Privacy Policy
Your privacy is important to us. We respect your privacy regarding any information we may collect from you across our website.
At Kroolo, we collect and manage user data according to the following Privacy Policy, with the goal of incorporating our company values: transparency, accessibility, sanity, usability. This document is part of Kroolo's Terms of Service, and by using Kroolo.com (the “Website”), you agree to the terms of this Privacy Policy and the Terms of Service. Please read the Terms of Service in their entirety, and refer to those for definitions and contacts.
Data Collected
Kroolo collects and receives information from our services and website. Such information is classified as Personal Data and Non-Personal Information as defined below.
Personal Data
Personal Data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Types of personal data that we collect:
- When you sign up and create a Kroolo account, we collect a variety of information, including your name and email address.
- When you update your profile picture on your profile page. You are able to view, change, and remove your data associated with your profile.
- When you pay for the subscription services, we collect your billing details to process the payment.
Non-Personal Information
Kroolo also collects or receives Non-Personal information or Other information, required to deliver our services.
Services metadata. When user interacts with the Services, metadata is generated that provides additional context about the way you use the Services. For example, Kroolo creates the Workspaces, projects, goals, documents, channels, and other contents, that you use to interact with Kroolo.
Log data. Kroolo automatically collect information when you access or use our Website or Services and record it in logs. This log data may include your Internet Protocol (IP) address, the address of the web page you visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, and your language preferences.
Device information. Kroolo collects information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this Other Information often depends on the type of device used and its settings.
Location information. We receive information from you that helps us approximate your location. Kroolo may, for example, use IP address received from your browser or device to determine approximate location to assist with localization or for security purposes.
Cookies information: We ask you to log in and provide certain personal information (such as your name and email address) in order to be able to save your profile and the documents and comments associated with it. In order to enable these or any other login-based features, we use cookies to store session information for your convenience. You can block or delete cookies and still be able to use Kroolo, although if you do you will then be asked for your username and password every time you log in to the Website.
Minors and children should not use Kroolo. By using the Website, you represent that you have the legal capacity to enter into a binding agreement.
Collection and Use of Personal Information
We collect user information using user authenticated consent from Google, if user chooses to Sign-up through Google. Manual sign-up requires user to provide personal information, such as, name and email address, which is collected and stored securely within our infrastructure hosted on AWS.
Personal information is data that can be used to uniquely identify or contact a specific individual.
You may be asked to provide your personal information anytime you are in contact with us (like when you fill out our contact form or sign up for a newsletter). You are not required to provide the information we requested, but if you choose not to do so, in many cases this means we will not be able to provide you with our products or services or respond to your inquiries.
Types of personal data that we collect:
- When you visit our website, connect to our services, contact us, use our software, create a Kroolo account, or subscribe to your newsletter, we collect a variety of information, including your email address, device information, IP address, and a record of your communication.
- When using Kroolo to update your tasks, documents, comments, chat messages, we collect the content you provided, as well as additional information such as access logs and device identifiers.
- When using our software, we collect additional information such as crash reports, information about the operating system, application version, user language, and whether or not you're logged in to Kroolo.
How we use your personal information
- We collect and process all your personal data in accordance with the relevant data protection regulations, including the General Data Protection Regulation (GDPR).
- The personal information we collect allows us to keep you up to date on our latest product announcements, software updates, and services. You may at any time opt out of receiving such communications by contacting us. In particular, we only send you our newsletter with your prior consent, and you can opt out of receiving the newsletter anytime by clicking the unsubscribe link we include in each newsletter, or by contacting us.
- We also use the personal information we collect to help us create, develop, deliver, protect, and improve our products, services, content, and customer communications.
- We may use your personal information to send important notices, such as communications about changes to our terms, conditions, and policies. As this information is important to your interaction with Kroolo, you may not opt out of receiving these communications.
- We may also use personal information for internal purposes such as auditing, data analysis, and research to improve our products, services, and customer communications.
- With respect to any documents and files you may choose to upload to Kroolo, we take the privacy and confidentiality of such documents and files seriously. We encrypt all documents and files. If you choose to make a document public, we recommend you redact any and all references to people and addresses, as we can't protect public data and we are not responsible for any violation of privacy law you may be liable for.
- We employ industry standard techniques to protect against unauthorized access of data about you that we store, including personal information.
- We do not share personal information you have provided to us without your consent, unless:
- doing so is appropriate to carry out your own request;
- we believe it's needed to enforce our Terms of Service, or that is legally required;
- we believe it's needed to detect, prevent or address fraud, security or technical issues;
- otherwise protect our property, legal rights, or that of others.
Purpose of processing
We use your personal data to:
- Provide and manage access to our website and services
- Respond to inquiries or support requests
- Personalize your experience on our website
- Send marketing and promotional materials (if you have opted in)
- Analyze usage and improve our website and offerings
- Process AI-powered features
- Comply with legal and regulatory obligations
Legal Basis for Processing Personal Data
We process your personal data based on the following legal grounds:
- Consent (Article 6(1)(a)): When you have given clear consent for us to process your personal data for a specific purpose.
- Contractual Necessity (Article 6(1)(b)): When processing is necessary for the performance of a contract with you.
- Legal Obligation (Article 6(1)(c)): When processing is necessary for compliance with a legal obligation.
- Legitimate Interests (Article 6(1)(f)): When processing is necessary for our legitimate interests, provided these are not overridden by your rights and interests.
Collection and Use of Non-Personal Information
We collect user information using:
1. User authenticated consent from Google, if user chooses to Sign-up through Google. Manual sign-up requires user to provide personal information, such as, name and email address, which is collected and stored securely within our infrastructure hosted on AWS;
2. User authenticated content from Slack, if the user chooses to connect through Slack. This ensures that Kroolo collects enough information from Slack to validate that user’s authentication profile with Slack, so that user shall be able to push notifications from Website to specific Slack channel.
Non-personal information is data that cannot, on its own, be used to uniquely identify a specific user. We may collect, use, transfer, and disclose non-personal information for any purpose. We may combine personal and non-personal information for certain purposes; this data will then be treated as personal information for as long as it remains combined.
Conversely, aggregated information, i.e. data that might have originated from personal information, but that has been processed in such a way as to not allow personal identification, is treated as non-personal information.
AI Usage
Kroolo uses artificial intelligence (AI) to enhance your experience, including features such as:
- Smart suggestions and task automation
- Content summarization and generation
- Predictive insights and recommendations
Data processed by AI may include content you provide, such as tasks, notes, or goals. AI outputs are generated automatically, and while we strive for accuracy, you should verify critical outputs.
We do not use AI for profiling or automated decision-making that produces legal or significant effects without your explicit consent.
Cookies and Other Technologies
Our website, services, apps, email communications and advertisements may use “cookies” and other technologies such as “pixel tags” and “click-through URLs”.
We use the information we collect in this manner to better understand our users’ interaction with our website and to optimize the user experience. You can disable cookies in your browser settings, but please note that certain features on our website may not be available as a result.
In our email communications, we may use other technologies like “pixel tags” and “click-through URLs” in order to determine if an email has been opened and which links have been clicked. We use this information to help us determine interest in particular topics and improve the effectiveness of our communications, and to reduce or eliminate messages sent to customers. Pixel tags are small images shown inside an HTML email; you can disable tracking by disabling HTML in your email client. A link with a click-through URL, when clicked, first sends the user to a web server which records the click, and then to the link’s destination. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages.
As you access our services, we gather some information automatically on our servers and store it in log files. This information includes your browser type, version, and language, your operating system, the referring and exit websites, IP address, a date/time stamp of the request, and the requested resource (file name and URL). We use this information in anonymized form for statistical analysis, to administer our site, and to improve our product and services, without directly associating this data with individual users.
Kroolo is operated from the United States. If you are visiting the Website from outside the U.S., you agree to any processing of any personal information you provide us according to this policy.
Kroolo may contact you, by email or other means. For example, Kroolo may send you promotional emails relating to Kroolo or other third parties Kroolo feels you would be interested in, or communicate with you about your use of the Kroolo website. Kroolo may also use technology to alert us via a confirmation email when you open an email from us. You can modify your email notification preferences by clicking the appropriate link included in the footer of email notifications. If you do not want to receive email from Kroolo, please opt out of receiving emails at the bottom of any Kroolo emails or by editing your profile preferences.
Sharing of Data
We don’t share personal information with anyone outside of Kroolo, except for the few exceptions below.
We work together with other third-parties who provide information processing services, to provide aforesaid mentioned services to Kroolo’s users. We share personal or non-personal information with these third-parties if you have agreed to the transfer, or if it is permitted by data protection law.
