Knitt

Privacy Policy

Last updated: 19 February 2026

1. Introduction

Knitt ("we", "us", "our") operates the Knitt headless CMS and hosting platform. This Privacy Policy explains how we collect, use, and protect your personal information when you use our services at knitt.co, app.knitt.co, and api.knitt.co.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and password. If you subscribe to a paid plan, we collect billing information through our payment processor — we do not store your full card details.

2.2 Usage Data

We collect information about how you use our services, including API call logs, content operations, storage usage, and general platform activity. This data is used to operate and improve the service.

2.3 Content Data

We store the content you create, upload, and manage through the Knitt platform. This includes text content, media assets, form submissions, and any other data you input into your projects. You retain ownership of all your content.

2.4 Technical Data

We automatically collect technical information such as your IP address, browser type, device information, and referring URLs when you access our services.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our headless CMS and hosting services
  • Process payments and manage your subscription
  • Send service-related communications (account notifications, security alerts, billing updates)
  • Monitor and enforce our Terms of Service
  • Detect and prevent fraud, abuse, and security incidents

We do not sell your personal information to third parties. We do not use your content data for advertising or marketing purposes.

4. Data Storage & Security

Your data is stored on UK-based infrastructure. We implement appropriate technical and organisational measures to protect your data, including encryption in transit (SSL/TLS) and encryption at rest where applicable.

While we take reasonable steps to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your account information and content for as long as your account is active. When you delete your account, we will delete your personal data and content within 30 days, except where we are required to retain it by law.

6. Your Rights

Under UK data protection laws (UK GDPR), you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your personal data
  • Export your content data
  • Object to processing of your personal data
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at privacy@knitt.co.

7. Third-Party Services

We use a limited number of third-party services to operate our platform, including payment processing and email delivery. These providers only receive data necessary to perform their services and are bound by data processing agreements.

8. Cookies

We use essential cookies to operate our services (authentication, session management). For more details, see our Cookie Policy.

9. Children

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform. Continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this Privacy Policy or our data practices, contact us at privacy@knitt.co.