kind robots

Privacy Policy

Kind Robots LLC

Effective Date: February 12, 2026
Last Updated: February 15, 2026

1. Introduction

Kind Robots LLC (“Kind Robots,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you use the Kind Robots platform (“Platform”) and related services.

This policy applies to all users of the Platform, including account administrators, team members, and end-users who interact with chat widgets embedded on third-party sites.

2. Data Controller

Kind Robots LLC
12175 Visionary Way
Fishers, Indiana 46038
United States

Email: privacy@kindrobots.ai

For EU/EEA inquiries, contact: privacy@kindrobots.ai

Kind Robots acts as a data controller for account, billing, and platform usage data. Kind Robots acts as a data processor for Customer content processed through the Platform. See our Data Processing Agreement for details.

3. Categories of Personal Data Collected

3.1 Account Information

  • Full name
  • Email address
  • Organization name
  • Role within organization

3.2 Billing Information

Billing data is collected and processed by Stripe, our payment processor. Kind Robots does not store credit card numbers or full payment details. We receive:

  • Billing name and address
  • Last four digits of payment method
  • Subscription tier and billing history
  • Stripe customer ID

3.3 Usage Data

  • Platform feature usage and interactions
  • API request logs (endpoint, timestamp, response status)
  • Chat session metadata (session ID, timestamps, project ID)
  • Widget embedding domains

3.4 Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Referral URLs

3.5 Chat Content

  • Messages exchanged between end-users and AI Agents
  • API responses rendered by Agents
  • Chat session history (retained per project configuration)

3.6 LLM Provider Data

Under the BYOK (Bring Your Own Key) model, Customer-provided prompts and conversation data are transmitted to third-party LLM providers as selected by the Customer. See Section 7 for details.

4. Legal Bases for Processing

We process personal data under the following legal bases (as applicable under GDPR):

Legal BasisData CategoriesPurpose
Contract PerformanceAccount info, billing, usage dataProviding the Platform and Services
Legitimate InterestTechnical data, usage analyticsPlatform security, performance improvement, fraud prevention
ConsentMarketing communicationsOptional marketing
Legal ObligationBilling records, account dataTax compliance, legal requirements

5. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Platform
  • Process subscriptions and billing
  • Authenticate users and manage access
  • Monitor Platform performance and security
  • Respond to support requests
  • Send service-related communications
  • Comply with legal obligations
  • Enforce our Terms of Service

We do not use Customer content or chat data to train AI models.

6. Third-Party Data Sharing

We share personal data with the following categories of third-party service providers:

ProviderPurposeData SharedPrivacy Policy
SupabaseAuthentication, database hostingAccount data, auth tokenssupabase.com/privacy
VercelApplication hostingTechnical data, request logsvercel.com/legal/privacy-policy
StripePayment processingBilling informationstripe.com/privacy
ResendTransactional emailEmail address, message contentresend.com/legal/privacy-policy
DNSimpleDNS managementNone (infrastructure only)dnsimple.com/privacy

We do not sell personal data to third parties.

7. LLM Provider Disclosure

7.1 How Data Flows to LLM Providers

Under the BYOK model, when an end-user interacts with a Customer's AI Agent:

  1. The end-user's message is sent to the Kind Robots Platform
  2. The Platform formats the message with the Agent's configured context (system prompt, API manifest context)
  3. The formatted prompt is sent to the Customer's selected LLM provider using the Customer's API key
  4. The LLM provider returns a response, which the Platform delivers to the end-user

7.2 What Data is Sent to LLM Providers

  • User messages and conversation context
  • System prompts configured by the Customer
  • API response data included in Agent context (as defined in Manifests)

7.3 What Data is NOT Sent to LLM Providers

  • Billing or payment information
  • Authentication credentials or passwords
  • Customer account details (email, organization info)
  • Other Customers' data
  • Kind Robots internal platform data

7.4 Customer Responsibility

Each LLM provider has its own data processing and privacy practices. Kind Robots does not control how LLM providers process, store, or use data sent to them. Customers are responsible for:

  • Reviewing and accepting their chosen LLM provider's privacy policy and terms
  • Configuring Agents appropriately for their data sensitivity requirements
  • Informing their end-users about AI processing and data flows

For more details, see our AI Usage & Transparency Policy.

