KlairoAI s.r.o. ("KlairoAI", "we", "us", or "our") is an AI-powered agency automation platform headquartered in Slovakia, European Union. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our website at klairoai.com and our platform services (collectively, the "Service").
We are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) (Regulation 2016/679) and applicable Slovak law. If you have questions, email us at
hello@klairoai.com.
1. Data Controller
The data controller for your personal data is:
2. Data We Collect
2.1 Data You Provide Directly
- Account information: first name, last name, email address, company name, and password (stored as a bcrypt hash)
- Support tickets: message content, subject, and attachments you submit via the support system
- Payment information: billing-related data (processed by Stripe; we do not store card details)
- Communications: any emails or messages you send to us
2.2 Data Collected Automatically
- Usage data: pages visited, features used, timestamps, and actions taken in the platform
- Log data: IP address, browser type, operating system, referring URLs
- Cookies: session cookies, preference cookies, and analytics cookies (see Section 7)
2.3 Data from Third Parties
- If you connect third-party integrations (e.g. Google Calendar, Gmail), we receive access tokens and data necessary to provide the integration. We only access data required for the specific feature.
3. How We Use Your Data
We process your personal data for the following purposes and legal bases:
- To provide the Service (contract performance — Art. 6(1)(b) GDPR): creating and managing your account, processing requests, sending transactional emails
- To communicate with you (contract performance / legitimate interest): responding to support tickets, sending service notifications
- To improve the Service (legitimate interest — Art. 6(1)(f) GDPR): analysing usage patterns, fixing bugs, and developing new features
- To comply with legal obligations (legal obligation — Art. 6(1)(c) GDPR): keeping records for tax and accounting purposes, responding to lawful requests from authorities
- Marketing communications (consent — Art. 6(1)(a) GDPR): only if you have opted in; you may withdraw consent at any time
4. Data Sharing and Third-Party Processors
We do not sell your personal data. We share data only with trusted third-party processors who are bound by data processing agreements:
- Vercel Inc. (US) — hosting and serverless infrastructure
- Neon Inc. (US) — PostgreSQL database hosting
- Stripe Inc. (US) — payment processing
- Resend Inc. (US) — transactional email delivery
- Google LLC (US) — analytics (Google Analytics) and optional integration services
- OpenAI Inc. (US) — AI model processing (for AI automation features)
Where processors are located outside the EU/EEA, data transfers are covered by Standard Contractual Clauses (SCCs) or other appropriate safeguards under GDPR Chapter V.
5. Data Retention
- Account data: retained for the duration of your account plus 3 years after closure for legal and audit purposes
- Support tickets: retained for 3 years
- Activity logs: retained for 12 months, then automatically purged
- Billing records: retained for 10 years to comply with Slovak accounting law
- Analytics data: retained per Google Analytics default settings (26 months)
6. Your Rights Under GDPR
As a data subject in the EU/EEA, you have the following rights:
- Right of access (Art. 15): request a copy of the personal data we hold about you
- Right to rectification (Art. 16): correct inaccurate or incomplete data
- Right to erasure (Art. 17): request deletion of your data ("right to be forgotten") where no legal basis for retention exists
- Right to restrict processing (Art. 18): ask us to pause processing of your data in certain circumstances
- Right to data portability (Art. 20): receive your data in a structured, machine-readable format
- Right to object (Art. 21): object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent: withdraw consent at any time where processing is based on consent, without affecting prior processing
- Right to lodge a complaint: you may lodge a complaint with your national supervisory authority. In Slovakia: Úrad na ochranu osobných údajov SR
To exercise any of these rights, email us at hello@klairoai.com. We will respond within 30 days.
7. Cookies
We use cookies and similar technologies. Here is what we use:
- Essential cookies: required for authentication (JWT token stored in localStorage) and basic site functionality. These cannot be disabled.
- Analytics cookies (Google Analytics): used to understand how visitors use our site. These are only set if you have not opted out. IP anonymization is enabled.
- Preference cookies: remember your preferences (e.g. theme, language). Optional.
You can control cookies through your browser settings. Rejecting non-essential cookies will not affect your ability to use the core Service.
8. Security
We implement industry-standard security measures including:
- TLS/HTTPS encryption for all data in transit
- Bcrypt password hashing (cost factor 10)
- JWT-based authentication with 30-day expiry
- Rate limiting on authentication endpoints
- Database access restricted to server-side only
No system is 100% secure. If you discover a security issue, please notify us immediately at hello@klairoai.com.
9. Children's Privacy
Our Service is intended for business users aged 18 and over. We do not knowingly collect personal data from children under 16. If you believe a child has provided us data, please contact us to have it removed.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (if you have an account) or by posting a notice on our website at least 14 days before changes take effect. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
11. Contact Us
For any privacy-related questions, requests, or complaints: