Pricing
    About UsCareersContactPartnersPressStatus
    Start FreeLog in

    Privacy Policy

    Last updated: January 30, 2025

    1. Introduction

    Klarvo ("Company," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our EU AI Act compliance platform and related services (the "Service").

    This policy applies to all users of the Service, including visitors to our website, registered users, and customers.

    2. Information We Collect

    2.1 Information You Provide

    We collect information that you voluntarily provide when using the Service, including:

    • Account Information: Name, email address, company name, job title, and password when you register.
    • Profile Information: Additional details you add to your profile.
    • Compliance Data: Information about your AI systems, vendors, policies, and evidence that you enter into the platform.
    • Communications: Messages you send to us for support or feedback.
    • Payment Information: Billing details and payment information (processed by our payment provider).

    2.2 Information Collected Automatically

    When you access the Service, we automatically collect:

    • Device Information: Device type, operating system, browser type, and unique device identifiers.
    • Usage Data: Pages visited, features used, time spent, and interaction patterns.
    • Log Data: IP address, access times, and referring URLs.
    • Cookies: As described in our Cookie Policy.

    3. How We Use Your Information

    We use the collected information for the following purposes:

    • Service Delivery: To provide, maintain, and improve the Service.
    • Account Management: To create and manage your account.
    • Communications: To send service-related notifications, updates, and support responses.
    • Analytics: To understand usage patterns and improve user experience.
    • Security: To detect, prevent, and address security threats.
    • Legal Compliance: To comply with applicable laws and regulations.
    • Marketing: With your consent, to send promotional communications.

    4. Legal Basis for Processing (GDPR)

    Under the General Data Protection Regulation (GDPR), we process personal data based on:

    • Contract Performance: Processing necessary to provide the Service you requested.
    • Legitimate Interests: Processing for our legitimate business interests, such as improving the Service.
    • Legal Obligation: Processing required by law.
    • Consent: Processing based on your explicit consent (e.g., marketing emails).

    5. Data Sharing and Disclosure

    We may share your information with:

    • Service Providers: Third-party vendors who help us operate the Service (hosting, analytics, payment processing).
    • Business Partners: With your consent, for joint offerings or integrations.
    • Legal Requirements: When required by law, court order, or government request.
    • Business Transfers: In connection with a merger, acquisition, or sale of assets.
    • Protection of Rights: To protect our rights, privacy, safety, or property.

    We do not sell your personal information to third parties.

    6. Data Retention

    We retain your personal data for as long as your account is active or as needed to provide the Service. We may retain certain information longer as required by law or for legitimate business purposes (e.g., audit trails, legal claims).

    Compliance data that you enter into the platform is retained according to your subscription terms and the regulatory requirements for EU AI Act compliance documentation.

    7. Your Rights (GDPR)

    If you are located in the European Economic Area, you have the following rights:

    • Access: Request a copy of your personal data.
    • Rectification: Request correction of inaccurate data.
    • Erasure: Request deletion of your data ("right to be forgotten").
    • Restriction: Request restriction of processing.
    • Data Portability: Receive your data in a structured, machine-readable format.
    • Objection: Object to processing based on legitimate interests.
    • Withdraw Consent: Withdraw consent at any time (where processing is based on consent).

    To exercise these rights, contact us at privacy@klarvo.com.

    8. International Data Transfers

    Your data may be transferred to and processed in countries outside your country of residence. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

    9. Data Security

    We implement appropriate technical and organizational measures to protect your personal data, including:

    • Encryption in transit (TLS) and at rest
    • Access controls and authentication
    • Regular security assessments
    • Employee training on data protection

    For more details on our security practices, see our Security page.

    10. Children's Privacy

    The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

    11. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use after such notification constitutes acceptance.

    12. Contact Us

    For questions about this Privacy Policy or to exercise your rights:

    • Email: privacy@klarvo.com
    • Data Protection Officer: dpo@klarvo.com
    • Address: [Company Address]

    You also have the right to lodge a complaint with your local data protection authority.