Legal Center

Privacy Policy

Last updated: 18 May 2026

Privacy Policy

Last Updated: May 18, 2026

This Privacy Policy details how KnitBook collects, uses, stores, and protects your personal data when you use our Application and cloud synchronization systems. We are committed to protecting your privacy in strict compliance with the General Data Protection Regulation (GDPR).

1. Data We Collect

1.1 Account & Profile Information (Provided by you)

To create an account and unlock cloud sync via our Axum backend, you must provide:

  • Your email address.
  • A username.
  • A password (which is immediately encrypted and salted/hashed before storage).

1.2 Usage Data and Content (Synchronization)

If you utilize cloud sync, our system securely replicates your workspace data to our AWS servers (PostgreSQL & S3):

  • Yarn stash logs (brands, yardage, colorways).
  • Uploaded images for your stash items or “Make Nine” grid goals.
  • Pattern design metadata and PDF canvas annotations (JSON coordinates/Konva.js files).

1.3 Ravelry API Connected Data

If you choose to link your Ravelry account to KnitBook via OAuth authentication:

  • Scope of Collection: We access your authorized Ravelry notebook data (including project progress, stash lists, and pattern library access tokens) to display them seamlessly within KnitBook.
  • Caching & Storage Limits: In obedience to Ravelry’s Developer Policies, Ravelry data and user-provided imagery are temporarily cached on our servers solely to enhance loading speeds and allow brief offline execution. We do not permanently harvest, store, or create an independent separate database out of Ravelry’s proprietary directory.
  • Data Dissemination: KnitBook will never sell, redistribute, or use data fetched via the Ravelry API for marketing purposes or target advertisements.

1.4 Technical Telemetry & Crash Reports (Analytics)

To diagnose runtime crashes within the Rust core, catch frontend exceptions in Svelte 5, and optimize user experience, we utilize two third-party analytics tools:

  • Sentry: Captures real-time error logs and UI crash diagnostics.
  • PostHog: Analyzes anonymized user behavior to track feature usage and improve interface layouts.

2. Financial Data and Transactions

All billing, subscription upgrades, and transaction management are securely processed via Google Play Billing and Apple Pay / App Store.

  • KnitBook never collects, processes, or stores your credit card numbers or banking details on its AWS servers.
  • The only financial data transmitted to us is an anonymous verification token from Apple/Google confirming that your premium license is active.

3. Legal Basis and Data Usage

We process your personal data under the following legal frameworks:

  • Performance of a Contract: To manage your secure JWT authentication and sync your data seamlessly across multiple personal devices.
  • Legitimate Interests: To maintain software stability, eliminate bugs (via Sentry and PostHog), and protect our server endpoints from malicious traffic (Nginx rate-limiting).
  • Consent: For displaying or distributing your content if you explicitly choose to engage with future internal community features, or when you explicitly trigger the OAuth hand-shake to tie into Ravelry’s platform.

4. Data Retention and Security

  • Security: Your synchronized data is stored on secure Amazon Web Services (AWS) infrastructure located within Europe. It is protected by AWS Secrets Manager and rigid data encryption protocols.
  • Retention Period: Your data is kept for as long as your account remains active. Upon manual account deletion request, or following a 12-month period of complete inactivity on a free account, your cloud data and related media assets will be permanently purged from our databases.
  • Ravelry Data Erasure: If you disconnect your Ravelry identity inside the Application settings, all corresponding access tokens and Ravelry-sourced cached metadata are instantly deleted from KnitBook’s system.
  • Legal Compliance and Law Enforcement: We may retain and preserve your account information or data beyond our standard retention periods if required to do so by applicable law, or in the good-faith belief that such preservation or disclosure is reasonably necessary to comply with legal processes, enforce our Terms, or protect the safety of our users or the public.

5. Third-Party Data Sharing

We do not sell, rent, or lease your personal information. Your data is shared exclusively with essential technical subprocessors required to host and run the application:

  • Amazon Web Services (AWS): For cloud infrastructure hosting (ECS, Fargate, S3, PostgreSQL).
  • Sentry & PostHog: For telemetry, crash logging, and performance analysis.
  • Google / Apple: For technical validation of app store subscription statuses.
  • Ravelry, LLC: Authentication parameters are securely processed directly with Ravelry’s servers when syncing user notebooks.

6. Your Rights (GDPR Compliance)

Under the GDPR, you possess full rights regarding your personal information:

  • Right to Access and Rectify: You can modify your profile data directly within the application’s settings.
  • Right to Erasure (Right to be Forgotten): You may trigger a complete account deletion from the app interface, which will automatically wipe your personal profile, synced media, and all cached Ravelry information from our cloud database.
  • Right to Portability: You can always choose to use KnitBook entirely offline, keeping your SQLite database contained entirely within your local device file system.

For any privacy-related inquiries or to exercise your digital rights, you can reach out directly to our support email channel.