Kairo

Privacy Policy

Effective date: April 14, 2026 · Last updated: April 14, 2026

Kairo (“we,” “us,” or “our”) operates the kairo.ai website and related services (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Service.

By accessing or using the Service you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

  • Account information: email address and display name when you sign up via passwordless email (magic link) through Firebase Authentication.
  • Career content:resumes, work experience, education, skills, LinkedIn profile data, portfolio content, and job descriptions you upload or enter to use Kairo's AI tools.
  • Communications: messages you send to our support channels.

1.2 Information Collected Automatically

  • Usage data: pages visited, features used, timestamps, referring URL, and interactions with the Service.
  • Device & browser data: IP address, browser type and version, operating system, device identifiers, and screen resolution.
  • Cookies & similar technologies: we use strictly-necessary cookies for authentication and session management. We may use analytics cookies (see Section 5).

1.3 Information from Third Parties

  • Firebase / Google: authentication tokens and user-identity metadata provided by Google Firebase.
  • AI providers: we send career content you provide to third-party large-language-model providers (e.g., Anthropic) to generate results. These providers process the data under their own privacy policies and data-processing agreements.

2. How We Use Your Information

We use your information to:

  • Provide, operate, and improve the Service.
  • Generate AI-powered career materials (resumes, cover letters, LinkedIn copy, portfolios) based on the content you supply.
  • Authenticate your identity and maintain your account.
  • Send transactional emails (e.g., magic-link sign-in).
  • Respond to support requests and communicate Service-related updates.
  • Detect, prevent, and address fraud, abuse, and security incidents.
  • Comply with legal obligations and enforce our Terms of Service.

3. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area or United Kingdom, we process your personal data on the following legal bases under the GDPR:

  • Performance of a contract:processing necessary to provide the Service you signed up for (Art. 6(1)(b)).
  • Legitimate interests:analytics, security, and improving the Service, where these interests are not overridden by your rights (Art. 6(1)(f)).
  • Consent:where required (e.g., optional analytics cookies) (Art. 6(1)(a)). You may withdraw consent at any time.
  • Legal obligation:where processing is required by applicable law (Art. 6(1)(c)).

4. How We Share Your Information

We do not sell your personal information. We share data only as follows:

  • AI model providers: career content you input is sent to AI providers (e.g., Anthropic) to generate outputs. We only send the minimum data necessary for the requested task.
  • Infrastructure providers: hosting (Vercel), database (Firebase/Google Cloud), email delivery, and monitoring services that process data on our behalf under data-processing agreements.
  • Legal & safety: if required by law, regulation, legal process, or government request, or to protect the rights, safety, or property of Kairo, our users, or the public.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.

5. Cookies & Tracking

We use the following categories of cookies:

  • Strictly necessary: authentication session tokens (Firebase). These cannot be disabled.
  • Analytics (optional): we may use privacy-friendly analytics to understand aggregate usage patterns. These cookies are only set with your consent where required by law.

You can manage cookie preferences through your browser settings. Note that disabling strictly-necessary cookies may prevent you from using the Service.

6. Data Retention

  • Account data: retained for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, unless retention is required by law.
  • Career content: stored while your account exists so you can access and re-export your materials. Deleted upon account deletion.
  • AI provider logs: we do not control retention by third-party AI providers. Refer to their respective privacy policies for details.
  • Server logs: retained for up to 90 days for security and debugging purposes, then automatically deleted.

7. Your Rights

Depending on your jurisdiction, you may have some or all of the following rights:

7.1 All Users

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated data.
  • Export your data in a portable format.

7.2 EEA/UK Residents (GDPR)

  • Right to restriction of processing.
  • Right to object to processing based on legitimate interests.
  • Right to withdraw consent at any time.
  • Right to data portability.
  • Right to lodge a complaint with your local data protection authority.

7.3 California Residents (CCPA/CPRA)

  • Right to know what personal information is collected, used, and shared.
  • Right to delete personal information.
  • Right to opt out of the sale or sharing of personal information. We do not sell or share personal information as defined by the CCPA/CPRA.
  • Right to non-discrimination for exercising your rights.

To exercise any of these rights, contact us at privacy@kairo.ai. We will respond within the timeframes required by applicable law (typically 30 days).

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. Where required, we rely on Standard Contractual Clauses (SCCs), adequacy decisions, or other lawful transfer mechanisms to ensure appropriate safeguards are in place.

9. Security

We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. However, no system is completely secure, and we cannot guarantee absolute security.

10. Children's Privacy

The Service is not directed to children under 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@kairo.ai.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. For significant changes, we may also send you an email notification. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: