1. What we read
KairoDesk reads only what's needed to do the job you asked for. Specifically:
- Email metadata and bodies from accounts you connect, scoped to the date range needed for each feature (last 90 days for Drift Detector, last 24h for Morning Clarity).
- Calendar events you've granted access to.
- Documents you upload to Obligation Radar.
- Stripe invoices and payments if you connect Stripe.
We do not read:
- Email accounts you haven't connected
- Anything in a Privacy Zone you've designated
- Documents you haven't uploaded
- Your contacts' inboxes (we only see what you see)
2. What we store
We store the minimum needed to provide the service:
- OAuth tokens for connected accounts — encrypted at rest with AES-256
- Generated content (drafts, briefs, summaries) — to populate your Action Ledger
- Inferred metadata (commitments, contact dossiers, action history)
- Account info (email, name, timezone, plan)
We do not store:
- Raw email bodies after a feature is processed (we keep extracts only when necessary, e.g., a quoted commitment in Drift Detector)
- Document originals after Obligation Radar runs (we keep the structured output, not the source PDF, unless you opt in)
- Payment card numbers (handled by Stripe; we never see them)
3. What we never do
- We never use your data to train AI models. Not Anthropic's models, not anyone's. This is contractual with our model provider, not just a preference.
- We never sell your data. Ever. To anyone. Period.
- We never share with advertisers. KairoDesk has no ad business.
- We never read Privacy Zones you've designated. Filtering happens before any data reaches the AI — it's not a "we promise" pledge, it's a code-level guarantee.
4. Privacy Zones
Privacy Zones let you designate spaces the AI never enters:
- By sender — e.g., your therapist, your lawyer, your spouse
- By Gmail label — e.g.,
Personal,HR,Legal - By time window — e.g., evenings and weekends ("Focus Hour" mode)
- By folder (coming V2)
Emails matching a Privacy Zone are filtered before they're sent to the AI. The AI literally cannot see them. If a private email seems related to something important, KairoDesk asks before pulling it in — never silently.
5. Action Ledger
Every action KairoDesk takes — every draft, every summary, every reminder — is logged in your Action Ledger with:
- The exact source data referenced
- The model used and the cost
- The validation state (accepted, modified, refused)
- A plain-English summary of what happened
You can audit, filter, and export your Action Ledger at any time. This is the "shows its work" part of our promise — and it's not a marketing claim, it's the database.
6. Compliance
GDPR
Full data subject rights (access, rectification, deletion, portability). DPA available on request.
CCPA / CPRA
California residents can request access, deletion, and opt out of sale (we don't sell data).
SOC 2 Type II
In progress, target completion Q3 2026.
HIPAA
KairoDesk is not HIPAA-eligible. Do not use it for protected health information.
We notify users 30 days before adding a new subprocessor (see the list below).
7. Subprocessors
| Vendor | Purpose | Data location |
|---|---|---|
| Anthropic | LLM inference | US |
| Supabase (Postgres + Storage) | Database, auth, file storage | US-East |
| Vercel | Application hosting | US |
| Stripe | Payment processing | US |
| Resend | Transactional email | US |
| Sentry | Error monitoring (PII scrubbed) | US |
| PostHog | Product analytics (no PII) | US |
| Cloudflare | DNS / DDoS protection | Global edge |
8. Reach us
Questions about data handling, security, or compliance:
We respond within 2 business days.
This page is the marketing summary. Binding terms live in the Terms of Service and DPA — link out from the footer once published.