policy

Privacy Policy

August 15, 20253 min read

Last updated: August 15, 2025

Kiorons ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our software and AI-powered services, including kOne (the "Service"). Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.

1. Information We Collect

We collect information to provide better services to all our users, including:

  • Account Information: your name, work email, company name, job title, and authentication identifiers.
  • Billing Information: payment details, billing address, and tax identification numbers (processed through our payment processors).
  • Product Usage and Device Data: IP address, device and browser information, timestamps, feature interactions, crash reports, and other technical data.
  • Support Data: customer support communications (messages, tickets, attachments, recordings where applicable).
  • AI Interaction Data:
    • Prompts and Inputs: text, files, URLs, parameters submitted to AI features.
    • Outputs: generated responses, summaries, transformed content, and related metadata.
    • Embeddings/Vectors: numerical representations derived from inputs and outputs used for search and personalization.
    • Logs and Telemetry: model routing data, safety flags, latency information, and token counts.
    • Feedback: ratings, corrections, and user comments on AI output quality.
  • Cookies and Tracking Technologies: essential cookies, preferences, analytics, and advertising cookies (where applicable).

2. How We Use Your Information

We use your information to operate, provide, and improve the Service:

  • To provide, maintain, and personalize the Service, including AI-powered features.
  • To process and manage your account and billing.
  • To conduct analytics and improve system performance and usability.
  • To ensure security, prevent fraud, and enforce our policies.
  • To communicate service updates, security notices, and marketing communications (where consented).
  • To comply with legal obligations and respond to lawful requests.

3. AI Data Handling and Training

  • Training and Improvement:
    • By default, we do not use your content (prompts, files, outputs) to train our foundational AI models.
    • You may opt-in to allow use of de-identified data samples for quality and safety improvements.
    • Opt-out options are available at any time via your admin console or by contacting us.
  • Retention: By default, AI-related data such as prompts, outputs, and logs are retained for [30/60/90] days (choose appropriate), and embeddings for [90/180] days. Enterprise customers may have configurable retention policies.
  • Third-Party Models: In some cases, your data may be processed by trusted third-party AI providers acting as subprocessors under strict contractual obligations with data protection safeguards, including encryption and international transfer mechanisms (e.g., SCCs).
  • Sensitive Data: Please avoid submitting sensitive personal data (such as health data, biometric data, government IDs) through AI features unless you have a signed Data Processing Agreement and documented instructions.

4. Sharing Your Information

We do not sell your personal data.

We share your data only in the following situations:

  • With your consent or at your direction.
  • With trusted service providers under contract to assist in providing the Service (e.g., hosting, analytics, payment processors, AI infrastructure providers).
  • To comply with legal obligations, enforce policies, or protect rights and safety.

Our current list of subprocessors is available at [Insert Subprocessor URL], and we provide notifications of material changes.

5. International Data Transfers

Your data may be transferred and processed in countries outside your own. When this happens, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or other approved mechanisms, to protect your personal information.

Enterprise customers may request data residency options where available.

6. Data Retention

  • Account and billing information is kept for the duration of your subscription and as required by law.
  • Technical logs and security data are retained for typically 90 days unless longer retention is necessary for investigation or compliance.
  • AI prompts, outputs, and related data are retained for [30/60/90] days as noted above.
  • Embeddings and vectors are retained per configured retention settings or deleted upon request or contract termination.
  • De-identified data may be kept longer for aggregate analytics and safety monitoring.

7. Your Data Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Access, correction, deletion, restriction of processing, data portability, and the right to object to certain types of processing.
  • California residents also have rights under the CCPA/CPRA, including rights to know, delete, and opt out of “sale/sharing” of personal information (note: we do not sell personal data).
  • EU and UK residents may lodge complaints with their supervisory authority.
  • Indian residents may contact our Grievance Officer (details below) for complaints and redressal.

To exercise your rights, please submit a request at [Insert Data Subject Access Request contact or form]. We will verify your identity before processing such requests.

8. Security Measures

We implement appropriate technical and organizational measures to safeguard personal data against unauthorized access, loss, or damage, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access control, multi-factor authentication for administrative access.
  • Environment segmentation and security monitoring.
  • Regular vulnerability assessments and prompt patching.
  • Incident response and breach notification procedures.

Please refer to our Security & Trust Policy ([Insert URL]) for more information, including vulnerability disclosure.

9. Children’s Privacy

Our Service is not intended for children under the age of 16, and we do not knowingly collect or process personal data from children.

10. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated by email or in-product notification.
The “Last updated” date above indicates when this Policy was last revised.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact:

Privacy Team: [privacy@kiorons.com]
Postal Address: 445, Jabalpur, 482002 Madhya Pradesh