Privacy Policy

The data controller is Kairo Studio (the company). For any privacy question or to exercise any of the rights described in this document, contact legal@kairostudio.app.

Kairo Studio has not appointed a Data Protection Officer because the scale and nature of the processing do not require it under Article 37 of the UK GDPR.

We collect only the personal data needed to operate the service:

• Account data: name, email address, hashed password, optional company name, and account timestamps. Collected when you create an account.
• Order data: service purchased, amount, payment method (cryptocurrency or invoice), payment status, and timestamps. Collected when you place an order.
• Communication data: contents of messages you send through the contact form or by email, including the email address you wrote from.
• Technical data: IP address, browser user agent, and cookie identifiers (see the Cookie Policy for details).

We do not collect special category data (data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning sexual orientation).

Each processing activity is supported by a lawful basis under Article 6 of the UK GDPR / EU GDPR:

• Performance of a contract: creating and managing your account, processing orders, delivering services, issuing invoices, and providing client support.
• Legitimate interests: responding to enquiries submitted via the contact form, securing the site against abuse, and basic record-keeping. Our interest is balanced against your rights and freedoms.
• Consent: loading optional analytics scripts (Google Analytics 4 and Microsoft Clarity) only after you accept analytics cookies in our consent banner. You can withdraw consent at any time.
• Legal obligation: retaining financial records to comply with applicable accounting and tax law.

Account data is retained for the lifetime of the account. If you delete your account, identifying data is erased within thirty days, except where retention is required by law.

Financial and order records are retained for six years from the end of the relevant accounting period to comply with UK company and tax record-keeping obligations.

Messages submitted through the contact form are retained for twenty-four months unless they form part of an active engagement, in which case they follow the engagement record retention period.

Analytics data (Google Analytics 4) is retained for fourteen months. Microsoft Clarity session data is retained according to the platform default and is described in the Cookie Policy.

We share personal data only with the processors listed below, each under a written processing agreement:

• NOWPayments OU - cryptocurrency payment processor. Receives order references and amounts. Does not receive your name or email unless you provide them at checkout.
• Resend, Inc. - transactional email delivery (account confirmations, password reset, invoice delivery, contact form notifications). Receives your name, email, and message body.
• Cloudflare, Inc. - bot protection and CAPTCHA via Cloudflare Turnstile on forms. Receives IP address and challenge tokens.
• Google Ireland Limited / Google LLC - audience analytics via Google Analytics 4. Loaded only after analytics consent.
• Microsoft Corporation - product behaviour analytics via Microsoft Clarity. Loaded only after analytics consent.
• Vercel Inc. - hosting and content delivery network. Processes request metadata (IP, headers) for delivery and security.

We do not sell personal data and we do not share it with third parties for their independent marketing.

Some of our processors are located outside the United Kingdom and the European Economic Area. Where personal data is transferred outside the UK or EEA, we rely on the European Commission Standard Contractual Clauses and the UK International Data Transfer Addendum, supplemented by additional safeguards where appropriate. A copy of the relevant transfer mechanism is available on request from legal@kairostudio.app.

Under the UK GDPR and EU GDPR you have the right to:

• access your personal data;
• request correction of inaccurate or incomplete data;
• request erasure where the legal grounds for processing no longer apply;
• request restriction of processing in defined circumstances;
• receive your data in a portable, machine-readable format;
• object to processing based on legitimate interests;
• withdraw consent at any time where processing is based on consent.

To exercise any of the rights above, write to legal@kairostudio.app with sufficient information to identify your account. We respond within thirty calendar days of receiving a valid request. We may extend this period by a further two months where the request is complex; we will tell you within the initial month if we need to do so.

If you believe your data has been processed in a way that breaches data protection law, you can lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority, at https://ico.org.uk/. EU residents may also lodge a complaint with their national supervisory authority.

We may update this Privacy Policy from time to time to reflect changes in the service, in our processors, or in applicable law. Material changes will be notified by an in-product notice or by email to active account holders. The date at the top of this page reflects the latest revision.