Legal & PoliciesPrivacy Policy
Privacy

Privacy Policy

What personal data Kira collects, the legal bases on which we process it, how we use, share, and protect it, how long we keep it, and the rights you can exercise.

Effective June 1, 2026Last updated June 2026

1. Introduction

This Privacy Policy explains how Kira AI, Inc. ("Kira", "we", "us", or "our"), acting as data controller, collects, uses, discloses, and safeguards personal data when you use Kira, our websites, and related services (the "Services"). It applies to visitors, account holders, and the authorized users of our business customers.

We have drafted this policy to align with the EU and UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA, and other applicable data-protection laws. Capitalized terms not defined here have the meaning given in our Terms of Service.

2. Personal data we collect

We collect the following categories of personal data, depending on how you interact with the Services:

  • Identity and account data: name, email address, password, profile details, and organization or team membership.
  • Content you provide: the emails, documents, notes, tasks, calendar events, prompts, and call or meeting transcripts you submit to or generate within Kira.
  • Usage and device data: log data, IP address, browser and device type, features used, timestamps, and approximate location derived from IP address.
  • Integration data: information from third-party services you connect (such as email, calendar, and messaging platforms), limited to the scope you authorize.
  • Transaction and billing data: plan, billing contact, and payment status. Card details are handled by our payment processor; we do not store full card numbers.
  • Communications: messages you send to support, survey responses, and your contact preferences.

3. How we use personal data

  • To provide, operate, secure, and improve the Services and their features.
  • To run the agents, automations, and integrations you configure.
  • To personalize your experience and remember your settings.
  • To communicate with you about your account, security, transactions, and changes to the Services.
  • To provide customer support and respond to your requests.
  • To detect, investigate, and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations and enforce our agreements.

5. AI models and your content

We do not train on your content by default

We do not use the content you create in Kira to train our AI models unless you explicitly opt in. Content belonging to business customers is never used for model training.

To generate responses, your inputs are processed by us and by model providers acting as our sub-processors under contract. These providers are prohibited from using your content to train their own models except as you have authorized.

6. How we disclose personal data

We do not sell your personal data, and we do not share it for cross-context behavioral advertising. We disclose personal data only in the following circumstances:

  • Service providers and sub-processors who host, support, and help operate the Services under data-protection contracts. Our current sub-processors are listed on our Security & Compliance page.
  • Integrations you choose to connect, limited to what is necessary to provide them.
  • Professional advisors, auditors, and authorities where required to comply with law, respond to lawful requests, or protect rights, safety, and security.
  • Acquirers or successors in connection with a merger, acquisition, financing, or sale of assets, subject to this policy.
  • Other parties with your consent or at your direction.

7. Cookies and similar technologies

We use cookies and similar technologies for authentication, preferences, security, and analytics. You can manage your choices as described in our Cookie Policy, and we honor recognized opt-out signals such as Global Privacy Control where required by law.

8. Data retention

We retain personal data for as long as your account is active and as needed to provide the Services. When you delete content or close your account, we delete or de-identify the associated personal data within a commercially reasonable period (generally within 90 days), except where longer retention is required for legal, tax, accounting, security, or dispute-resolution purposes.

9. Your rights and choices

Subject to applicable law, you may have the right to:

  • Access the personal data we hold about you and obtain a copy.
  • Correct inaccurate or incomplete personal data.
  • Delete your personal data (the "right to be forgotten").
  • Receive your data in a portable, machine-readable format and transmit it to another provider.
  • Object to or restrict certain processing, including direct marketing.
  • Withdraw consent where processing is based on consent.
  • Opt out of the sale or sharing of personal information (we do not sell or share for advertising) and limit the use of sensitive personal information.

You can exercise many of these rights in your account settings, or by contacting privacy@kira.ai. We will verify your request and respond within the timeframes required by law (for example, one month under the GDPR and 45 days under the CCPA). We will not treat you differently for exercising your rights, and you may appeal a decision by replying to our response. You also have the right to lodge a complaint with your local supervisory authority, or in the UK with the Information Commissioner's Office.

10. International data transfers

We may process and store personal data in the United States and other countries. Where we transfer personal data out of the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum, or an adequacy decision where one applies. You may request a copy of the relevant safeguards by contacting us.

11. Security

We maintain technical and organizational measures designed to protect personal data, including encryption in transit (TLS 1.2 or higher) and at rest (AES-256), access controls, logging, and continuous monitoring. See our Security & Compliance page for details. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

12. Children’s privacy

The Services are not directed to children, and we do not knowingly collect personal data from anyone under 18 (or the age of majority in your jurisdiction). If you believe a child has provided us personal data, contact us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version, revise the "Last updated" date, and, for material changes, provide additional notice as required by law. Your continued use of the Services after an update takes effect constitutes acceptance of the revised policy.

14. How to contact us

If you have questions or wish to exercise your rights, contact our privacy team at privacy@kira.ai or our Data Protection Officer at dpo@kira.ai. You can also write to us at 2261 Market Street, Suite 4000, San Francisco, CA 94114, USA. For EU or UK matters, you may also contact your local data-protection authority.

15. References and regulatory frameworks

This policy is informed by the following laws, regulations, and official resources:

Frequently asked questions

Quick answers to common questions.

No, not by default. We only use your content for model training if you explicitly opt in, and we never use business customer content for training.

No. We do not sell personal data or share it for cross-context behavioral advertising. We disclose it only to service providers, integrations you authorize, and where legally required.

You can export and delete data from your account settings, or contact our privacy team. We respond within the timeframes set by applicable law.

It depends on where you live. EU/EEA and UK users are covered by the GDPR; California residents are covered by the CCPA/CPRA. We honor the rights granted under applicable law.