Last updated July 29, 2024

Thank you for choosing to be part of our community at KenesAI Labs Inc., doing business as KenesAI Labs, Inc. ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application, KenesAI (the "App"). By accessing or using the App, you agree to this Privacy Policy.

When you visit our website at https://kenes.ai and use our services, you trust us with your personal information, and we take your privacy very seriously. This privacy policy aims to clearly explain the information we collect, how we use it, and your rights regarding it. We encourage you to read this policy thoroughly, as it is important. If you do not agree with any terms in this privacy policy, please stop using our websites and services.

This privacy policy applies to all information collected through our websites (such as https://kenes.ai) and any related services, sales, marketing, or events (collectively referred to as the "Services" in this policy). Reading this privacy policy carefully will help you make informed decisions about sharing your personal information with us.

TABLE OF CONTENTS

1. WHAT TYPES OF PERSONAL AND BUSINESS INFORMATION DO WE COLLECT?

2. HOW DO WE COLLECT YOUR DATA?

3. HOW DO WE UTILIZE YOUR DATA?

4. DO WE SHARE YOUR DATA WITH OTHERS?

5. WHO HAS ACCESS TO YOUR DATA?

6. WHAT NON-PERSONAL DATA DO WE COLLECT?

7. DO WE USE COOKIES OR OTHER TRACKING TECHNOLOGIES?

8. HOW LONG DO WE RETAIN YOUR DATA?

9. HOW DO WE SECURE YOUR DATA?

10. DO WE COLLECT DATA FROM MINORS?

11. WHAT ARE YOUR RIGHTS REGARDING YOUR DATA?

12. HOW CAN YOU MANAGE YOUR DATA?

13. WHAT HAPPENS IN THE EVENT OF A DATA BREACH?

14. HOW DO WE HANDLE DO-NOT-TRACK REQUESTS?

15. DO CALIFORNIA RESIDENTS HAVE SPECIAL PRIVACY RIGHTS?

16. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR DATA?

17. HOW DO WE UPDATE THIS POLICY?

18. HOW CAN YOU CONTACT US WITH QUESTIONS?

1. WHAT TYPES OF PERSONAL AND BUSINESS INFORMATION DO WE COLLECT?

Shortly: We collect personal information that you provide to us through your use of our services.

We collect personal information that you voluntarily provide to us when registering at the Services expressing an interest in obtaining information about us or our products and services, when participating in activities on the Services or otherwise contacting us.

The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make and the products and features you use. The personal information we collect can include the following:

• Publicly Available Personal Information. We collect first name, last name, and full name; business email; and other similar data.

• Personal Information Provided by You. We collect data collected from surveys; app usage; and other similar data.

• Personal Information obtained through technology integrations. We collect data from partner integrations (like Shopify, Klaviyo, Square, Quickbooks and etc) in order to enhance your use of our products and services.

• Log Files. We also may collect certain information by automated means when you use our Services, including your internet protocol (“IP”) address; information about your web browser software and version; if you arrived at the Services through a link from a third-party website, the uniform resource locator (“URL”) of the linking page; your mobile device identifier and other information about devices you use to access the Services; and information about your activity while using the Services, such as which pages you choose to view, queries you make using our “search” function, and other information about your account usage.

The personal information we may collect includes:

• Contact information, such as your name, mailing address, email address, and telephone number;

• Unique identifiers such as username and password;

• Preferences information such as product and brand feedback and marketing preferences;

• Certain other information you may provide to us in your communications or in connection with other products or services;

• Сlick data, and other potentially sensitive, identifiable customer data.

All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.

2. HOW DO WE COLLECT YOUR DATA?

Shortly: We collect data through app integrations, registration details, and tracking technologies.

We use integrations with various apps, such as Klaviyo, Shopify, Square, and others, to collect data that you have authorized us to access. This includes business-related information such as sales, transactions, and marketing metrics. Additionally, when you register with our service, we collect personal information provided during the registration process. We also utilize an event tracking system and cookies to gather data on your interactions with our services, helping us improve user experience and provide tailored insights.

3. HOW DO WE UTILIZE YOUR DATA?

Shortly: We use your data based on legitimate business interests, fulfilling our contract with you, complying with legal obligations, and/or obtaining your consent.

We process the data collected through our services for various business purposes as outlined below. The specific grounds for processing your data are indicated next to each purpose:

• To facilitate account creation and login processes: If you link your account with third-party platforms such as Google or Shopify, we use the data you allow us to access from these platforms to streamline the account creation and login processes, as part of our contract with you.

• To provide business insights and analysis: We analyze your data to offer insights into your business, such as customer segmentation, ideal customer profiling (ICP), predictive modeling on revenue growth, marketing analysis, and sales channel analysis. This helps you make informed decisions and understand your business from different perspectives.

• To communicate administrative information: We use your data to send you important updates about our services, new features, or changes to our terms, conditions, and policies.

• To deliver the requested services: We use your data to provide the services you have requested, ensuring they are customized to your business needs.

• To respond to inquiries and provide support: We may use your data to respond to your questions and resolve any issues you may encounter with our services.

• To send newsletters and promotional materials: With your consent, we may use your data to send newsletters, exclusive offers, promotions, and updates about our products and services.

• To gather feedback: We may use the data you provide to collect feedback on our products and services, helping us improve our offerings.

• Other uses of information: We may use your data for internal business purposes, such as improving the quality of our services, conducting business analyses, and ensuring compliance with our legal obligations. Additionally, we may use your data as otherwise described at the time of collection or with your consent.

4. WILL YOUR PERSONAL INFORMATION BE SHARED WITH ANYONE?

Shortly: We do not share your data with third parties unless necessary for enhancing your experience with our Services and integrated services.

We only share and disclose your personal information when it's essential for improving user experience. Below, we categorize the instances where your data may be shared:

• Integrated Services: Our Services rely on integrating with third-party applications to send and receive data. This integration allows us to provide you with accurate reporting and insights and enables you to use data on other platforms, such as Klaviyo, for their tools.

• Service Providers: We may share your personal information with service providers who perform functions on our behalf, such as hosting websites, managing databases, conducting analyses, sending communications, providing live chat services, or supporting other components of our services.

• Analytics and Advertising: We may allow third-party analytics tools, such as Google Analytics, to collect information to help us understand how our Services are used. This data collection may also involve tools like Facebook Audience Network and Google AdSense. For more information on how Google collects and uses data, you can visit Google Analytics.

• Legal Process: We may disclose your personal information in response to legal requests, such as subpoenas, court orders, or other legal processes, and to comply with requests from law enforcement or government agencies.

• Protecting Our Services and Users: If we believe that disclosure is necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity or violation of our Terms and Conditions, we may disclose your personal information.

• Other Circumstances: We may disclose your personal information in other situations described to you at the time of collection or with your consent.

Please note that we do not sell personally identifiable information to third parties. If we process your data based on your consent and you wish to withdraw it, please contact us.

5. WHO HAS ACCESS TO YOUR DATA?

Shortly: Access to your data is limited to authorized personnel within our company, ensuring that only those who need it for legitimate business purposes can access it.

Access to your data is strictly controlled and limited to specific individuals within our organization who need it to perform their duties. This includes:

• Authorized Personnel: This group includes employees and contractors who are responsible for processing and analyzing data to provide our services, such as data analysts, customer support staff, and technical teams. These individuals have access only to the data necessary to perform their specific roles.

• Senior Management and Compliance Officers: Senior management may have access to data for oversight and strategic decision-making, while compliance officers ensure that data handling adheres to legal and regulatory requirements.

• System Administrators: System administrators may have access to data as part of their role in maintaining and securing our systems and databases.

Who Does Not Have Access to Your Data:

• Unauthorized Employees and Third Parties: Employees without a legitimate business need or explicit permission are not granted access to your data. Additionally, we do not share data with third parties outside of those necessary for providing our services, such as integrated service providers mentioned previously.

• External Consultants and Vendors (Without Explicit Consent): External consultants and vendors are not granted access to your data unless there is a specific, approved need, and strict confidentiality agreements are in place.

6. WHAT NON-PERSONAL DATA DO WE COLLECT?

Shortly: We collect non-personal data to improve our services and enhance user experience.

In addition to personal data, we collect non-personal data that cannot be used to identify you individually. This includes:

• Usage Data: Information about how you interact with our services, such as the features you use, the pages you visit, the time spent on our platform, and other related metrics. This data helps us understand user behavior and preferences, allowing us to improve the functionality and usability of our services.

