Privacy Policy

Klonis AI, Inc. ("Klonis AI," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our website at klonisai.com (the "Site"), use our software-as-a-service platform (the "Platform"), or interact with us through SMS text messages, email communications, voice calls, or any other means (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

1. Information We Collect

We collect information in the following ways:

1.1 Information You Provide Directly

• Account Information: Name, email address, phone number, company name, job title, and password when you create an account or request a demo.
• Billing Information: Payment card details, billing address, and transaction history processed through our secure third-party payment processor.
• Communication Data: Content of messages you send or receive through our Platform, including SMS text messages, emails, and voice call recordings or transcripts.
• Contact Lists: Customer and lead contact information you upload to the Platform, including names, phone numbers, email addresses, and associated metadata.
• Opt-In and Consent Records: Records of consent you or your contacts provide for receiving SMS messages, email communications, and voice calls, including the date, time, method, and content of the consent.
• Support Communications: Information provided when you contact our customer support team.

1.2 Information Collected Automatically

• Device and Usage Data: IP address, browser type, operating system, device identifiers, pages visited, time spent on pages, referring URLs, and clickstream data.
• Log Data: Server logs that record information about your use of the Services, including access times, features used, and error reports.
• Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar technologies to collect information about your browsing activity. See our Cookie Policy for details.

1.3 Information from Third Parties

• Integration Partners: Data from third-party services you connect to the Platform (e.g., CRM systems, marketing tools).
• Analytics Providers: Aggregated usage data from analytics services that help us understand how our Services are used.
• Public Sources: Publicly available business information used to enhance our services.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, maintain, and improve our Platform and Services.
• Communication: To send you service-related notices, updates, security alerts, and administrative messages.
• SMS Messaging: To send text messages related to your account, including appointment reminders, service notifications, and marketing messages — only with your prior express written consent.
• Email Marketing: To send promotional emails about our products, services, and offers — only with your consent or where permitted by applicable law. Every marketing email includes an unsubscribe option.
• Voice Communications: To facilitate AI-powered voice agent calls on your behalf, including outbound calls to your customers and leads — only with proper consent as required by the Telephone Consumer Protection Act (TCPA).
• Analytics and Improvement: To analyze usage patterns, diagnose technical issues, and improve our Services.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
• Security: To detect, prevent, and address fraud, abuse, security risks, and technical issues.

4. Email Marketing (CAN-SPAM Compliance)

Our email marketing practices comply with the CAN-SPAM Act of 2003 and applicable international email marketing laws. We adhere to the following principles:

• We will not use false or misleading header information. The "From," "To," "Reply-To," and routing information will accurately identify us as the sender.
• We will not use deceptive subject lines. Subject lines will accurately reflect the content of the message.
• We clearly identify promotional messages as advertisements where required.
• Every marketing email includes our valid physical postal address.
• Every marketing email contains a clear and conspicuous unsubscribe mechanism.
• We honor all opt-out/unsubscribe requests within 10 business days.
• We do not sell, rent, or share your email address with third parties for their own marketing purposes.
• We monitor the actions of any third parties performing email marketing on our behalf to ensure compliance.

5. Voice Communications & AI Agent Calls (TCPA Compliance)

Klonis AI provides AI-powered voice agent services that may make or receive telephone calls on behalf of our customers. Our voice communication practices comply with the Telephone Consumer Protection Act (TCPA), the Telemarketing Sales Rule (TSR), and applicable state telemarketing laws:

• Prior Express Written Consent: We obtain prior express written consent before making any marketing or promotional calls using automated dialing systems or AI voice agents.
• AI Disclosure: At the beginning of each AI-powered call, we clearly disclose that the call is being made by an artificial intelligence system on behalf of the identified business.
• Calling Hours: We do not place telemarketing calls before 8:00 a.m. or after 9:00 p.m. in the recipient's local time zone.
• Do Not Call Compliance: We maintain an internal Do Not Call list and honor the National Do Not Call Registry. Requests to be placed on our Do Not Call list are processed within 30 days.
• Caller Identification: All calls display accurate caller ID information identifying the calling party.
• Opt-Out During Calls: Recipients may request to be removed from our calling list at any time during a call, and such requests are honored immediately.
• Call Recording: Where calls are recorded for quality assurance or training purposes, we provide notice and obtain consent as required by applicable law.

6. Data Sharing and Disclosure

We may share your information with the following categories of recipients:

• Service Providers: Trusted third-party vendors who perform services on our behalf, including cloud hosting, payment processing, analytics, customer support, and SMS/email delivery. These providers are contractually obligated to protect your data and may only use it to perform services for us.
• Legal Requirements: When required by law, subpoena, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such transfer.
• With Your Consent: We may share your information with third parties when you have given us explicit consent to do so.

We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes.

7. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS/SSL) and at rest (AES-256), access controls, regular security audits, employee training, and secure data storage infrastructure. While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. When your information is no longer needed, we will securely delete or anonymize it. Opt-in consent records for SMS messaging are retained for the duration of the messaging relationship and for a reasonable period thereafter to demonstrate compliance with applicable regulations.

9. Your Privacy Rights

9.1 Rights for All Users

Regardless of your location, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete personal information.
• Request deletion of your personal information, subject to certain legal exceptions.
• Opt out of marketing communications at any time.
• Withdraw consent for SMS messaging by texting STOP.
• Withdraw consent for email marketing by clicking "Unsubscribe."
• Request to be placed on our Do Not Call list.

9.2 Additional Rights for European Economic Area (EEA) Residents (GDPR)

If you are located in the EEA, United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR):

• Right to Portability: Receive your personal data in a structured, commonly used, machine-readable format.
• Right to Restriction: Request that we restrict the processing of your personal data under certain circumstances.
• Right to Object: Object to the processing of your personal data for direct marketing or based on legitimate interests.
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

Our lawful bases for processing personal data include: consent, performance of a contract, legitimate interests, and compliance with legal obligations. For international data transfers, we rely on Standard Contractual Clauses approved by the European Commission.

9.3 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: Request information about the categories and specific pieces of personal information we have collected, the sources of collection, the business purposes, and the categories of third parties with whom we share it.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information to what is necessary to provide the Services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise any of these rights, please contact us at [email protected]. We will verify your identity before processing your request and respond within the timeframes required by applicable law.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have collected information from a child, please contact us at [email protected].

11. Third-Party Links and Services

Our Services may contain links to third-party websites, services, or applications that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our Platform.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a revised "Last Updated" date, and where required by law, we will provide additional notice (such as via email or an in-app notification). Your continued use of our Services after any changes constitutes your acceptance of the updated Privacy Policy.