Legal

Privacy Policy

Last updated: January 1, 2026

KAIRO Technologies, Inc. ("KAIRO", "we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

Information We Collect

We collect information you provide directly to us when you create an account, use our services, or contact us for support.

Account data. When you register, we collect your name, email address, company name, and billing information. This information is required to provide the service.

Usage data. We automatically collect information about how you interact with KAIRO, including API call logs, workflow execution records, feature usage patterns, and error reports. This data is pseudonymized and used to improve the service.

Contact data. If you contact our support team or respond to surveys, we retain those communications to resolve your issue and improve our service quality.

Customer content. When you upload documents, connect data sources, or run agents, the content you submit is processed and temporarily stored in accordance with your subscription's data retention settings.

How We Use Information

We use the information we collect for the following purposes:

  • To provide, operate, and improve the KAIRO platform and its features.
  • To process transactions and send related information including purchase confirmations and invoices.
  • To send transactional and promotional communications (you may opt out of promotional emails at any time).
  • To monitor and analyze usage trends to improve performance, reliability, and user experience.
  • To detect, investigate, and prevent fraudulent transactions and other illegal activities.
  • To comply with legal obligations and enforce our terms of service.
  • To respond to customer support requests and resolve disputes.

Data Sharing

We do not sell your data. KAIRO does not sell, rent, or trade your personal information or customer content to third parties for their marketing purposes.

Limited third-party service providers. We may share data with vendors who help us operate our platform — including cloud infrastructure providers (AWS, GCP), payment processors (Stripe), and analytics services. These providers are contractually bound to process data only as instructed and to implement appropriate security measures.

Legal requirements. We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.

Business transfers. In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will provide notice before your data is subject to a different privacy policy.

Data Retention

Active accounts. We retain your account information and usage data for the duration of your subscription. Agent run logs are retained for 90 days by default; Enterprise customers can configure custom retention periods.

Account deletion. When you request account deletion, we will delete your personal data and customer content within 30 days. Aggregated, anonymized usage statistics may be retained indefinitely as they cannot be linked to you.

Backups. Encrypted backups may retain data for an additional 90 days after the deletion window. During this period, the data is not accessible in production and will be purged according to our automated backup expiry schedule.

Security

We implement and maintain industry-standard security measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

Encryption. All data is encrypted in transit using TLS 1.3 and at rest using AES-256. API keys are hashed using bcrypt and never stored in plaintext.

Access controls. Access to customer data is restricted on a need-to-know basis and requires multi-factor authentication. All access is logged and audited.

SOC 2 Type II. KAIRO is SOC 2 Type II certified. Our audit reports are available to Enterprise customers under NDA. We also conduct annual penetration tests and continuous vulnerability scanning.

Despite our efforts, no security system is impenetrable. If you believe your account security has been compromised, contact us immediately at security@kairo.dev.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

GDPR (EEA/UK residents). You have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing and to lodge a complaint with your local supervisory authority. To exercise these rights, email privacy@kairo.dev.

CCPA (California residents). You have the right to know what personal information we collect, disclose, and sell (we do not sell personal information). You have the right to request deletion of your data and to opt out of any sale. We do not discriminate against you for exercising these rights.

Data portability. You can export your account data, workflow configurations, and agent settings at any time from your dashboard under Settings → Data Export. Exports are delivered in JSON and CSV formats.

We will respond to all rights requests within 30 days. Complex requests may take up to 90 days, in which case we will notify you of the extended timeline.

AI and Model Training

Your data is never used to train shared models.

KAIRO does not use your customer content — including documents you upload, data sources you connect, or outputs generated by your agents — to train, fine-tune, or improve AI models that are shared with other customers or made available publicly.

We may use aggregated, anonymized telemetry data (such as latency statistics and error rates) to improve routing algorithms and infrastructure performance. This data cannot be traced back to individual customers or their content.

If you request custom model fine-tuning as part of an Enterprise contract, a separate data processing agreement governs how your training data is handled. Fine-tuned models derived from your data are isolated to your account and not shared.

Cookies and Tracking

We use cookies and similar tracking technologies to operate our service, remember your preferences, and analyze usage patterns. Specifically:

Essential cookies. Required for authentication and session management. These cannot be disabled without impairing the functionality of the platform.

Analytics cookies. We use privacy-preserving analytics to understand how users navigate the platform. We do not use cross-site advertising trackers or share analytics data with advertising networks.

Managing cookies. You can control cookies through your browser settings. Disabling essential cookies will affect your ability to log in and use the platform. You can opt out of analytics cookies at any time through our cookie preferences panel.

Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact our Privacy team:

KAIRO Technologies, Inc.

Privacy Team

Email: privacy@kairo.dev

We aim to respond to all privacy-related inquiries within 5 business days.

If you are located in the EEA and believe we have not adequately addressed your privacy concerns, you have the right to contact your local data protection authority.