• Technical Data: This includes information about the devices you use to access our services, such as device type, operating system, browser type, IP address, and device identifiers. Technical data helps us optimize our services for different devices and troubleshoot technical issues.

• Aggregated Data: We may compile aggregated data, which combines individual data points in a way that cannot be traced back to any specific user. For example, we might aggregate sales data to analyze trends across our user base.

• Event Data: Data collected through tracking technologies, such as cookies and web beacons, that track your actions on our website and within our app. This data helps us improve user experience by personalizing content and understanding how our services are used.

We use this non-personal data to enhance our services, develop new features, and provide a better overall experience for our users. This data is often analyzed in aggregate form to understand trends and patterns, ensuring that individual users cannot be identified from the data collected.

7. DO WE USE COOKIES OR OTHER TRACKING TECHNOLOGIES?

Shortly: We may use cookies and other tracking technologies to collect and store your information.

Like many companies, we and our third party partners, such as advertising partners, marketing partners, and service providers, use certain technologies such as cookies and similar technologies. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. You may be able to disable cookies by changing a setting in your web browser. Please note, however, that without cookies you may not be able to take full advantage of all the Services features.

8. HOW LONG DO WE KEEP YOUR INFORMATION?

Shortly: We retain your data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

In compliance with GDPR and other applicable data protection regulations, we retain personal data for no longer than is necessary to achieve the purposes for which it was collected or as required by law. The specific retention periods depend on the type of data and the purpose for which it is processed:

• Personal Data: We retain personal data, such as contact information and account details, for as long as you have an active account with us or as long as needed to provide you with our services. Once your account is closed, we will delete or anonymize your personal data within a reasonable period, unless we are required to retain it for legal or regulatory reasons.

• Business Data: Business-related data collected from platforms like Shopify, Square, QuickBooks, Klaviyo, and Facebook Ads Manager is retained for the duration of your use of our services and for a limited period afterward to allow for data analysis and reporting. This period will not exceed the time necessary to fulfill the purposes of the data collection.

• Aggregated and Anonymized Data: Aggregated or anonymized data that does not identify individuals may be retained for longer periods for research and analysis purposes, as this data does not pose the same privacy risks as personal data.

• Legal Compliance and Disputes: In certain cases, we may retain your data for longer periods if necessary to comply with legal obligations, resolve disputes, or enforce our agreements. For example, data may be retained to comply with tax or accounting requirements or to respond to legal processes.

We regularly review our data retention policies to ensure compliance with GDPR and other applicable laws. When data is no longer required for its intended purpose or to meet legal obligations, we securely delete or anonymize it to prevent unauthorized access or use.

If you have any questions about our data retention practices or wish to request the deletion of your data, please contact us.

9. HOW DO WE KEEP YOUR INFORMATION SAFE?

Shortly: We implement comprehensive security measures to protect your data from unauthorized access, use, and disclosure.

In accordance with GDPR regulations and industry best practices, we employ a range of technical and organizational measures to ensure the security of your data. Our commitment to data security encompasses the following practices:

• Encryption: We use encryption technologies to protect your data both in transit and at rest. This means that data is encrypted when it is transmitted over the internet and stored securely in our databases, ensuring that it cannot be accessed or read without proper authorization.

• Access Controls: We implement strict access controls to ensure that only authorized personnel can access your data. This includes role-based access management, which restricts data access based on an individual's job responsibilities and the principle of least privilege, minimizing the number of people who have access to sensitive data.

• Regular Security Audits and Testing: We conduct regular security audits, vulnerability assessments, and penetration testing to identify and address potential security risks. This helps us stay ahead of emerging threats and ensure that our systems remain secure.

• Secure Development Practices: Our development processes include security considerations at every stage, from design to deployment. We follow secure coding practices, conduct code reviews, and implement security testing to prevent vulnerabilities in our applications.

• Third-Party Security: When we work with third-party service providers, we ensure they adhere to the same high standards of data security. This includes reviewing their security practices and entering into data processing agreements that require them to protect your data in accordance with GDPR.

• Employee Training and Awareness: We provide regular training and updates to our employees on data protection and security best practices. This helps ensure that everyone in our organization understands the importance of data security and their role in maintaining it.

