Privacy Policy

Effective 2026-04-22 · Leonard Kempthorne LLC (dba CANONIC)

This policy describes how Leonard Kempthorne LLC ("CANONIC", "we") collects, uses, retains, and shares personal information about users of canonic.org and the governed brand surfaces it operates (gorunner.pro, hadleylab.org, ankinex.us, onconex.ai, founderof.ai, omicsnex.us, mammochat.ai, caribchat.ai, spiritofduende.com, lawchat.hadleylab.org, finchat.hadleylab.org).

1. What we collect

GitHub identity. When you sign in with GitHub we receive your GitHub user id, username, public display name, avatar URL, and — if you have granted GitHub the "user:email" scope — your primary verified email address. These are the only identity fields the platform stores in its own database.

Usage evidence. When you create a governed artifact (a community reply, a task completion, a published paper annotation), we record an append-only ledger entry with the event type, an evidence hash (SHA-256 of the underlying file or payload), your user id, a scope tag, and a timestamp. The ledger stores user-id references only — no plaintext PII.

Payment data (Stripe). Cash-IN purchases and cash-OUT payouts are processed by Stripe, Inc. under Stripe's own privacy policy. For cash-OUT you complete Stripe Connect Express onboarding which collects your legal name, date of birth, last four digits of your SSN, and bank routing + account numbers. CANONIC never sees these fields. They are transmitted directly from your browser to Stripe. The platform only stores your Stripe Connect account id and KYC tier ("unverified" / "express_verified" / "1099_filed").

2. How we use it

  • Authenticate your sessions (httpOnly signed cookies).
  • Credit COIN to your wallet when governed events (chat turns, task completions, author minting) occur.
  • Gate cashout eligibility by KYC tier and platform fiat reserve (see Terms § Cashout).
  • Prevent abuse: rate limiting, evidence-hash deduplication, Sybil detection via GitHub account age + activity signals.
  • Comply with Stripe's fraud, tax, and regulatory reporting obligations.

3. Retention

The append-only ledger is permanent by design — hash-chained entries cannot be mutated without invalidating every subsequent row. Ledger payloads never contain PII beyond a user id reference. Your profile row (GitHub id, email, avatar) is retained for the life of your account and deleted within 30 days of an account deletion request.

4. Sharing

We do not sell personal information. We share:

  • Stripe — identity and bank data you submit during Stripe Connect onboarding flow directly to them.
  • GitHub — OAuth callbacks are between GitHub and our authentication server at api.canonic.org.
  • Cloudflare — our infrastructure provider sees request metadata (IP, User-Agent, path) for edge routing and DDoS protection.
  • Law enforcement — only in response to a valid subpoena or court order naming specific user ids.

5. Your rights

You can request access to the data we hold, or deletion of your profile row, by emailing founder@canonic.org. We will acknowledge within 10 business days and complete the request within 30 days. Ledger entries that reference your user id will be anonymized (id replaced with a one-way hash) but not deleted, to preserve the chain.

6. Cookies

We use one cookie: canonic_session. It is HttpOnly, Secure, SameSite=Lax, signed with an HMAC key held server-side. It stores an opaque session id; your actual session state (user id, GitHub profile) lives in Cloudflare KV behind that id. No third-party analytics cookies are set by CANONIC surfaces.

7. Contact

Leonard Kempthorne LLC · dba CANONIC · founder@canonic.org