Privacy Policy
Marvin Knapp-Tietz
c/o Impressumservice Dein-Impressum
Stettiner Strasse 41
35410 Hungen, Germany
Phone: +49 6183 8039368
Email: tech@cat-knows.com
Cat-Knows is a server-based web application. The user interface is served from our server (frellow.de) and runs in your browser. All Skool data we process for you (members, posts, comments, profiles, likes, chat messages, events, courses, and related analytics) is stored on our server in a MySQL database operated by our hosting provider in Germany (see Section 6).
Because Skool's API is protected by browser-level cross-origin restrictions, we additionally provide a small companion tool called the Fetcher that runs on your own computer. The Fetcher opens a built-in browser window where you log in to Skool, captures the resulting Skool session cookies from its own browser engine, calls the Skool API on your behalf, and uploads the raw responses to our server. The Fetcher itself does not maintain a local database of your community data; the server performs all extraction, storage and analysis.
Cat-Knows is multi-tenant: each Skool community you operate corresponds to a
separate team on our server. Every record we store is tagged
with a team_id, and every API request is scoped to the team you
are currently using, so data from different communities is kept isolated.
The following sections describe in detail which categories of data are processed, where they are stored, and on what legal basis.
| Item | Details |
|---|---|
| Purpose | Verify your license and entitlements |
| Data transmitted | Skool username (slug), email address, list of your Skool communities |
| Frequency | At Fetcher start, then weekly |
| Can be disabled? | No – required for the software to operate |
| Legal basis | Art. 6(1)(b) GDPR (performance of contract) |
| Retention | Until account deletion |
License records (license key, customer email, customer name, activated devices with device ID and device name) are stored on our server as part of the license management system. License tokens issued to the Fetcher are digitally signed with Ed25519 so the Fetcher can verify their authenticity.
If you are a member of a Skool community whose owner uses Cat-Knows, a license may be automatically created for you during the owner's license check, provided you do not already have one. In this case, your Skool username and email address are stored.
Note: Since these users do not provide their data directly, they are informed about the processing in accordance with Art. 14 GDPR through this privacy policy. The legal basis is Art. 6(1)(f) GDPR (legitimate interest) – the interest being to provide community owners with a unified license management system.
| Item | Details |
|---|---|
| Purpose | Stability monitoring and error detection |
| Data transmitted | Fetcher version, operating system, fetcher status, error buffer (up to 50 entries), license slug, community slug, uptime |
| Not transmitted | No logs, no configuration, no credentials, no content |
| Frequency | 60 seconds after launch, then every 6 hours |
| Default | Disabled (opt-in) |
| Can be enabled? | Yes – during Fetcher first run or in the Fetcher's privacy settings |
| Legal basis | Art. 6(1)(a) GDPR (consent) |
Telemetry is disabled by default. When you first start the Fetcher, you are shown a data processing notice with an optional checkbox to enable anonymous usage data collection. The heartbeat is only activated if you explicitly consent. You can change this setting at any time in the Fetcher's privacy settings.
Right to object (Art. 21 GDPR): You have the right to withdraw your consent to the telemetry heartbeat at any time by disabling it in the Fetcher. Upon withdrawal, no further telemetry data will be transmitted.
| Item | Details |
|---|---|
| Purpose | Automatic error detection and resolution |
| Data transmitted | Error details, context, up to 200 lines of logs, system information |
| Frequency | At most once per 5 minutes when an error occurs |
| Default | Disabled (opt-in) |
| Can be disabled? | Yes – in the Fetcher's privacy settings |
| Legal basis | Art. 6(1)(a) GDPR (consent) |
| Item | Details |
|---|---|
| Purpose | Investigate and fix errors you report |
| Data transmitted | Your error description, up to 2 screenshots, up to 500 lines of log files, redacted configuration (credentials removed), system information, database statistics |
| Trigger | Only by your explicit action (button click) |
| Legal basis | Art. 6(1)(a) GDPR (consent through explicit action) |
In all error reports, sensitive configuration values (keys, passwords,
tokens, cookies) are automatically replaced with [REDACTED] before transmission.