We are committed to continuously improving our data security practices to protect your data from unauthorized access, disclosure, alteration, or destruction. If you have any questions or concerns about how we secure your data, please contact us.

10. DO WE COLLECT INFORMATION FROM MINORS?

Shortly: We do not knowingly collect data from or market to children under 13 years of age.

We do not knowingly solicit data from or market to children under 13 years of age. By using the Services, you represent that you are at least 13 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 13 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 13, please contact us at info@kenes.ai

11. WHAT ARE YOUR RIGHTS REGARDING YOUR DATA?

Shortly: You have several rights under GDPR that allow you to control and protect your personal data.

We are committed to respecting your rights regarding your personal data, in compliance with GDPR and other applicable data protection laws. These rights include:

1. Right to Access: You have the right to request access to the personal data we hold about you. This includes information about how your data is being used and why, as well as the data itself.

2. Right to Rectification: If you believe that any personal data we have about you is inaccurate or incomplete, you have the right to request correction or completion of your data.

3. Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes it was collected, or if you withdraw your consent and there are no other legal grounds for processing.

4. Right to Restrict Processing: You can request that we restrict the processing of your personal data in certain situations, such as if you contest the accuracy of the data or object to its processing.

5. Right to Data Portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format. You may also request that we transfer your data to another data controller where technically feasible.

6. Right to Object: You can object to the processing of your personal data if you believe it is being processed in a manner that is not compatible with the purposes for which it was collected, or if you object to processing based on legitimate interests or direct marketing.

7. Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

8. Right to Lodge a Complaint: If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

9. Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights regarding your personal data.

To exercise any of these rights, please contact us using the contact details provided in this policy. We will respond to your request in accordance with applicable laws and within the timeframe specified by GDPR. Please note that some rights may be subject to certain conditions or limitations under the law.

12. HOW CAN YOU MANAGE YOUR DATA?

Shortly: You have control over your data and can manage it through various options provided by our services.

We provide several ways for you to manage your data and ensure it is accurate and up-to-date. Here are some of the options available:

1. Account Settings: You can update your personal information, such as your name, email address, and contact details, by logging into your account and accessing the account settings section. This allows you to keep your information current and accurate.

2. Data Access Requests: If you wish to access the personal data we hold about you, you can submit a data access request. We will provide you with a copy of your data and details about how it is being used. To make a request, please contact us using the details provided in this policy.

3. Data Correction Requests: If you believe that any of your personal data is incorrect or incomplete, you can request corrections by contacting us. We will promptly update your information as requested, ensuring its accuracy.

4. Data Deletion Requests: You can request the deletion of your personal data in certain circumstances, such as if you no longer wish to use our services. To request data deletion, please contact us, and we will review your request in line with our data retention policies and legal obligations.

5. Opting Out of Marketing Communications: If you no longer wish to receive marketing communications from us, you can opt-out by following the unsubscribe instructions provided in our emails or by adjusting your preferences in your account settings. You can also contact us directly to update your marketing preferences.

6. Withdrawing Consent: If we are processing your data based on your consent, you have the right to withdraw that consent at any time. This can be done through your account settings or by contacting us directly. Please note that withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

7. Managing Cookies and Tracking Technologies: You can manage your preferences for cookies and other tracking technologies through your browser settings. Most browsers allow you to block or delete cookies, but please note that doing so may affect the functionality of our services.

8. Data Portability Requests: If you would like to receive a copy of your data in a structured, commonly used, and machine-readable format, or if you wish to transfer your data to another service provider, you can submit a data portability request.

To exercise any of these options or if you have any questions about managing your data, please contact us using the information provided in this policy. We are committed to helping you exercise your rights and manage your data in a way that is convenient for you.

13. WHAT HAPPENS IN THE EVENT OF A DATA BREACH?

Shortly: We have a comprehensive plan to respond to data breaches promptly and effectively, ensuring minimal impact and compliance with legal obligations.

In the unfortunate event of a data breach, we are committed to taking immediate and appropriate action to mitigate the impact and protect your personal information. Our response plan includes the following steps:

1. Detection and Investigation: Upon detecting a potential data breach, our security team will immediately investigate the incident to determine the scope, cause, and impact. This involves identifying the affected data and understanding how the breach occurred.

2. Containment and Mitigation: Once the breach is confirmed, we will take steps to contain and mitigate the incident. This may involve shutting down affected systems, revoking access credentials, or applying security patches to prevent further unauthorized access.

