Privacy Policy

Last updated: March 24, 2026

1. What We Collect

Kilo collects the following data to provide our service:

• Account data — email address, organization name, and configuration preferences when you sign up
• Conversation data — chat messages between your website visitors and the Kilo AI agent, including visitor-provided information (name, email, company, role)
• Visitor metadata — IP address (hashed for privacy), landing page URL, browser locale, and session timing
• Site content — pages you choose to index for RAG (documentation, product pages) to train your agent
• Enrichment data — company information resolved from visitor IP addresses via third-party enrichment services (when enabled)

2. How We Use Your Data

• To power AI conversations on your website
• To qualify and score visitors using your chosen sales framework
• To send qualification briefs to your Slack or email
• To improve the accuracy of AI responses via your indexed content
• To identify visitor companies via IP enrichment (when enabled)

3. Data Storage & Security

All data is stored in Supabase (PostgreSQL) with row-level security. Conversation data is isolated per organization — no cross-tenant access is possible. IP addresses are hashed using SHA-256 before storage; raw IPs are never persisted.

4. Third-Party Services

• Anthropic (Claude) — powers AI conversations. Conversation content is sent to Anthropic's API for processing. See Anthropic's Privacy Policy.
• OpenAI — generates text embeddings for RAG search. Document content is sent for embedding. See OpenAI's Privacy Policy.
• Supabase — database and authentication. See Supabase's Privacy Policy.
• IP enrichment providers — when enabled, visitor IP addresses are sent to resolve company information.

5. Visitor Data & Consent

Kilo processes visitor data on behalf of our customers (you). You are the data controller; Kilo is the data processor. You are responsible for informing your website visitors about the use of Kilo via your own privacy policy or cookie banner.

Visitors can choose not to engage with the chat widget. No data is collected until a visitor initiates a conversation.

6. Data Retention

Conversation data is retained for the duration of your subscription. Upon account deletion, all associated data (conversations, messages, sites, indexed documents) is permanently deleted within 30 days.

7. Your Rights

You can export or delete your data at any time from the Account settings. To request complete data deletion, contact us at hello@kilo-sales.com.

8. Cookies

The Kilo platform uses session cookies for authentication. The embeddable widget uses localStorage to store a visitor ID (UUID) for session continuity — no tracking cookies are used.

9. Changes

We may update this policy from time to time. Material changes will be communicated via email to account holders.

10. Contact

For privacy questions, contact hello@kilo-sales.com.