Privacy Policy

Last Updated: December 2025

Welcome to Klavis AI! This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services. Please read this privacy policy carefully.

SOC 2 Type 2 Certification & GDPR Compliance

Security Compliance: Klavis AI is SOC 2 Type 2 certified, demonstrating our commitment to maintaining the highest standards of data security, availability, and confidentiality over time. This certification validates both the design and operating effectiveness of our controls and processes for protecting your information.

GDPR Compliance: Klavis AI is fully compliant with the General Data Protection Regulation (GDPR), ensuring that we protect the privacy and data rights of individuals in the European Economic Area (EEA), United Kingdom, and beyond. We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

Google User Data Handling

Important Notice Regarding Google Workspace APIs: Klavis AI's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

No AI/ML Model Training: We explicitly affirm that Google Workspace APIs are not used to develop, improve, or train generalized or non-personalized AI and/or ML models.

Limited Data Usage: We do not use Google user data for developing, improving, or training AI and/or ML models, except where such data is used exclusively for personalized features.

Third-Party AI Tools: We do not transfer Google user data to third-party AI tools for the purpose of developing, improving, or training generalized or non-personalized AI/ML models.

1. Information We Collect

Important Notice: By using Klavis AI, you acknowledge and agree that we will, by default, store all your data and all your interactions with our servers, our APIs, and our website. This comprehensive data collection and storage is essential for our service delivery, security monitoring, compliance with our SOC 2 Type 2 certification and GDPR requirements, and continuous improvement of our platform.

Logging Control: You have the ability to disable logging of your interactions and data at any time. This setting can be configured in the Settings page for both your personal account and any team accounts you manage. When logging is disabled, we will not store interaction logs, API call details, or conversation history beyond what is strictly necessary for immediate service delivery and security purposes. Please note that certain minimal logging may still be required for legal compliance, fraud prevention, and security monitoring.

We collect various types of information in connection with the services we provide:

a. Personal Data On Klavis AI: Name, email address, and contact details you provide when registering or interacting with our Service.

b. OAuth Authentication: Authentication tokens from third-party providers like Google or GitHub.

c. Interaction Data: All interactions with our servers, APIs, and website, including but not limited to: API calls, requests and responses, user conversations with AI, website navigation and clicks, feature usage patterns, session data, error logs, and performance metrics.

d. Content and Communications: Any content you create, upload, or share through our services, including documents, code, prompts, and responses.

e. Technical Information: IP addresses, browser type, device information, operating system, access times, and referring URLs.

2. How We Use Your Information

We use your information to provide you with a smooth, efficient, and customized experience:

• Create and manage your account
• Provide, operate, maintain, and improve our Service
• Personalize and expand our Service based on user interactions
• Develop new products, services, and features
• Communicate with you for support and marketing
• Enable and manage your configured integrations
• Prevent fraud, security breaches, and abuse
• Comply with legal obligations and enforce policies

3. Sharing Your Information

We may share your information in certain situations:

a. By Law or to Protect Rights: When required by legal process or to protect rights, property, and safety.

b. Third-Party Service Providers: With vendors and consultants who perform services for us, including payment processors and hosting services.

c. Business Transfers: In connection with mergers, acquisitions, or sale of company assets.

d. With Your Consent: For any other purpose with your explicit consent.

e. International Data Transfers: Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. If you are located in the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place for such transfers in accordance with GDPR requirements, including standard contractual clauses approved by the European Commission.

4. Data Security & Retention

Security Measures: As a SOC 2 Type 2 certified and GDPR-compliant organization, we implement comprehensive administrative, technical, and physical security measures to protect your personal information. Our security controls are continuously monitored and regularly audited by independent third parties to validate their ongoing effectiveness. We employ encryption, access controls, security monitoring, and incident response procedures. However, no security measures are perfect or impenetrable.

Data Retention: We retain all your data and interactions by default for as long as necessary to provide our services, comply with legal obligations (including GDPR requirements), resolve disputes, enforce our agreements, and maintain audit logs as required by our SOC 2 Type 2 certification. This includes retaining comprehensive logs of all API interactions, user activities, and system events for security and compliance purposes. You may request deletion of your personal data as described in Section 5 below, subject to our legal retention obligations.

Logging Preferences: If you have disabled logging in your account settings (available for both personal and team accounts), we will minimize the data we retain from your interactions. However, even with logging disabled, we may still retain certain information required for: (i) security and fraud prevention, (ii) legal and regulatory compliance, (iii) billing and payment processing, and (iv) maintaining basic service functionality. Your logging preferences will be applied to all future interactions from the time the setting is changed.

5. Your Data Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information:

a. Right to Know/Access: Request information about data we've collected about you.

b. Right to Correct/Rectify: Request correction of inaccurate or incomplete personal information.

c. Right to Delete/Erasure: Request deletion of your personal information, subject to legal retention requirements.

d. Right to Opt-Out: Opt-out of sale or sharing of personal information.

e. Right to Data Portability: Receive a copy of your data in a structured, commonly used, and machine-readable format.

f. Right to Restrict Processing: Request limitation of processing of your personal information in certain circumstances.

g. Right to Object: Object to processing of your personal information based on legitimate interests.

h. Right to Non-Discrimination: Not be discriminated against for exercising privacy rights.

i. Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time.

California Residents: You have rights under the California Consumer Privacy Act (CCPA) and California's "Shine the Light" law.

EEA and UK Residents (GDPR): Under the General Data Protection Regulation (GDPR), you have all the rights listed above. You also have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated. Our legal basis for processing your personal data includes: (i) performance of our contract with you, (ii) compliance with legal obligations, (iii) your consent, and (iv) our legitimate interests in providing and improving our services.

Exercising Your Rights: To exercise any of these rights, please contact us at contact@klavis.ai. We will respond to your request within the timeframes required by applicable law (typically 30 days for GDPR requests).

6. Children's Privacy

Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13 without parental consent.

7. Service Availability

Our Service is provided "as is" and "as available." We may experience downtime and reserve the right to modify or discontinue the Service.

8. AI Model Disclaimer

Our Service uses AI technologies that are probabilistic and may generate unexpected outputs. You use AI features at your own risk.

9. Policy Changes

We may update this Privacy Policy from time to time. Changes are effective when posted on this page with an updated date.

10. Contact Information

If you have questions or comments about this Privacy Policy, please contact us at contact@klavis.ai.

Disclaimer: This privacy policy provides general information and outlines our practices. It may not cover all specific scenarios and is not a substitute for legal advice. Consult with a qualified legal professional to ensure compliance with all applicable laws.