Privacy Policy

Controller and Contact

For personal information processed through Kepo accounts, product usage, subscriptions, support, and the public website, Kepo is the controller unless another party is expressly identified as the controller for a specific service.

For privacy questions or requests, contact us at support@kepo.ai . We will update this Policy if we appoint a dedicated data protection officer, EU representative, UK representative, or a formal legal entity contact address.

1. Information We Collect

We may collect the following categories of information:

• Account information, such as your name, email address, login method, account settings, and authentication status.
• Billing information, such as subscription status, plan, purchase history, invoices, tax-related details, and payment status. Payment card details are handled by our payment processor and are not intentionally stored by Kepo.
• Product usage information, such as pages visited, features used, plugin and widget settings, device information, app version, error logs, request metadata, and diagnostic information.
• AI, browser, and widget content, such as prompts, instructions, generated widget configuration, plugin metadata, URLs you ask Kepo to process, page content available in the Kepo built-in browser, and other materials you submit to the service.
• Communications, such as messages you send to support, feedback, survey responses, and related correspondence.
• Cookies and similar technologies, which may help us keep you signed in, remember preferences, measure website performance, and understand how visitors use our public pages.

2. How We Use Information

We use information to:

• provide, operate, maintain, and improve Kepo;
• create, run, update, and troubleshoot widgets, plugins, and AI-assisted workflows;
• authenticate users, protect accounts, prevent abuse, and secure the service;
• process subscriptions, payments, renewals, cancellations, invoices, and support requests;
• communicate with you about product updates, service notices, billing, and support;
• measure product performance, diagnose errors, and understand usage trends;
• comply with legal obligations and enforce our terms and policies.

3. Legal Bases for EEA and UK Users

If the EU GDPR, UK GDPR, or similar laws apply to your personal information, we rely on the following legal bases:

• Contract, when we need information to provide Kepo, create and manage your account, deliver paid features, process subscriptions, and respond to support requests.
• Legitimate interests, when we improve the product, prevent abuse, secure the service, diagnose errors, understand aggregate usage, and communicate about service-related updates, provided those interests are not overridden by your rights and interests.
• Consent, when we ask you to agree to optional processing, such as certain cookies, analytics, marketing communications, or optional integrations. You can withdraw consent where processing is based on consent.
• Legal obligations, when we need to keep records, respond to lawful requests, comply with tax, accounting, payment, fraud-prevention, consumer protection, or other legal duties.

4. AI Features and Model Providers

When you use AI-assisted features, the prompts, instructions, URLs, widget context, and generated output needed for the request may be processed by AI model providers, infrastructure providers, or other service providers that help us deliver the feature.

You should not submit confidential, sensitive, regulated, or highly personal information unless the specific feature is designed for that information and you understand the associated risk.

5. Built-in Browser and Local Website Sessions

Kepo may provide a built-in browser and local plugin runtime that can access websites, logged-in pages, feeds, APIs, or services at your direction. This is separate from your personal external browser profile. If you sign in to a third-party website inside Kepo's built-in browser, the resulting session information may be stored locally in the Kepo application environment so Kepo can run the widget or workflow you requested.

Kepo is designed so many website access, extraction, monitoring, and widget tasks can be performed locally on your device. We do not intentionally collect your third-party website passwords or full built-in-browser session cookies on Kepo servers merely because you sign in to a site inside the Kepo application.

However, information from pages opened or processed inside Kepo may leave your device when needed for features you choose to use, such as AI generation or summarization, cloud sync, account services, plugin publishing, diagnostics, error reporting, security checks, billing, or support requests. The information sent may include URLs, page text, selected content, widget configuration, prompts, generated output, screenshots, logs, or other materials needed to perform the requested feature.

6. Plugins and Third-Party Services

Kepo may let you install, build, publish, or run plugins and widgets that connect to third-party websites, feeds, APIs, or services. Those third parties may collect or process information according to their own privacy policies.

We do not control third-party services and are not responsible for their privacy, security, data retention, or account practices.

Plugins may process information that is available inside Kepo, including logged-in page content or session-derived data, when needed to perform the task you request. You should only install or run plugins you trust, especially when using Kepo with sensitive accounts.

7. How We Share Information

We may share information with:

• Service providers that help us operate Kepo, including hosting, database, analytics, authentication, payment, support, email, security, and AI infrastructure providers.
• Payment processors, banks, card networks, and tax or fraud-prevention providers as needed to process payments and prevent abuse.
• Third-party services you choose to connect, when needed to perform the action you request.
• Legal, safety, or compliance recipients when we believe disclosure is required by law, necessary to protect rights or safety, or needed to enforce our terms.
• A successor organization if Kepo is involved in a merger, acquisition, financing, reorganization, or sale of assets.

We do not sell your personal information in the ordinary sense of exchanging it for money.

8. Cookies, Local Storage, and Analytics

Kepo may use cookies, local storage, built-in-browser storage, pixels, analytics scripts, or similar technologies to keep the service working, remember preferences, protect sessions, measure traffic, and improve public pages. Browser settings or Kepo settings may allow you to block, delete, or reset some stored data, but some features may not work properly without it.

For visitors in the EEA or UK, non-essential analytics or similar technologies should be used only with consent where required by applicable law. Essential technologies needed for login, security, billing, and service operation may be used without optional consent.

9. Data Retention

We keep information for as long as needed to provide the service, maintain accounts, process payments, support users, comply with legal obligations, resolve disputes, prevent abuse, and enforce agreements. Retention periods may vary based on the type of information and the reason it is stored.

10. Security

We use reasonable technical and organizational measures designed to protect information. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

11. Your Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, export, or restrict certain uses of your personal information. You may also have the right to object to certain processing or withdraw consent where processing is based on consent.

If you are in the EEA or UK, these rights may include the right to request access, rectification, erasure, restriction, portability, objection to processing based on legitimate interests, and withdrawal of consent. You may also have the right to complain to your local data protection authority.

You can make a privacy request by contacting us at support@kepo.ai . We may need to verify your identity before completing a request.

12. International Transfers

Kepo may be operated from, and service providers may process information in, countries other than where you live. Those countries may have data protection laws that differ from the laws in your location.

If personal information is transferred from the EEA, UK, or Switzerland to a country that has not been recognized as providing an adequate level of protection, we will use an appropriate transfer mechanism where required, such as standard contractual clauses, approved addenda, adequacy decisions, or another lawful transfer mechanism.

13. Children

Kepo is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to Kepo, contact us so we can review and take appropriate action.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and may provide additional notice where appropriate.

15. Contact

If you have questions about this Privacy Policy or want to make a privacy request, contact us at support@kepo.ai .