FeaturesPricingBlogHow It Works
Sign InGet Started

Privacy Policy

Last updated: 2025-11-23

Introduction

Kallos AI ("we," "our," or "us") is committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information. This Privacy Policy explains our practices in accordance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

1. Data We Collect

1.1 Account Information

  • Email address (for authentication and communication)
  • Password (encrypted via Clerk/Auth0)
  • Account creation date
  • Subscription tier

1.2 Brand & Content Data

  • Brand profile (name, industry, website)
  • Brand voice profile (tone, style preferences)
  • Generated content (blog posts, social media posts)
  • Content performance metrics
  • Strategy preferences

1.3 Analytics & Intelligence Data

  • Google Analytics 4 metrics (page views, engagement rates, traffic sources)
  • Social media insights (impressions, reach, likes, comments, shares)
  • Topic suggestions (from competitor monitoring, Google Trends, social listening)
  • Performance benchmarks

1.4 Platform Credentials

  • OAuth tokens for connected platforms (WordPress, LinkedIn, Facebook, Twitter, Google Analytics 4)
  • Encrypted using AES-256-GCM encryption (tokens never stored in plain text)

1.5 Usage & Technical Data

  • IP address (for security and audit logs)
  • User agent (browser and device information)
  • Audit logs (data export requests, account deletion requests)

2. How We Use Your Data

  • Content Generation: Generate blog posts and social media content using AI (OpenAI GPT-4, Anthropic Claude) based on your brand voice profile
  • Performance Tracking: Fetch and display analytics from Google Analytics 4 and social media platforms to measure content performance
  • Intelligence Gathering: Monitor competitors, Google Trends, and social media to suggest relevant topics for content creation
  • Automated Workflows: Schedule content generation, analytics sync, and weekly digest emails via n8n automation
  • Account Management: Authenticate users, manage subscriptions, enforce usage limits, and provide customer support
  • Security & Compliance: Log sensitive actions (data export, account deletion) in audit logs for security forensics and GDPR compliance

3. Third-Party Services

We use the following third-party services to provide our functionality:

  • Clerk/Auth0: User authentication and session management
  • OpenAI GPT-4 Turbo: Blog and social media content generation
  • Anthropic Claude 3.5 Sonnet: Alternative LLM provider with automatic fallback
  • Google Analytics 4: Blog performance metrics
  • Social Media APIs: LinkedIn, Facebook, Instagram, Twitter insights
  • SendGrid/Postmark: Transactional emails (weekly digest, notifications)
  • n8n: Workflow automation (self-hosted, data not shared)
  • Sentry: Error tracking and monitoring

4. Data Export (Right to Data Portability)

Under GDPR Article 20, you have the right to receive a copy of all your personal data in a structured, machine-readable format.

How to Export Your Data

  1. Go to Settings → Account → Data & Privacy
  2. Click "Export My Data"
  3. A ZIP file will be generated and downloaded immediately

What's Included in the Export

  • content.csv: All generated blog posts and social media posts (title, content, platform, status, published date, confidence score)
  • analytics.csv: All performance metrics from GA4 and social platforms (platform, metric name, value, period)
  • topics.csv: All topic suggestions (topic, source, discovered date, relevance score)
  • settings.json: Brand profile, voice profile, strategy preferences, subscription tier

What's NOT Included

For security reasons, platform OAuth tokens (WordPress, LinkedIn, Facebook, Twitter) are not included in the export. If you import your data to a new account, you will need to re-authenticate these platforms.

Timeline

Per GDPR Article 15.3, we provide data exports within 72 hours. In our MVP, exports are generated immediately.

5. Account Deletion (Right to be Forgotten)

Under GDPR Article 17, you have the right to request permanent deletion of your account and all associated data.

How to Delete Your Account

  1. Go to Settings → Account → Danger Zone
  2. Click "Delete Account"
  3. Type "DELETE" exactly in the confirmation modal
  4. Confirm deletion

Deletion Process & Timeline

  • Day 0 (Soft Delete): Account marked for deletion, you lose access immediately, data retained for 30 days
  • Day 30 (Hard Delete): All data permanently deleted from our database, Clerk/Auth0 user account deleted, confirmation email sent

What Gets Deleted

  • Brand profile and voice profile
  • All generated content (blog posts, social posts)
  • All analytics events and performance metrics
  • All topic suggestions
  • All platform credentials (OAuth tokens)
  • All feedback events and insights
  • Clerk/Auth0 user account

What's Retained

Audit logs are retained indefinitely for legal compliance (GDPR Article 17.3.b exception). The userId field is set to NULL after hard delete to preserve the audit trail while anonymizing the record.

30-Day Grace Period

You can contact support within 30 days to cancel the deletion request and restore your account. After 30 days, deletion is permanent and irreversible.

6. Cookie Policy

We use cookies and similar technologies to provide functionality and analytics:

  • Essential Cookies: Clerk/Auth0 session cookies (required for authentication)
  • Performance Cookies: Sentry error tracking (anonymized)

7. Data Retention

  • Active Accounts: Data retained indefinitely while account is active
  • Soft-Deleted Accounts: 30 days retention before hard delete
  • Audit Logs: Retained indefinitely for legal compliance
  • Analytics Data: 24 months retention (then aggregated/anonymized)

8. Your Rights Under GDPR

  • Right to Access (Article 15): Request a copy of your data
  • Right to Rectification (Article 16): Correct inaccurate data
  • Right to Erasure (Article 17): Delete your account and data
  • Right to Data Portability (Article 20): Export your data
  • Right to Object (Article 21): Object to data processing
  • Right to Restrict Processing (Article 18): Limit how we use your data

9. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, contact us at:

Email: privacy@kallos.ai
Support: support@kallos.ai

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email and update the "Last updated" date at the top of this page.