8. International Data Transfers

Kind Robots is based in the United States. If you are located outside the United States, your personal data will be transferred to and processed in the United States.

8.1 EU/EEA Transfers

For transfers of personal data from the EU/EEA, we rely on:

  • EU-US Data Privacy Framework (where applicable)
  • Standard Contractual Clauses (SCCs) as approved by the European Commission
  • Other appropriate safeguards as required under GDPR

8.2 Subprocessor Transfers

Our subprocessors (Supabase, Vercel, Stripe, Resend) maintain their own data transfer mechanisms. Details are available in our Data Processing Agreement.

9. Data Retention

Data CategoryRetention PeriodBasis
Account informationDuration of account + 30 days after deletionContract performance
Billing records7 years after transactionLegal obligation (tax records)
Usage and technical data12 months from collectionLegitimate interest
Chat session contentAs configured by Customer (default: 90 days)Contract performance
Support correspondence3 years after resolutionLegitimate interest
Cookies and tracking dataSee Cookie PolicyVaries by cookie type

Upon account termination, Customer data is retained for 30 days to allow for export, then permanently deleted.

10. GDPR Rights (EU/EEA Residents)

If you are located in the EU/EEA, you have the following rights under the General Data Protection Regulation:

  • Right of Access — Request a copy of the personal data we hold about you
  • Right to Rectification — Request correction of inaccurate or incomplete personal data
  • Right to Erasure — Request deletion of your personal data (subject to legal retention requirements)
  • Right to Data Portability — Receive your personal data in a structured, machine-readable format
  • Right to Restriction of Processing — Request that we limit how we use your data
  • Right to Object — Object to processing based on legitimate interest
  • Right to Withdraw Consent — Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint — File a complaint with your local data protection authority

To exercise these rights, contact us at privacy@kindrobots.ai. We will respond within 30 days of receiving your request.

11. CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

  • Right to Know — Request disclosure of the categories and specific pieces of personal information we have collected about you
  • Right to Delete — Request deletion of your personal information
  • Right to Opt-Out of Sale — We do not sell personal information. No opt-out is necessary.
  • Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at privacy@kindrobots.ai or use the mechanisms provided in your account settings.

We will verify your identity before fulfilling any request. We will respond within 45 days of receiving a verifiable request.

Categories of Personal Information (CCPA)

CCPA CategoryExamplesCollected
IdentifiersName, email, IP addressYes
Commercial informationSubscription tier, billing historyYes
Internet/electronic activityUsage logs, browser typeYes
Professional informationOrganization name, roleYes
Geolocation dataIP-based approximate locationYes

12. Cookie Policy

We use cookies and similar technologies as described in our Cookie Policy. Essential cookies (authentication via Supabase) are required for Platform functionality.

13. Children's Privacy

The Platform is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

If you believe a child under 16 has provided us with personal information, please contact us at privacy@kindrobots.ai.

14. Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit (TLS) and at rest (AES-256-GCM for sensitive data)
  • JWT-based authentication via Supabase
  • Organization-level access controls and data isolation
  • Regular security assessments

For more details, see our Security Policy.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the revised policy on the Platform with an updated “Last Updated” date
  • Sending an email notification for material changes

Your continued use of the Platform after notification constitutes acceptance of the revised policy.

16. Contact Us

For privacy-related questions or to exercise your data rights:

Kind Robots LLC
12175 Visionary Way
Fishers, Indiana 46038
Email: privacy@kindrobots.ai

For EU/EEA residents: privacy@kindrobots.ai
For CCPA requests: privacy@kindrobots.ai