The information we share is limited to the data necessary for the third parties to provide their services.
We use these third-parties for the following services:
Sign up with Google, Microsoft, and Apple– we use these services for user authentication and onboarding, as chosen by the user.
Notifications – we use Slack as our integration partner, to send user-initiated notifications (example task status change, project completion and others). After Slack authentication is completed, notification rule is managed by the user;
Payment and Billing processing - we use Stripe to process the Subscription payment on our behalf, and for that, basic customer information like name, email and billing information is shared.
Help desk support - we use intercom to provide the support services for our customers, and for that, email and user generate query is shared for proper review and response;
Authentication service - We use AWS Cognito and PropelAuth for authentication via OAuth. As part of this, user information such as name, email, and login credentials are shared.
Analysing website traffic - we use Google Analytics, and for that cookies and session information is shared;
Email services - we use AWS SES (for transactional emails) and HubSpot (for promotional emails), and for that, email is shared. Email preference is managed by the User.
AI Models - we use Large Language Model ('LLM') as a prompt, to process user initiated prompts to generate the response, and for that, we share the prompt and prompt contex from our Website. We don't share any other user information to AI models or third-part LLM services.
We do not collect or store any personal user data when users interact with our services powered by ChatGPT, Anthropic, DeepSeek, Gemini, and Llama. We value your privacy and aim to provide a secure and anonymous platform for your interactions.
We only ask for user input prompts to generate documents based on those inputs. These prompts (data inputs) are sent to the respective AI models, and the generated content is returned and inserted accordingly. Once the data is generated, we offer options such as Regenerate, Make Shorter, Make Longer, and Summarize for user adjustments. Our app does not use or share any Google API data with third-party AI models.
It’s important to note that our use of these AI tools does not involve the collection, storage, or sharing of any personal user data. Conversations with these AI models are processed in real-time and are not logged or stored on our servers.
We comply with all applicable data protection laws and regulations to ensure that your privacy rights are protected.
These third parties are obligated to protect your information in accordance with data protection law and provide the necessary safeguards if they are outside of the EU. The companies are bound by our instructions and are not allowed to use the shared data for any other purpose.
We also share personal information if disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process or enforceable governmental request; to enforce applicable Terms of Service, including investigation of potential violations thereof; to detect, prevent, or otherwise address fraud or security issues; and to protect against harm to the rights, property, or safety of Kroolo, its users, or the public as required or permitted by law.
If Kroolo is involved in a reorganization, merger, or sale, the information we collect may be transferred as part of that transaction.
We also use social buttons provided by services like X (formerly 'Twitter'), LinkedIn, Instagram, YouTube, and Facebook. Your use of these third-party services is entirely optional. We are not responsible for the privacy policies and/or practices of these third-party services, and you are responsible for reading and understanding those third-party services’ privacy policies.
We may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur and that any acquirer of us or our assets may continue to use your personal information as set forth in this policy.
Requesting Deletion of Personal Data
If you wish to have your personal data deleted from our records, please contact us at help@kroolo.com. We will process your request within a reasonable timeframe, subject to any applicable legal obligations or legitimate business interests.
Please note that certain data may be exempt from deletion if it is necessary to fulfill our legal obligations, protect our rights, or resolve disputes. Additionally, deletion of certain data may result in the inability to provide you with certain products or services.
Protection of Personal Information
We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorized access to systems where we store personal data.
Inside Kroolo, we restrict access to personal information to only those employees who need to know that information in order to deploy and maintain our services. These individuals are bound by confidentiality agreements and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
Whenever you connect to our service, we use encryption such as Transport Layer Security (TLS) for all information that is being transmitted. However, no method of transmitting or storing data is 100% secure, so we cannot guarantee the security of information you transmit to us.
Some parts of our website, such as our blog or forums, may allow you to post personal information, such as your name or email address. This information is publicly accessible and can be read, collected, and processed by anyone. So please take care when using these features.
International Data Transfers
As we operate internationally, your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission, to protect your data.
Limits of Use of Your Google Information
Kroolo relies on certain Google services, including the Google API, where we allow you to connect your Google account using OAuth authentication, a secure method to give Kroolo access to your Google account data without letting it know your password. We would like to clarify that, despite any statements to the contrary in our Privacy Policy, if you give Kroolo permission to access your Google account data, we will only use this data according to the following restrictions:
Our usage of access to read, write, modify, or control settings will be limited to only retrieving and providing information for the specific features that you grant and use on Kroolo.
