Legal

Privacy Policy

Last updated: May 10, 2026

1. Introduction

This Privacy Policy explains how Kartio ("we", "us", "our") collects, uses, and protects personal data when you use our website and services. We are committed to protecting your privacy and handling your data in a transparent and secure manner.

2. Data Controller

The data controller responsible for your personal data is:

[Legal Entity Name]

[VAT Number]

[Legal Address]

Email: privacy@kartio.ai

3. Data We Collect

3.1 Kartio Customer Account Data

When you create an account, we collect: name, email address, phone number, company name, billing information, and store connection details.

3.2 End-User Ecommerce Visitor Data

When your customers interact with Kartio on your store, we process: chat messages, phone numbers (for calls), conversation history, and browsing context.

3.3 Phone Data

For voice calls, we process: phone numbers, call duration, transcripts, and audio recordings where applicable.

3.4 Technical Data

We collect: IP addresses, browser information, device information, session data, and logs for security and service improvement.

3.5 Payment Data

Payment processing is handled by Stripe or other payment providers. We do not store credit card information.

4. Purposes and Legal Bases

We process your data for the following purposes:

  • Providing AI chat and voice services
  • Processing payments and subscriptions
  • Sending reports and notifications
  • Improving our services
  • Legal compliance and fraud prevention

Legal bases: Contract performance, legitimate interests, legal obligation, consent (where required).

5. AI Processing

Kartio uses AI providers (OpenAI, Gemini, Anthropic) to process conversations. We configure these services to not use your data for model training where settings allow. Your data is processed to provide real-time responses only.

6. Sub-processors

We use third-party services to provide our platform. See our Sub-processors page for the full list.

7. International Transfers

Some of our sub-processors are located outside the EU. We use Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework where applicable to ensure adequate protection.

8. Data Retention

We retain personal data for as long as necessary to provide our services and comply with legal obligations. Conversation data is retained according to your subscription plan. You can request deletion at any time.

9. Your Rights

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (right to be forgotten)
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent

To exercise your rights, contact us at privacy@kartio.ai.

10. Kartio's Role as Processor

For merchant end-user data, Kartio acts as a data processor. The merchant is the data controller. We process this data only on your instructions and in accordance with our Data Processing Agreement (DPA).

11. Contact

For privacy-related inquiries, contact us at: privacy@kartio.ai