Privacy Policy

1. Overview

KYCIS Inc. (“KYCIS”, “we”, “us”) operates the website at kycis.com and provides engineering software products, including DPCloud and associated REST APIs. We are committed to handling the limited data we receive with care and transparency. This policy explains what information we collect, why, and how it is used.

KYCIS is incorporated in Alberta, Canada. This policy is governed by the laws of Alberta and the applicable federal privacy legislation of Canada (PIPEDA).

2. Information We Collect

We collect only the information necessary to operate our website and deliver our services:

• Contact form submissions: When you use the contact form on kycis.com, we collect your name and email address solely to respond to your inquiry. This information is not shared with third parties and is not used for marketing without your explicit consent.
• API usage data: Users of the DPCloud API submit fluid composition parameters (component fractions, temperature, pressure values) as part of calculation requests. This is engineering process data — it does not constitute personally identifiable information. API requests are logged for diagnostic purposes and retained for a maximum of 90 days.
• Website analytics: Our website may collect basic, anonymized usage statistics (pages visited, browser type, general geographic region) through server-side logs. We do not use third-party analytics platforms that track individual users across the web.
• API keys: If you are issued a DPCloud API key, we associate it with your contact information. API key usage is logged for rate-limiting, billing, and abuse prevention purposes.

3. What We Do Not Collect

KYCIS does not collect, store, or process:

• Financial account numbers, payment card data, or banking information
• Government-issued identification numbers
• Health or medical information
• Sensitive personal attributes (race, religion, political views, etc.)
• Passwords or authentication credentials beyond API key management

Our software products (DPCloud, calculation modules) operate on engineering data only and do not require or solicit personal information from end users in the field.

4. How We Use Your Information

• To respond to inquiries submitted through our contact form
• To provision and maintain API access for authorized users
• To diagnose technical issues and monitor system performance
• To comply with legal obligations

We do not sell, rent, or trade your personal information to third parties. We do not use your information for advertising or behavioural profiling.

5. Data Retention

Contact form inquiries are retained for a period sufficient to resolve the relevant matter, typically no longer than two years. API logs are retained for up to 90 days. API key records are retained for the duration of the business relationship and for a reasonable period thereafter as required by law.

6. Security

We implement appropriate technical and organizational measures to protect the information we hold. API communications are encrypted in transit (TLS). Access to stored data is restricted to authorized KYCIS personnel. However, no internet transmission or electronic storage system is completely secure, and we cannot guarantee absolute security.

7. Your Rights

If you are a Canadian resident, you have the right under PIPEDA to request access to personal information we hold about you, to request corrections, and to withdraw consent for use of your personal information in circumstances where consent is the legal basis for processing. To exercise these rights, contact us at the address below.

If you are located in the European Economic Area, you may have additional rights under the GDPR. Please contact us to discuss your specific situation.

8. Third-Party Links

Our website may contain links to external sites (for example, our API documentation portal). This Privacy Policy applies only to kycis.com. We encourage you to review the privacy policies of any third-party sites you visit.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the Effective Date at the top of this page. We encourage you to review this page periodically. Continued use of our website or services after any change constitutes your acceptance of the updated policy.

10. Analytics & Interactive Demo

When you visit the DPCloud interactive demo hosted on kycis.com (for example on the Products or Demo pages), we use a privacy-preserving analytics tool called PostHog so we can understand which parts of the demo visitors find useful and improve them over time. This section describes exactly what is collected during the demo, why, and how to opt out.

10.1   What we collect on the demo

• Page views and approximate time on page.
• Clicks on specific interactive elements — pipeline nodes, preset buttons, guided-tour steps, Integrate CTAs, and Copy buttons in the API examples.
• Browser family, device type, and coarse (city-level) geolocation derived from your IP address.
• A randomly generated pseudonymous session identifier, stored only in your browser’s memory for the duration of your visit and discarded when you close the tab.

We do not collect or store your name, email address, full IP address, or any API key you paste into the demo. We do not set third-party tracking cookies for analytics. The demo uses a small number of first-party localStorage entries to remember your UI preferences (panel split sizes, whether you have seen the onboarding tour, and your analytics opt-out choice). These entries never leave your browser.

10.2   Legal basis & opt-out

For visitors in the European Economic Area and the United Kingdom, our legal basis for processing this analytics data is our legitimate interest in operating and improving the DPCloud demo (GDPR Article 6(1)(f)). Because the processing is limited, first-party, and cookieless, we consider it to have a minimal impact on your privacy — but you may object at any time.

To opt out, click Opt out in the analytics notice bar shown at the bottom of the demo page on your first visit. Your choice is remembered in localStorage on that browser; no further events will be captured, and if the analytics SDK has already loaded we call its opt_out_capturing() method to stop in-page tracking immediately. You can reverse the decision by clearing site data for kycis.com in your browser and reloading the demo page.

10.3   Who processes this data

Role	Entity	Location
Data controller	KYCIS Inc.	Edmonton, Alberta, Canada
Data processor (analytics)	PostHog Inc.	United States (Delaware)

We have a Data Processing Addendum in place with PostHog Inc. that incorporates the EU Standard Contractual Clauses for international transfers. Demo analytics traffic is routed through a same-origin reverse proxy on kycis.com before reaching PostHog, so your browser never contacts a third-party analytics domain directly.

10.4   Retention

Event-level analytics data is retained for up to 12 months and then deleted or aggregated into non-identifying summary statistics. Aggregated, non-identifying usage statistics may be retained indefinitely.

10.5   Your rights regarding demo analytics

If you are in the European Economic Area, the United Kingdom, California, or another jurisdiction granting similar rights, you may request access to, correction of, or deletion of any data that identifies you personally. Because we do not associate demo analytics data with a persistent identifier or any personal detail you provide, we cannot in most cases link events back to a specific individual — but if you believe an event can be tied to you, write to api@kycis.com and we will investigate and delete any matching records.

11. Contact Us