Privacy Policy
Last updated: July 2026
This policy explains what personal data KaireonAI processes, why, and the rights you have over it. It covers this website (kaireonai.com) and the hosted Playground (playground.kaireonai.com). If you self-host the open-source platform, we receive no data from your deployment.
Two roles: controller and processor
For data about you — your account and your usage of this site and the Playground — KaireonAI is the data controller. For customer datasets you upload into a Playground workspace (for example customer profiles used to test decisioning), you are the controller and KaireonAI processes that data solely to operate the features you invoke. You must have a lawful basis for any personal data you upload; do not upload production personal data to the Playground.
Data we collect as a controller
Account data: name, email address, organization name, and a hashed password (or your Google account identifier if you sign in with Google). Usage data: page views, feature-usage counts, API request metadata (timestamps, endpoint, status), and server logs including IP addresses retained for security. Communications: emails you send to support.
Purposes and legal bases
We use this data to provide and secure the service (contract), to send transactional email such as verification and alert notifications (contract), to understand aggregate feature usage and improve the product (legitimate interest), and to meet legal obligations. We do not sell personal data and we do not use it for third-party advertising.
Sub-processors
The hosted service runs on Amazon Web Services (compute and email delivery, us-east-1), Supabase (PostgreSQL database), Upstash (Redis), and Google (optional sign-in). A current sub-processor list is available on request at the address below.
Retention and deletion
Account data is kept while your account is active. Workspace data is subject to the retention windows configurable inside the product, enforced by automated purge jobs. You can delete your workspace data at any time, and the platform ships data-subject request tooling (export and erasure) that removes a subject’s data across all stores, including interaction history, decision traces, and uploaded profile rows.
Your rights
Depending on your jurisdiction (including under GDPR and CCPA), you may have rights to access, correct, export, restrict, or erase your personal data, and to object to certain processing. Exercise them by emailing support@kaireonai.com. We respond within the timelines the applicable law requires. You may also lodge a complaint with your supervisory authority.
International transfers
The hosted service is operated from the United States (AWS us-east-1). Where data is transferred from the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses with our sub-processors.
Security
Data in transit is encrypted with TLS; credentials are stored hashed; connector secrets are encrypted at rest; administrative changes are recorded in a tamper-evident audit log. No system is perfectly secure — report suspected vulnerabilities to support@kaireonai.com.
Changes and contact
We will post any material changes to this page and update the date above. Questions: support@kaireonai.com.