AI features are accessed exclusively through our server, which acts as a proxy in front of the upstream AI provider (currently OpenAI). There are two paths that reach the same proxy:
ai_request_log.ai_usage_log.| Item | Details |
|---|---|
| Purpose | AI-powered analysis and chat features |
| Data transmitted | Your chat messages (full conversation), selected AI model |
| Logged on server | User/team or license ID, provider, model, token counts, duration, status |
| Forwarded to | OpenAI |
| Legal basis | Art. 6(1)(b) GDPR (performance of contract) |
Chat content is not persisted by the AI proxy itself — only the metadata above is logged for quota management and abuse prevention.
However, the web app additionally offers a feature to save AI chat sessions
for your later use. If you explicitly start a saved chat session in the web
app, your messages and the AI responses are stored on our server in the
ai_chat_session and ai_chat_message tables, scoped
to your team. You can delete saved sessions from the web app at any time.
If you do not use the saved-session feature, no message content is retained.
| Item | Details |
|---|---|
| Purpose | Automatic categorization of communities |
| Data transmitted | Community name, slug, and description (max. 500 characters) for up to 50 communities |
| Forwarded to | OpenAI for classification |
| Frequency | Automatically every 7 days or manually |
| Legal basis | Art. 6(1)(f) GDPR (legitimate interest) |
Classification results are cached globally on our server so that the same community does not need to be re-classified for every customer.
| Provider | Purpose | Data | Location | DPA |
|---|---|---|---|---|
| OpenAI, Inc. | AI chat, community labels | Chat messages, community descriptions | USA | OpenAI DPA |
| ALL-INKL.COM – Neue Medien Münnich Hauptstraße 68, 02742 Friedersdorf, Germany |
Server hosting (frellow.de) | All server-side processed data | Germany | DPA per ALL-INKL contract terms |
When communicating with our server, your IP address is transmitted for technical reasons. We anonymize your IP address before storing it:
The anonymized IP is used for rate limiting (max. 2 hours) and in audit logs.
| Data | Retention period |
|---|---|
| Telemetry heartbeats | Automatically deleted after 7 days |
| Bug reports & error reports | Automatically deleted after 90 days |
| Audit log PII (IP, email) | Automatically pseudonymized after 90 days |
| AI usage statistics | Automatically deleted after 12 months |
| Inactive device activations | Automatically deleted after 180 days |
| Deactivated licenses | Automatically anonymized after 180 days of inactivity |
| Rate limiting data | Automatically deleted after 2 hours |
| Active license data (email, slug) | Until account deletion or deactivation |
Automatic data retention is enforced by a scheduled cleanup process on our server. You can also request immediate deletion of all your data at any time via the self-service deletion page.
This section gives an overview of which data is stored on our server versus on your own computer.
All of the above is multi-tenant and isolated by team_id; only
members of a team can access that team's data through the API.
The connection to Skool.com is made on your behalf through the Fetcher and, where applicable, through our server using the cookies the Fetcher uploads. Our server only sees your Skool cookies for as long as it needs them to perform the requested fetch task; cookies are not displayed in any user interface and are protected against unauthorised access by the same controls that protect the rest of your data.
You have the following rights regarding your personal data:
You can delete your data yourself at: Request data deletion. After email confirmation, the following will be deleted:
team_id).
Audit logs and diagnostic logs (audit_log, debug_log, skool_raw_log)
are pseudonymized — your IP, user ID and personal identifiers are removed —
but the rows are retained on the basis of legitimate interest (Art. 6(1)(f) GDPR) for security
auditing and debugging within the retention periods listed in Section 8.
You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The competent authority for us is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI)
Postfach 3163, 65021 Wiesbaden, Germany
Phone: +49 611 1408-0
Website: datenschutz.hessen.de
For all privacy-related inquiries, you can also contact us directly at tech@cat-knows.com.
When you use the AI chat features, data is transferred to OpenAI, Inc. in the United States.
OpenAI is certified under the EU-US Data Privacy Framework (DPF), which ensures an adequate level of data protection as recognized by the European Commission (adequacy decision of 10 July 2023). In addition, OpenAI’s Data Processing Addendum includes EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) as a fallback mechanism.
We implement the following technical and organizational measures:
team_id, and every API request is scoped to the requesting user's team membershipWe reserve the right to update this privacy policy to reflect changes in the law or changes to the software. The current version is always available on this page.
Last updated: 29 April 2026 (v2.0)