Privacy Policy

Introduction

At Kitoro ("we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered marketing, sales, and support platform.

Data Controller: Mira Learning Lab GmbH, Kirchgasse 3, 8560 Märstetten, Switzerland (UID: CHE-153.288.596)

Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our services as agreed in our Terms of Service
• Legitimate Interest: To improve our services, prevent fraud, and ensure security
• Consent: For optional features like marketing communications
• Legal Obligation: To comply with applicable laws and regulations

Information We Collect

Account Information

When you create an account, we collect:

• Your name and email address
• Company/business information you provide
• Profile and preference settings

Payment Information

Processed securely by our payment provider (Stripe):

• Payment method details
• Billing address
• Transaction history

Content and Data

To provide our AI services, we collect and process:

Documents and Knowledge:

• Notion pages and databases you connect
• Google Drive, Dropbox, or OneDrive files you share
• Website content you ask us to analyze

Calendar and Email:

• Calendar events from Google Calendar or via Nylas
• Email threads for context and meeting preparation
• Meeting recordings and transcripts (when you enable the notetaker feature)

Social Media:

• Connected social media accounts (LinkedIn, X, Instagram, Facebook, TikTok, YouTube)
• Published posts and engagement data
• Comments and interactions

Messaging:

• WhatsApp and Telegram conversations (via Unipile integration)
• LinkedIn and Instagram direct messages
• Approval commands and responses

Voice and Recordings:

• Voice recordings if you use AI interview features
• Transcripts with word-level timing data

Usage Data

We automatically collect:

• Log data (IP address, browser type, pages visited)
• Device information and identifiers
• Performance metrics and error reports
• Feature usage patterns

How We Use Your Information

We use your information to:

• Provide and operate our AI-powered services
• Generate personalized content based on your business voice and strategy
• Learn your preferences to improve content quality over time
• Schedule and publish content to your connected platforms
• Process payments and manage your subscription
• Send important service updates and notifications
• Provide customer support
• Detect and prevent fraud or abuse
• Comply with legal obligations

AI and Your Data

Your data never trains our general AI models. We use your data exclusively to provide personalized services to you. Your content, voice patterns, business information, and knowledge base are used to customize your Kitoro experience through:

• Semantic search and content recommendations
• Personalized writing style adaptation
• Meeting preparation and briefings
• Lead qualification and responses

We use the following AI services to process your data:

• Google Gemini (content generation and analysis)
• OpenAI (semantic embeddings for search)

These services process your data under strict data processing agreements and do not use your data for training their models.

Third-Party Service Providers

We share data with the following categories of service providers:

Infrastructure and Hosting

• Supabase (database and authentication) - EU data region

Social Media Publishing

• Getlate/Late - Multi-platform publishing to LinkedIn, X, Instagram, Facebook, TikTok, YouTube

Messaging and Communication

• Unipile - WhatsApp, Telegram, and social DM integrations
• Nylas - Email and calendar integration

Payment Processing

• Stripe - Subscription and payment handling (PCI DSS compliant)

AI and Content Services

• Google Cloud (Gemini) - AI content generation
• OpenAI - Semantic embeddings
• ElevenLabs - AI voice for interviews
• Pexels - Stock media search
• FAL - AI image generation
• Shotstack - Video rendering

Information Services

• Jina AI - Website content extraction
• Brave Search - Content discovery

Cloud Storage Providers (when you connect)

• Google (Google Drive, Calendar)
• Microsoft (OneDrive)
• Dropbox
• Notion

International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA) and Switzerland, including in the United States. When we transfer your data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all sub-processors
• Adequacy decisions where applicable

You can request a copy of the relevant safeguards by contacting us.

Data Retention

We retain your data according to the following schedule:

• Active account data: For the duration of your account
• Content and posts: Until you delete them or close your account
• Payment records: 10 years (legal requirement)
• Usage logs: 90 days
• Backups: 30 days after deletion from primary systems

Upon account deletion, we will delete your personal data within 30 days, except where we are required by law to retain it.

Your Rights

Under GDPR and Swiss data protection law (nDSG), you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a portable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time for consent-based processing
• Automated Decisions: Not be subject to solely automated decisions with legal effects

To exercise these rights, contact us at privacy@kitoro.com. We will respond within 30 days.

Automated Decision-Making

Kitoro uses AI to:

• Generate content suggestions (always subject to your approval)
• Qualify and prioritize leads
• Suggest optimal posting times
• Draft responses to messages

You always have the ability to review, edit, or reject AI-generated content before it is published or sent. No automated decisions with legal or similarly significant effects are made without human oversight.

Data Security

We implement enterprise-grade security measures including:

• TLS encryption for all data in transit
• AES-256 encryption for data at rest
• Multi-factor authentication options
• Regular security audits and penetration testing
• Access controls and audit logging
• Secure OAuth 2.0 flows for all integrations
• Webhook signature verification (HMAC-SHA256)

Cookies and Tracking

We use:

• Essential cookies: For authentication and security
• Functional cookies: To remember your preferences
• Analytics cookies: To understand service usage (can be disabled)

You can manage cookie preferences in your browser settings. Disabling essential cookies may affect service functionality.

Children's Privacy

Kitoro is not intended for users under 16 years of age. We do not knowingly collect information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Email to your registered address
• Prominent notice in the application
• At least 30 days before changes take effect for material changes

Supervisory Authorities

You have the right to lodge a complaint with a supervisory authority:

Switzerland: Federal Data Protection and Information Commissioner (FDPIC) Feldeggweg 1, CH-3003 Bern https://www.edoeb.admin.ch

European Union: Your local data protection authority, or the authority in the country where you believe the infringement occurred.

Contact Us

General Inquiries: Email: hello@kitoro.com

Data Protection Officer: Email: privacy@kitoro.com

Postal Address: Mira Learning Lab GmbH Kirchgasse 3 8560 Märstetten Switzerland

Last updated: January 2026