Privacy Policy
Last Updated:
November 2025
What we gather
Account Data: Name, email, password, and billing information.
Usage Data: How you use Kilo including agents created, workflows built, and features used. Technical data like IP address, browser type, and device information.
Agent Data: Your agent configurations, prompts, workflows, and activity logs.
Integration Data: Information from connected third-party apps as authorized by you.
Communications: Messages when you contact support or communicate with us.
What we do with it
Provide and operate Kilo services
Process your workflows and enable agent functionality
Improve our platform and develop new features
Provide customer support
Send service updates and optional marketing (you can opt out)
Protect against fraud and security threats
Comply with legal obligations
We use aggregated, anonymized data to improve our AI models. This data cannot identify individual users.
Who sees your information
We don't sell your data. We only share information in these situations:
Service Providers: Trusted partners who help operate Kilo (hosting, payments, analytics). They're contractually bound to protect your data.
Integrated Apps: Data flows to third-party apps you connect according to permissions you grant.
Legal Requirements: When required by law or to prevent harm.
Business Transfers: If Kilo is acquired, your data may transfer to the new owner.
With Your Consent: When you explicitly authorize us to share.
Protection measures
We use industry-standard security including:
AES-256 encryption at rest and TLS in transit
Access controls and activity logging
SOC 2 Type II certified infrastructure
Regular security audits
DDoS protection and monitoring
You're responsible for account security. Use strong passwords and enable two-factor authentication.
No system is completely secure. If a breach affects you, we'll notify you promptly.
How long we keep data
Active accounts: Data retained while your account is active.
Closed accounts: Personal and agent data deleted within 30 days. Backups may persist for 90 days.
Legal requirements: Some data retained longer for compliance or fraud prevention.
Anonymized data: Aggregated data may be retained indefinitely for analytics.
Control your data
Access: View your information through account settings or request a complete copy.
Update: Change your account information anytime.
Delete: Close your account and permanently delete your data.
Export: Download your agent configurations and workflow data.
Opt-Out: Unsubscribe from marketing emails while still receiving essential notifications.
GDPR Rights (EU/EEA): Access, correct, delete, restrict processing, data portability, and lodge complaints.
CCPA Rights (California): Know what's collected, delete data, opt out of sales (we don't sell data).
How we use cookies
Essential Cookies: Required for login and core functionality.
Analytics Cookies: Help us understand usage patterns (Google Analytics).
Preference Cookies: Remember your settings.
You can manage cookies through browser settings. Disabling essential cookies may break functionality.
External integrations
Connected third-party apps have their own privacy policies. We're not responsible for their practices. Review their policies before connecting.
Links to external sites are not governed by this policy.
Data across borders
Your data may be stored or processed in countries other than where you reside. We use standard contractual clauses and ensure appropriate protections for international transfers.
Enterprise customers can request data residency options.
Age restrictions
Kilo is not for children under 18. We don't knowingly collect data from minors. If we discover we have, we'll delete it immediately.
Updates
We may update this policy with 30 days' notice for material changes. Continued use means you accept updated policies.
Check the "Last Updated" date at the top to see when this was last modified.
Privacy questions
Privacy team: hello@framley.pro
Data Protection Officer: hello@framley.pro
EU representative: hello@framley.pro
We respond within 48 hours for urgent matters, 5-7 days for general inquiries, and 30 days for access/deletion requests.
Our certifications
GDPR compliant (EU/EEA)
CCPA compliant (California)
SOC 2 Type II certified
ISO 27001 security controls