Legal

Privacy Policy

Effective date: March 2026

1. Data Controller

Kaimera (“we”, “us”, “our”) is the data controller for personal data collected through the Kaimera platform. For privacy inquiries, contact us at privacy@kaimeraos.ai.

2. Information We Collect

We may collect: (a) account details (name, email, company); (b) usage logs and workflow metadata; (c) integration settings and configuration data; (d) messages and content you submit to the platform; (e) billing information processed by Stripe; and (f) technical data such as IP address, browser type, and device identifiers.

3. How We Use Information

We use data to operate, secure, and improve Kaimera, provide support, maintain service reliability, process payments, and investigate abuse or misuse. We use your data only to provide the service — we do not sell your personal data or use it for advertising.

4. AI Processing

Your data may be processed by AI model providers (via OpenRouter) as required to deliver platform functionality. We do not use your data to train AI models. AI providers process your data solely to generate responses for your agents. You are responsible for evaluating whether your data is appropriate for AI processing.

5. Cookies & Tracking

We use essential cookies required for authentication and platform functionality. We do not use third-party advertising trackers or analytics cookies. No data is shared with ad networks.

6. Third-Party Services

Kaimera can connect to third-party platforms (Slack, GitHub, Notion, etc.). Their privacy practices are governed by their own policies. We also use Stripe for payment processing and Supabase for data storage. We are not responsible for third-party handling of your data once it leaves our systems.

7. Data Security

We use technical and organizational safeguards including: dedicated VMs per customer (no shared compute), TLS 1.3 encryption on all connections, Cloudflare Tunnels with zero exposed ports, row-level security on all database tables, and encrypted credential storage. No system is completely secure, and you should avoid submitting highly sensitive information unless required and properly controlled.

8. Data Retention

We retain data as needed for service operation, legal obligations, dispute resolution, and security monitoring. Upon account termination, we delete your data in accordance with our retention policies, typically within 30 days, except where retention is required by law.

9. International Data Transfers

Your data may be transferred to and processed in the United States and the European Union. We use infrastructure providers with appropriate data protection safeguards, including Hetzner (Germany/EU) for customer VMs and Supabase for database hosting.

10. Your Rights (GDPR & Applicable Law)

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate personal data
  • Erasure — request deletion of your personal data (“right to be forgotten”)
  • Restriction — request that we limit processing of your data
  • Portability — request your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdraw Consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact privacy@kaimeraos.ai. We will respond within 30 days. If you believe your rights have been violated, you have the right to lodge a complaint with your local data protection authority.

11. California Privacy Rights

California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your California privacy rights, contact privacy@kaimeraos.ai.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the platform. Continued use after changes constitutes acceptance of the revised policy.