Privacy Policy

1. Introduction

Welcome to Klaro AI. We respect your privacy and are committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our AI agent platform. It also informs you about your privacy rights and how the law protects you.

2. Data Controller

Klaro AI Sandgrubenhalde 15, 8455 Rüdlingen, Switzerland Email: titian@klaroai.ch

3. Data We Collect

We collect and process the following types of personal data:

Account Information

• Email address (for authentication and communication)
• Full name (optional)
• Profile avatar URL (optional)
• Preferred language (German or English)
• Password (hashed and encrypted)

Usage Data

• Conversations and messages between you and your AI agents
• Agent configurations (name, colors, icons, instructions)
• Uploaded knowledge sources (websites, documents, texts)
• Usage metrics (message count, websites crawled, API calls)

Technical Data

• IP address (for security and rate limiting)
• Browser type and version
• Device type and operating system
• Anonymized analytics data (via Vercel Analytics)

Billing Information

• Payment information is securely processed by Stripe. We do not store credit card details directly.

Anonymous Widget Users

When your end users interact with embedded agents on your website, we create anonymous sessions. We do not collect personally identifiable information from these users unless they voluntarily provide it in conversations.

4. How We Use Your Data

We use your personal data for the following purposes:

• Providing and maintaining our service (agent creation, conversation management, knowledge indexing)
• Processing your queries using AI models (OpenAI) to generate responses
• Managing subscriptions and billing through Stripe
• Sending transactional emails (invitations, password resets, usage notifications)
• Improving our services through analysis of usage patterns
• Protecting against fraud, abuse, and security risks
• Complying with legal obligations

5. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way:

• SSL/TLS encryption for all data transmission
• Restricted access to personal data to authorized personnel only
• Row Level Security (RLS) in our database to isolate user data
• Regular security monitoring and audits
• Secure authentication via Supabase Auth with industry standards

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

6. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this Privacy Policy:

• Account data: As long as your account is active
• Deleted accounts: Permanently deleted within 30 days
• Anonymous widget conversations: For the duration of the session or until deleted by you
• Billing records: Retained for 10 years as required by Swiss commercial law (Art. 958f CO)

7. Your Rights

Under the Swiss Federal Act on Data Protection (nFADP/nDSG) and, where applicable, the EU General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right to Access: You can request a copy of your personal data.
• Right to Rectification: You can request that we correct incomplete or inaccurate data.
• Right to Erasure: You can request deletion of your personal data.
• Right to Restriction: You can request that we restrict processing of your data.
• Right to Data Portability: You can receive your data in a structured, machine-readable format.
• Right to Object: You can object to the processing of your data.
• Right to Withdraw Consent: You can withdraw your consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC/EDÖB) at edoeb.admin.ch, or with the relevant supervisory authority in your jurisdiction.

To exercise any of these rights, please contact us at titian@klaroai.ch.

8. Third-Party Services

We use the following third-party services to provide our platform:

• Supabase - Authentication, database, storage, and realtime updates - Privacy Policy
• OpenAI - AI models (GPT) and embeddings for processing conversations - Privacy Policy
• Stripe - Payment processing and subscription management - Privacy Policy
• Firecrawl - Web scraping for knowledge sources - Privacy Policy
• Resend - Sending transactional emails - Privacy Policy
• Vercel - Hosting and anonymized analytics - Privacy Policy
• Upstash Redis - Rate limiting and caching - Privacy Policy

9. Cookies and Similar Technologies

We use cookies and similar tracking technologies to track activity on our service:

• Essential Cookies: Required for authentication and session management
• Analytics Cookies: Anonymized usage data via Vercel Analytics

You can control cookies through your browser settings. However, note that disabling cookies may affect the functionality of our service.

10. Children's Privacy

Our service is not directed to individuals under the age of 16. We do not knowingly collect personally identifiable information from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us.

11. International Data Transfers

Your data stays in Switzerland: All our internal databases are hosted and processed by Supabase in Zurich, Switzerland (region eu-central-2).

For certain functions, we use third-party service providers, some of which are based in the USA (e.g., OpenAI for AI processing, Stripe for payments, Vercel for hosting). For these data transfers, we use Standard Contractual Clauses (SCCs) and/or the Swiss-U.S. Data Privacy Framework to ensure an adequate level of protection.

All international data transfers comply with the requirements of the Swiss Federal Act on Data Protection (nFADP) and, where applicable, the GDPR.

12. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top.

We recommend that you review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: titian@klaroai.ch