3. Assessment of Risk: We will assess the risk associated with the data breach, including the potential impact on affected individuals and the likelihood of harm. This assessment helps us determine the appropriate course of action and communication strategy.

4. Notification to Affected Individuals: If the breach poses a significant risk to the rights and freedoms of individuals, we will notify the affected individuals without undue delay. This notification will include details about the breach, the type of data involved, and recommended steps that individuals can take to protect themselves.

5. Notification to Regulatory Authorities: In compliance with GDPR and other applicable laws, we will notify the relevant data protection authorities of the breach within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.

6. Remediation and Prevention: Following the breach, we will take steps to remediate any vulnerabilities and prevent future incidents. This may involve implementing additional security measures, conducting security audits, and providing additional training to our staff.

7. Documentation and Reporting: We will document all aspects of the data breach, including the investigation process, actions taken, and lessons learned. This documentation helps us improve our security practices and ensures compliance with legal and regulatory requirements.

We take the security of your data very seriously and strive to prevent breaches through robust security measures. However, in the unlikely event of a breach, our priority is to act swiftly to protect your data and minimize any potential harm. If you have any questions or concerns about our data breach response plan, please contact us using the information provided in this policy.

14. HOW DO WE HANDLE DO-NOT-TRACK REQUESTS?

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy policy.

15. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

Shortly: Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from our systems.

16. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR DATA?

Shortly: We process your data based on legitimate business interests, contract performance, legal obligations, and/or your consent.

Under GDPR and other applicable data protection laws, we must have a valid legal basis to process your personal data. Depending on the specific situation, we rely on one or more of the following legal bases:

1. Consent: We may process your personal data if you have given us explicit consent to do so. For example, you may consent to receive marketing communications or allow us to access data from third-party platforms like Shopify or Klaviyo. You have the right to withdraw your consent at any time by contacting us.

2. Contract Performance: We process your personal data to fulfill our contractual obligations to you. This includes processing data necessary for account creation, providing our services, and communicating with you about your account or transactions. Without this data, we may not be able to provide you with the requested services.

3. Legitimate Interests: We may process your personal data based on our legitimate business interests, provided that these interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include improving our services, analyzing user behavior, conducting marketing activities, and preventing fraud. We ensure that our data processing activities are proportionate and respect your privacy rights.

4. Legal Obligations: In some cases, we may process your personal data to comply with legal or regulatory obligations. This includes data processing required for tax purposes, responding to legal requests, or maintaining records as required by law.

5. Vital Interests: Although rare, we may process your personal data to protect your vital interests or those of another person. This basis would typically apply in emergency situations where processing your data is necessary to protect someone's life or safety.

We are committed to being transparent about our data processing activities and ensuring that your data is processed lawfully and fairly. If you have any questions about the legal bases we rely on or how we use your data, please contact us using the information provided in this policy.

17. HOW DO WE UPDATE THIS POLICY?

Shortly: We update this policy as necessary to stay compliant with legal requirements and reflect changes in our practices.

We may update this privacy policy from time to time to reflect changes in our data practices, legal requirements, or the features and services we offer. When we make significant changes to this policy, we will take appropriate steps to inform you, consistent with the significance of the changes. 

We are committed to protecting your privacy and keeping you informed about how we use your data. If you have any questions or need further clarification, please do not hesitate to reach out to us using the contact information provided in this policy info@kenes.ai

18. HOW CAN YOU CONTACT US WITH QUESTIONS?

Shortly: You can reach out to us with any questions or concerns regarding your data or this policy.

General Information: We value your privacy and are here to address any questions or concerns you may have regarding your data or our privacy practices. If you need assistance, please don't hesitate to contact us using any of the following methods:

1. Email: You can email us at info@kenes.ai,  and we will respond to your inquiry as soon as possible.

2. Mail: If you prefer, you can also reach us by mail at the following address:
   KenesAI Labs, Inc.
   320 High Street
   Palo Alto, CA 94301, US

We are committed to providing you with clear and transparent information about how we handle your data. Whether you have questions about this privacy policy, wish to exercise your rights regarding your data, or need help with our services, we are here to assist you. Your feedback and concerns are important to us, and we strive to respond promptly and thoroughly to all inquiries.