useknockout.com.

Account data

When you sign up we collect your email address. If you sign in with Google OAuth we also receive your name and profile picture from Google.

Payment data

Billing is handled by Stripe. We never see or store your full card number. We store your Stripe customer ID to link your subscription to your account.

Usage data

We log each API call: endpoint, HTTP status, response latency, and timestamp. We use this to calculate billing, display your usage dashboard, and monitor service health. Logs are retained for 90 days.

Images

Images you send to the API are processed in memory on GPU workers and are not stored after the response is returned. We do not use your images for model training.

Automatic data

Like most websites, our servers record your IP address, browser type, and pages visited. Vercel (our hosting provider) and Cloudflare (our DNS/CDN provider) may collect similar data under their own privacy policies.

• Provide and maintain the service
• Process payments and send invoices via Stripe
• Send transactional emails (sign-in codes, billing receipts)
• Monitor for abuse, enforce rate limits, and prevent fraud
• Improve the API and website

We do not sell your personal data. We do not run third-party advertising trackers.

We share data with these providers only as needed to operate the service:

• Supabase — authentication and database (privacy policy)
• Stripe — payment processing (privacy policy)
• Vercel — website hosting (privacy policy)
• Modal — GPU compute for image processing (privacy policy)
• Cloudflare — DNS and email routing (privacy policy)
• Resend — transactional email delivery (privacy policy)

We use essential cookies only — a session cookie to keep you signed in. We do not use analytics cookies or tracking pixels. No cookie banner is required because we do not set non-essential cookies.

• Account data is retained until you delete your account.
• API usage logs are retained for 90 days, then deleted.
• Images are processed in memory and never persisted.
• Stripe retains payment data per their own retention policy (typically 7 years for tax/legal compliance).

You can at any time:

• Access — view your data on the dashboard or email us for an export.
• Delete — delete your account from dashboard settings. This removes your profile, tokens, and usage history.
• Correct — update your email from dashboard settings.
• Object / Restrict — email us at hi@useknockout.com and we will address your request within 30 days.

If you are in the EU/EEA, you have additional rights under GDPR. Contact us and we will comply.

API tokens are SHA-256 hashed before storage — we never store the raw token. Passwords are managed by Supabase Auth using bcrypt. All traffic is encrypted via TLS. We follow industry-standard practices but cannot guarantee absolute security.

useknockout is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided us personal data, contact us and we will delete it.

We may update this policy from time to time. Material changes will be posted here with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance.

Questions? Email hi@useknockout.com.