KarnaKarna
Legal

Privacy Policy

Last updated: April 2026

1. Introduction

Karna is an AI-first project management platform operated by Metafic ("we," "us," or "our"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Karna platform, including our website, web application, API, and related services (collectively, the "Service").

By accessing or using Karna, you agree to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

We collect the following categories of information to provide and improve the Service:

Account Data: When you create an account, we collect your name, email address, and authentication credentials. If you sign in via Google OAuth, we receive your name, email, and profile picture from Google.

Usage Data: We automatically collect information about how you interact with the Service, including pages visited, features used, timestamps, browser type, device information, and IP address.

Project Data: The content you create within the Service, including workspaces, projects, tasks, comments, attachments, custom fields, labels, and any other data you input or upload while using Karna.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Provision: To operate, maintain, and deliver the core features of Karna, including task management, collaboration, real-time updates, and AI capabilities.
  • Improvement: To analyze usage patterns, diagnose technical issues, and improve the performance, reliability, and user experience of the Service.
  • Communication: To send you transactional emails such as workspace invitations, password resets, and important service updates. We do not send unsolicited marketing emails.
  • Security: To detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity.

4. Data Storage & Security

We take the security of your data seriously. All data is encrypted at rest using industry-standard AES-256 encryption and in transit using TLS 1.2 or higher. Access to production systems is restricted to authorized personnel and protected by multi-factor authentication.

Authentication tokens are securely hashed, and passwords are stored using bcrypt with appropriate salt rounds. We conduct regular security reviews and maintain audit logs of all data access and modifications within the platform.

While we implement robust safeguards, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents.

5. AI & Data Processing

Karna includes AI-powered features such as intelligent task suggestions, workspace-aware chat, and automated agents. These features process your workspace data, including tasks, projects, comments, and other content, to provide contextual and relevant assistance.

Your data is NOT used to train external AI models. Workspace data processed by AI features is used solely to generate responses and recommendations within your workspace. We do not share your project data with third-party AI providers for the purpose of model training or improvement.

AI-generated embeddings (vector representations of your content) are stored securely within our database to enable semantic search and contextual features. These embeddings are scoped to your workspace and are not accessible to other users or organizations.

6. Third-Party Services

Karna integrates with the following third-party services to enhance functionality:

  • GitHub: When you connect a GitHub repository, we access repository metadata, commits, and pull requests to link development activity with your project tasks. We only access repositories you explicitly authorize.
  • Google OAuth: If you choose to sign in with Google, we receive basic profile information as described in Section 2. We do not access your Google Drive, Calendar, or other Google services.
  • Analytics: We use analytics tools to understand how the Service is used and to identify areas for improvement. Analytics data is aggregated and does not identify individual users.

Each third-party service operates under its own privacy policy. We encourage you to review the privacy practices of any third-party service you connect to Karna.

7. Your Rights

You have the following rights regarding your personal data:

  • Access: You may request a copy of the personal data we hold about you at any time.
  • Correction: You may update or correct inaccurate personal data through your profile settings or by contacting us directly.
  • Deletion: You may request the deletion of your account and associated personal data. Upon deletion, we will remove your data within 30 days, except where retention is required by law.
  • Data Export: You may request an export of your data in a structured, machine-readable format.

To exercise any of these rights, please contact us using the information provided in Section 10 below.

8. Cookies

Karna uses a limited number of cookies and similar technologies to operate the Service:

  • Session Cookies: Essential cookies used to maintain your authentication state and session preferences. These are required for the Service to function and cannot be disabled.
  • Analytics Cookies: Optional cookies used to collect aggregated usage data to help us improve the Service. These do not track you across other websites.

We also use browser localStorage to persist your authentication state, workspace selection, and user preferences locally on your device.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws. When we make material changes, we will notify you by email or through a prominent notice within the Service at least 14 days before the changes take effect.

We encourage you to review this page periodically to stay informed about how we protect your information. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us through our contact page.

Metafic is the data controller responsible for your personal information. We aim to respond to all privacy-related inquiries within 30 days.