Privacy Policy

The data controller for personal data we hold about you as a website visitor and account user is KABAIDO LTD, United Kingdom. You can reach us at hello@kabaido.com. Where you upload your own customers' data into the platform, you are the controller and we act as your processor under the Data Processing Addendum.

• Account data: name, work email, organisation details.
• Usage data: actions in the product and basic technical logs.
• Billing data: handled by our payment processor; we do not store card numbers.
• Content you submit: requests, files and catalogue data you choose to upload.
• Cookies: strictly essential only, as set out in our Cookie Policy.

• Contract: to provide the service you have signed up for.
• Legitimate interests: to secure, maintain and improve the service.
• Legal obligation: to meet accounting and compliance duties.
• Consent: where required, for example optional communications.

• Supabase: database, authentication and storage hosting.
• Vercel: application hosting and delivery.
• Stripe: payment processing and billing.
• Resend: transactional and notification email.
• Anthropic: the AI model provider, configured for zero data retention.

We do not use your commercial data to train AI models, and our AI provider is configured for zero retention. Requests are processed to produce structured output and are stored in your organisation only. The AI cites its sources and abstains rather than guessing; it does not make automated decisions that produce legal or similarly significant effects about individuals, and you review its output before relying on it.

Every organisation's records are isolated by database-enforced row level security, files sit under tenant-prefixed storage, and data is encrypted in transit with TLS and at rest with AES-256. Integration credentials are encrypted again at the application layer. Access is role-based and administrative actions are recorded in an audit log. Your primary data and file storage reside in the United Kingdom region of our infrastructure providers. Our security page sets these practices out in full.

We keep personal data for as long as your account is active and for a reasonable period afterwards to meet legal and accounting needs. When you ask us to delete your account we aim to remove your account data within a short, bounded window of the request, except for records we are required to keep, such as invoices and accounting data, which we retain only for as long as the law requires and then delete. You can request export or deletion at any time.

You have the right to access, correct, erase, restrict and port your personal data, and to object to certain processing. To exercise these rights contact hello@kabaido.com.

If you are in the European Union or the wider European Economic Area, the EU GDPR also applies to your personal data. The United Kingdom holds a renewed EU adequacy decision that runs to December 2031, so personal data moves freely between the EEA and the United Kingdom. You can exercise the same access, correction, erasure, restriction, portability and objection rights set out above, and you may also complain to your local supervisory authority.

Where the California Consumer Privacy Act, the CPRA or a comparable United States state law applies to you, we honour the rights those laws give you, including to access, correct and delete your personal data and to opt out. We do not sell or share personal data, and our website runs no advertising trackers. To exercise a right contact hello@kabaido.com.

Your primary data resides in the United Kingdom. The renewed EU adequacy decision covers transfers between the EEA and the United Kingdom to December 2031. Where personal data is transferred to a provider outside the United Kingdom, including our US-based sub-processors, we rely on Standard Contractual Clauses with the UK Addendum, or an adequacy decision where one applies.

If you have a concern you can contact us first. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling its helpline.