We will not transfer your data to anyone else unless it is necessary to improve the features of our application provided to you, comply with applicable law, or participate in a merger, acquisition, or sale of assets.
We will never use or distribute your data for the purpose of serving advertising, including retargeting, personalized, or interest-based advertising.
We will not allow humans to access your data unless one of the following conditions is met: we have your explicit permission to access specific messages, we need to investigate a security issue, we are required by law, or the data has been aggregated and anonymized for our own internal operations purposes.
Kroolo's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Data Subject Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right to Access: You can request access to your personal data.
- Right to Rectification: You can request correction of inaccurate or incomplete data.
- Right to Erasure: You can request deletion of your data, subject to legal obligations.
- Right to Restrict Processing: You can request restriction of processing under certain conditions.
- Right to Data Portability: You can request transfer of your data to another service provider.
- Right to Object: You can object to processing based on legitimate interests.
- Right to Withdraw Consent: You can withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise these rights, please contact us at privacy@kroolo.com.
There are, however, cases where we are not allowed to delete your data in its entirety as a result of legal retention periods. We may also decline requests if they risk the privacy of others, would be extremely impractical, or for which access is not required by law.
Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, accounting, or reporting requirements. Upon expiration of the retention period, we securely delete or anonymize your data.
Children
We do not knowingly collect personal information from children under 13 years, or equivalent minimum age in the relevant jurisdiction, unless their parent provided verifiable consent. If we learn that we have collected personal information from a child under 16, or equivalent minimum age in the relevant jurisdiction, without consent of their parent, we will take steps to delete this information as soon as possible. Parents or guardians can contact us at privacy@kroolo.com.
Third-Party Sites and Services
Kroolo’s website or any of our services may contain links to third-party websites or services. We are not responsible for the information collected by those third parties and we encourage you to read their privacy policy before submitting any personal information to them.
When using the Services in conjunction with third party sites and services, such as logging in with credentials from a third party service, exporting User Content to third party services, or integrating the Services with third party services, we may obtain information from those sources. For instance, if you log in with a third party service like Google, we may obtain your name, email address, access tokens, and other account-related data. When sharing or exporting User Content from the Services with third party services, we may obtain data like user names, IP addresses, device identifiers, profile information, contacts, and email addresses. Additionally, when integrating the Services with third party services, we may obtain similar information. It's possible that we could receive any other data that a third party site or service decides to share with us, or that you permit them to share with us. The information we obtain could be dependent on your privacy settings with the site or service, but we don't control those settings or guarantee their effectiveness. It's always recommended to review and customize your privacy settings with sites and services before using them with the Services.
We engage third-party service providers to assist with behavioral and AI-driven data analysis to improve our services and enhance user experience. These third-party providers may analyze personal data, including browsing patterns, preferences, and interactions, through automated tools, machine learning, and other artificial intelligence techniques.
Use of Third-Party APIs
Use of Integrated AI Models (LLMs) – Data Disclosure Statement
As part of the Kroolo product experience, we offer features powered by integrated Large Language Models (LLMs), including third-party AI providers, to enhance functionality and user interaction. Please be aware that if you choose to input personal data or personally identifiable information (PII) into these AI-powered features, such data may be processed by third-party LLM providers in accordance with their respective privacy policies.
We strongly recommend that you avoid entering any sensitive or personally identifiable information unless necessary for the service, and understand that such data may be transmitted to and processed by third-party service providers for the purpose of generating responses.
By using these features, you acknowledge and consent to this potential transfer and processing of data. Kroolo is committed to safeguarding your privacy and continues to implement measures to limit unnecessary data sharing and enhance data security.
Kroolo integrates with third-party APIs to expand platform capabilities (e.g., calendar, communication tools, cloud storage). When you connect a service:
- Only necessary data is accessed based on your permissions
- We do not access or store more than is needed for functionality
- APIs are governed by their respective privacy policies
Complaints
If you have concerns about our data practices, you have the right to lodge a complaint with your local data protection authority.
Changes to the Privacy Policy
We may amend this Privacy Policy from time to time. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make major changes in the way we collect or use information, we will notify you by posting an announcement on the Website or sending you an email. A user is bound by any changes to the Privacy Policy when he or she uses the Services after such changes have been first posted.
Should you have any question or concern, please write to privacy@kroolo.com.