Privacy policy

Operator. Kagliostro Cloud is operated by KAMALOKA AI TECHNOLOGIES LLC ("Kamaloka", "we", "us"). Registered in Delaware, United States. Contact: legal@kagliostro.io.

This policy explains what data we collect, how we use it, and your rights.

1. Data we collect

Account data: name, email, workspace, billing details. Usage data: scans run, findings, evidence, audit logs. Technical data: IP, user agent, device, language. We do not sell personal data, ever.

2. How we use it

To provide the Service, prevent abuse, comply with law, and improve the product. AI workloads are scoped to your workspace and never used to train third-party models.

3. Where data lives

Customer data is stored in your chosen region (EU or US), encrypted at rest with AES-256, and in transit with TLS 1.3. Access is restricted to a small set of on-call engineers and logged.

4. Subprocessors

We use AWS, Cloudflare, Stripe, Anthropic, and OpenAI as subprocessors. The full list is at /subprocessors and updated when it changes.

5. Retention

Scan data is retained for the lifetime of your subscription plus 30 days. You can purge any time from Settings → Data. Backups are deleted within 90 days.

6. Your rights (GDPR, CCPA, and similar)

You can access, correct, export, or delete your data at any time. Email privacy@kagliostro.io. Requests are honored within 30 days.

7. Children

The Service is not directed at children under 16. We do not knowingly collect data from them.

8. Changes

Material changes are notified 30 days in advance via email and in-app banner.