>Kog Legal

Privacy Policy

Kog.ai (“Kog,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you access or use our website, application, and related services (collectively, the “Services”).

If you do not agree with this Privacy Policy, do not use the Services.


1) Who we are (Controller)

Controller: Kog.ai

Address:

Email: gaël.delalleau@kog.ai

Data Protection Contact (if applicable): [DPO name / contact]

If you are in the European Economic Area (“EEA”), the UK, or Switzerland, we process your personal data in accordance with applicable data protection laws (including the GDPR/UK GDPR).


2) Information we collect

We may collect the following categories of information:


A. Information you provide

  • Account information (e.g., name, email address, password or authentication token)

  • Profile / organization information (e.g., company name, role)

  • Communications (e.g., support requests, feedback, messages)

  • Content you submit to the Services (e.g., prompts, files, text, and outputs), depending on how the product works


B. Information collected automatically

  • Device and usage data (e.g., IP address, browser type, OS, pages/screens viewed, timestamps, clickstream)

  • Log data (e.g., diagnostic data, error reports)

  • Approximate location inferred from IP address


C. Payment information

If you purchase a subscription, payments are processed by our payment provider (e.g., Stripe). We do not store full credit card details. We may receive limited information such as billing name, billing address, payment status, and the last four digits of a card.


D. Cookies and similar technologies

We use cookies and similar technologies to operate the Services, remember preferences, and understand usage. You can control cookies through your browser settings and, where available, our cookie banner/manager.


3) How we use information

We use information for the following purposes:

  • Provide and operate the Services (e.g., account creation, authentication, feature delivery)

  • Improve and maintain the Services (e.g., debugging, analytics, performance monitoring)

  • Personalize user experience (e.g., saving preferences)

  • Communicate with you (e.g., service updates, security notices, support)

  • Process payments and manage subscriptions

  • Security and fraud prevention (e.g., abuse detection, access control)

  • Legal compliance (e.g., responding to lawful requests, enforcing terms)


4) Legal bases (EEA/UK/Switzerland)

Where GDPR/UK GDPR applies, our legal bases include:

  • Contract: to provide the Services you request

  • Legitimate interests: to secure, improve, and market the Services (balanced with your rights)

  • Consent: for optional cookies/marketing where required

  • Legal obligation: to comply with laws and regulations


5) How we share information

We may share information in the following situations:


A. Service providers (processors)

We share information with vendors that help us run the Services, such as:

  • Hosting/infrastructure (e.g., [AWS/Vercel/Cloudflare])

  • Database/authentication (e.g., [Supabase])

  • Payments (e.g., Stripe)

  • Analytics (e.g., [Plausible/GA/Amplitude])

  • Support tools (e.g., [Intercom/Zendesk])

  • Email delivery (e.g., [Resend/SendGrid])

These providers are authorized to process data only as needed to perform services for us and must protect it.


B. Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction.


C. Legal and safety

We may disclose information if required by law, subpoena, court order, or if we believe disclosure is necessary to:

  • comply with legal obligations,

  • protect our rights and property,

  • prevent fraud or abuse,

  • protect users’ safety.


D. With your direction

We may share information when you ask us to (e.g., integrations you enable).


6) AI / model processing (if applicable)

Depending on the features you use, inputs you submit (e.g., prompts, files) and outputs generated may be processed by our systems and/or third-party model providers to provide the Services.

  • We do not use your content to train public models by default unless we clearly state it and obtain consent where required.

  • We may use limited data to improve reliability, prevent abuse, and ensure safety (e.g., rate limiting, misuse detection).

  • If you have an enterprise plan or additional contractual terms, those may describe different controls (e.g., data retention settings).

Important: Do not submit sensitive personal data (e.g., health data, government IDs) unless the Service explicitly supports it and you have a lawful basis to do so.


(If Kog.ai does not process user content for AI features, remove this section.)


7) Data retention

We keep personal data only as long as necessary to:

  • provide the Services,

  • comply with legal obligations,

  • resolve disputes,

  • enforce agreements.

Retention periods depend on the type of data (e.g., billing records may be kept longer to meet legal requirements).

You may request deletion of your account as described below.


8) Security

We use reasonable administrative, technical, and organizational measures to protect personal data (e.g., access controls, encryption in transit, secure hosting practices). However, no method of transmission or storage is 100% secure.


9) Your rights and choices

Depending on your location, you may have rights such as:

  • Access: request a copy of your personal data

  • Rectification: correct inaccurate data

  • Deletion: request deletion of your data

  • Restriction: limit processing

  • Objection: object to certain processing (including marketing)

  • Portability: receive data in a portable format

  • Withdraw consent: where processing is based on consent

To exercise rights, contact: [privacy@kog.ai].

You may also have the right to lodge a complaint with your local data protection authority.


10) Marketing communications

You can opt out of marketing emails at any time by using the unsubscribe link in the email or contacting us. Service-related messages (e.g., security or billing notices) may still be sent when necessary.


11) Cookies

We use:

  • Strictly necessary cookies to run the Services

  • Preference cookies to remember settings

  • Analytics cookies to understand usage (where enabled)

  • Marketing cookies (if used)

Where required, we will request your consent before placing non-essential cookies.


12) International data transfers

If you access the Services from outside the country where our servers are located, your information may be transferred and processed in other countries. Where required by law, we rely on appropriate safeguards (such as Standard Contractual Clauses) for international transfers.


13) Children’s privacy

The Services are not directed to children under 13 (or another age threshold required by local law). We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us to request deletion.


14) Third-party links and integrations

The Services may include links to third-party sites or integrations. Their privacy practices are governed by their own policies. We are not responsible for third-party privacy practices.


15) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice (e.g., on the website or by email). The “Last updated” date indicates when the policy was last revised.


16) Contact us

If you have questions or requests regarding privacy, contact:

Email: [privacy@kog.ai]

Address: [Company address]

Awarded the French Tech 2030 label (October 2025)

© 2026 Kog Labs. All rights reserved.

© 2026 Kog Labs. All rights reserved.

Privacy policy