1. Who We Are

NCO Kit (ncokit.com) is an independent web application built to assist Army enlisted leaders with administrative tasks. NCO Kit is not affiliated with, endorsed by, or operated by the Department of the Army, Department of Defense, or any government agency.

2. What Information We Collect

Account Information (if you create an account):

• Email address — used to create your account and send verification and password reset emails
• Password — stored as a one-way cryptographic hash (bcrypt). We cannot see your actual password.
• Account creation date and plan status (free or premium)
• Referral code (if applicable)

Tool Usage Data (if you are logged in and click Save):

• Content you explicitly choose to save — counseling text, NCOER bullets, award citations, AFT scores, soldier roster entries
• This data is stored securely in our database and is only accessible by your account
• You can delete any saved record at any time from the My Saves tab

What we do NOT store:

• Tool inputs that you do not save — if you generate bullets or a counseling form and close the browser without saving, that content is gone
• AI prompts sent to generate content — these are processed in real time and not logged
• Any data entered by users who are not logged in

Automatically collected data:

• Session tokens (stored in your browser's localStorage, used to keep you logged in)
• Basic web analytics via Google Analytics — page views, session duration, traffic source. No personally identifiable information is transmitted to Google Analytics.
• Payment information is handled entirely by Stripe. NCO Kit never sees or stores your credit card number.

3. CUI and Sensitive Information

NCO Kit is designed as a personal productivity tool — similar to using a Word document template. For sensitive use cases, we recommend using generic placeholder names when generating documents and replacing them with actual information after printing or downloading.

The aggregation of names, ranks, and unit information for personnel in sensitive assignments may constitute CUI under DoDI 5200.48 and Army CUI policy. Users are responsible for ensuring their use of this tool complies with applicable Army, DoD, and Federal regulations.

4. How We Use Your Information

• To provide and improve the NCO Kit service
• To send transactional emails — account verification, password resets, and billing notifications
• To process payments via Stripe
• To enforce usage limits and manage subscription status
• To respond to support requests submitted through the contact form

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described below.

5. Third-Party Services

NCO Kit uses the following third-party services to operate:

• Anthropic (Claude AI) — processes your text inputs to generate AI content. Inputs are sent to Anthropic's API for processing. Review Anthropic's privacy policy at anthropic.com/privacy.
• Stripe — processes all payments. NCO Kit never stores payment card data. Review Stripe's privacy policy at stripe.com/privacy.
• Resend — sends transactional emails. Only your email address is transmitted. Review Resend's privacy policy at resend.com/legal/privacy-policy.
• Google Analytics — collects anonymous usage data. No personally identifiable information is shared. Review Google's privacy policy at policies.google.com/privacy.
• Render — hosts the application and database. Data is stored in the United States.

6. Data Security

• All connections to ncokit.com are encrypted via HTTPS/TLS
• Passwords are hashed using bcrypt with a cost factor of 12
• Session tokens are cryptographically random and expire after 30 days
• Database access is restricted to the application server
• No payment card data is stored on our servers

While we implement reasonable security measures, no system is completely secure. We are not responsible for breaches resulting from factors outside our reasonable control.

7. Data Retention

• Account data is retained as long as your account is active
• Saved content is retained until you delete it or close your account
• Expired session tokens are automatically purged from our database
• You can request deletion of your account and all associated data by contacting us

8. Your Rights

You have the right to:

• Access the data we hold about you
• Delete your saved content at any time via the My Saves tab
• Request deletion of your account and all associated data
• Opt out of non-essential communications

9. Children's Privacy

NCO Kit is intended for use by adults. We do not knowingly collect information from anyone under 18 years of age.

10. Changes to This Policy

We may update this privacy policy as the service evolves. Significant changes will be communicated via email to registered users. Continued use of NCO Kit after changes constitutes acceptance of the updated policy.

11. Contact

Questions about this privacy policy or your data can be submitted through the contact form in the app's About tab, or by emailing us directly.