Privacy Policy

Last updated: [[ AUG 28, 2025 ]]

Note: For information about how we use or don’t use data for model training, see our Privacy Overview and Security pages.

Introduction

We at Kolby AI (“Kolby,” “we,” “us,” or “our”) are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use Kolby’s software, platform, APIs, websites, and related tools (collectively, the “Service”).

This policy applies when Kolby acts as a data controller (e.g., you sign up directly). Where we act as a data processor for enterprise customers, our processing is governed by our Data Processing Addendum and the customer’s instructions.

1. Personal data we collect

A. Personal data you provide to us directly

  • Account Information. Name, business email, company, role, and similar identifiers.
  • Payment Information. Billing contact details; card data is handled by our payment processor (e.g., Stripe).
  • Inputs & Suggestions. Audio/media, transcripts, prompts, and other content you submit; real-time guidance and analytics we generate in response.
  • Communications. Support requests, survey responses, or other messages you send us.
  • Feedback. Product feedback, ratings, and comments about Suggestions.

B. Personal data we receive from your use of the Service

  • Device Information. Device type, OS, browser, mobile network or ISP, and settings.
  • Log Information. IP address, timestamps, error logs, and interaction events.
  • Usage Data. Pages viewed, features used, links clicked, session duration, and similar analytics.
  • Cookies & Similar Technologies. We and providers use cookies/pixels/scripts to operate, protect, and improve the Service. See our Cookie Policy.
  • Location Information. Approximate location derived from IP for fraud detection, security, and localization.

C. Information we do not collect

We do not knowingly collect sensitive or special categories of personal data (e.g., genetic, biometric, health, or religious information) for the purpose of uniquely identifying a natural person, and we do not target children under 18. If we learn a user is under 18, we will delete the account and associated personal data.

2. How we use personal data

  • To provide and maintain the Service, including optional features that enhance functionality and user experience.
  • To create, manage, and administer your account; facilitate payments; and respond to inquiries.
  • To improve the Service and conduct research (debugging, reliability, and quality).
  • To communicate with you about updates, events, and the Service. Marketing emails are opt-out.
  • To prevent, detect, and investigate fraud, abuse, and security incidents; to enforce our Terms of Service.
  • To comply with legal obligations and protect rights, safety, privacy, and property.

No automated decisions with legal/significant effects. We do not make decisions based solely on automated processing that produce legal or similarly significant effects about you.

No sale or cross-context behavioral advertising. We do not “sell” or “share” personal data for targeted advertising as defined by applicable U.S. state privacy laws.

Model training. We do not use your Content to train base models unless you explicitly opt in (e.g., an enterprise admin enables it and accepts additional terms). See our Privacy Overview.

3. How we share personal data

  • Service Providers & Partners. Vendors who host, store, process payments, provide model inference, analytics, communications, or IT/security services—only as necessary to perform services on our behalf and under appropriate safeguards.
  • Business Transfers. In connection with a merger, acquisition, financing, or sale of assets, data may be disclosed as part of diligence or transferred as part of the transaction.
  • Legal Compliance & Protection. To comply with law, respond to lawful requests, or protect the rights, property, or safety of Kolby, users, or others.
  • Affiliates. Within our corporate family, consistent with this policy.
  • Third-Party Integrations. If you connect integrations, relevant data flows to those services under their privacy policies.
  • Business Account Administrators. If you use a company email or are part of an enterprise account, certain account information may be available to your organization’s admins.
  • With Your Consent. We may share data when you ask us to (e.g., sharing features).

Need our current sub-processor list? Email privacy@kolbyai.com.

4. Retention

We retain personal data only as long as necessary to operate the Service and support legitimate business needs (e.g., compliance, safety, dispute resolution, and enforcing agreements). Retention varies by data type, sensitivity, and purpose. Encrypted backups follow a fixed schedule [[ e.g., ≤30 days ]] before automatic deletion.

5. Security

We implement commercially reasonable technical and organizational measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. See our Security page for more.

6. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or transfer your personal data; to object to or restrict certain processing; and to withdraw consent where processing is based on consent. You may also have the right to lodge a complaint with your local authority.

  • Access/Portability. Request a copy of your personal data in a portable format.
  • Deletion. Request deletion of personal data collected from you, subject to legal exceptions.
  • Correction. Request correction of inaccurate personal data we maintain.
  • Objection/Restriction. Object to or request restriction of certain processing.
  • Withdraw Consent. Where applicable, withdraw consent without affecting prior lawful processing.
  • Appeal. If we decline a request, you may appeal by replying to our decision email.
  • Non-discrimination. We will not discriminate against you for exercising your rights.

To exercise rights, contact support@kolbera.com. We may need to verify your identity (and, where permitted, the identity/authority of your authorized agent) before acting on a request.

7. Jurisdiction-specific disclosures

Where required (e.g., GDPR/UK GDPR/US state privacy laws), we provide legal bases and additional details below.

Purpose Type of Data Legal Basis
Provide, maintain, and facilitate the Service Identity/contact; Payment; Inputs & Suggestions; Technical Contract
Optional features that enhance UX Identity/contact; Inputs & Suggestions; Feedback; Technical Legitimate interests (product improvement); sometimes Consent
Service communications & account notices Identity/contact; Communication Contract (service communications); Consent (marketing)
Payments Identity/contact; Payment Contract; Legal obligation
Fraud prevention & security; compliance Identity/contact; Payment; Technical Legitimate interests; Legal obligation
Dispute resolution; enforcement of Terms Identity/contact; Inputs & Suggestions; Feedback; Technical Legitimate interests; Legal obligation
Debugging and repairing errors Identity/contact; Feedback; Technical Legitimate interests (reliability)
Service improvement & research (excluding model training) Feedback; Technical; Usage Legitimate interests (evaluate and improve)
Model training (if explicitly opted in) Inputs & Suggestions; Feedback Consent (opt-in only)

International transfers

We may process data in the United States and other countries. For transfers from the EEA/UK, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and implement supplementary measures as needed to ensure an adequate level of protection.

8. Privacy policy changes

We may update this Privacy Policy from time to time. If changes are material, we’ll provide reasonable notice (e.g., email or in-app). Your continued use of the Service after the effective date constitutes acceptance.

9. Contacting us

Questions or requests? Email privacy@kolbyai.com or write to: [[ Kolby AI, Attn: Privacy, [[ STREET ]], [[ CITY ]], [[ STATE ]] [[ ZIP ]], [[ COUNTRY ]] ]].