PBI Client Portal
Privacy Policy

Privacy Policy

Last updated: 2026-01-16

1. Overview

This Privacy Policy explains how Kojib (“we”, “us”, “our”) collects, uses, and protects information when you use the PBI Client Portal and PBI Enterprise API (the “Services”).

2. What we collect

  • Account identifier: your email address (used to deliver magic links and identify your customer record).
  • Billing metadata: plan tier, Stripe customer/subscription identifiers, and invoice/usage totals.
  • API access data: API key identifiers (we store only hashes of raw keys), metering events (challenge/verify counts), and request metadata necessary for abuse prevention and operations.

3. What we do not collect

  • No biometric data: the Services do not store FaceID/TouchID biometrics. WebAuthn verification occurs on-device.
  • No raw API keys after creation: raw keys are shown once. We store only salted hashes.
  • No “identity database”: PBI is designed to verify presence without requiring persistent personal identity records.

4. How we use information

  • To authenticate you via magic links and maintain a portal session.
  • To provision, manage, and revoke API keys.
  • To meter usage, enforce quotas, generate invoices, and provide billing history.
  • To detect abuse, prevent fraud, and maintain service reliability.

5. Cookies

We use a single session cookie (pbi_portal_session) to keep you signed in. It is HTTP-only and intended to be sent only to the API domain with requests from the portal.

6. Sharing

We share information only with service providers needed to operate the Services (for example, payment processing via Stripe and email delivery via Resend). We do not sell personal information.

7. Data retention

We retain portal and billing records as needed to operate the Services and provide auditability. We retain usage and receipt-related records in accordance with your plan and operational requirements.

8. Security

We protect data using industry standard controls. API keys are hashed and cannot be recovered after creation. Transport security is enforced via HTTPS.

9. Contact

For privacy questions, contact: privacy@kojib.com

BackView Terms