Privacy Policy

Kronos AI

Last Updated: May 22, 2026

This Privacy Policy explains how Kronos AI ("Kronos," "we," "us") collects, uses, shares, and protects information when a company or authorized user ("Customer") accesses and uses our platform, website, and related services (the "Service").

Important (business use): Kronos is a platform designed for businesses. When a Customer connects messaging channels (for example, Instagram, Messenger, WhatsApp, Telegram, voice) or connected applications (for example, Gmail, Shopify), the Customer typically acts as the data controller for its end customers/contacts, and Kronos acts as a data processor on the Customer's documented instructions. A Data Processing Addendum (DPA) reflecting this controller / processor relationship is available upon request to [email protected].

1) Scope

This Policy applies to:

  • The Kronos website and public pages linked to the Service.
  • The Kronos application and dashboard.
  • Integrations the Customer connects to the Service (for example, messaging channels, e-commerce platforms, CRMs, productivity tools).

This Policy does not apply to third-party services the Customer connects, which are governed by their own privacy policies. Where Kronos delegates specific functions to sub-processors (listed in Section 6), those sub-processors handle data on Kronos' documented instructions and under written agreements that mirror this Policy.

2) Information We Collect

Depending on how the Service is used, we may collect and process the categories below. Each category is paired with a retention rule in Section 7.

A. Account and Company Information

  • Authorized user name, email address, and authentication credentials.
  • Company/workspace name, business details (if provided), country/city, workspace settings.
  • Roles, permissions, and administrative logs (for example, access audit trails).

B. Channel and Integration Data (When the Customer Connects It)

When the Customer integrates a channel (messaging) or a connected application (e-commerce, productivity), we may process:

  • Technical identifiers for the channel or application (page IDs, account IDs, store subdomains, access tokens, API keys, OAuth state, connection configuration).
  • Conversation metadata (dates, status, channel, sender/recipient identifiers, tags).
  • Message content and attachments where required for the Service to operate (for example, to display history and enable replies).
  • Tool-execution metadata for AI-agent actions against connected applications (tool name, timestamp, success/error status, duration). We do not persist the full arguments or response payloads of those tool calls in Kronos' database; payloads are processed in memory and discarded once the agent turn ends.

C. End-Customer Data Accessed Through Connected Applications

When the Customer connects a third-party platform that holds personal data of the Customer's own end customers (for example, the order and customer records inside the Customer's Shopify store), Kronos' AI agents may read that data on the Customer's instruction to answer inquiries or execute actions the Customer authorized. Specific handling rules for this category:

  • The end-customer record itself (the row in the connected platform) is fetched on demand at tool-call time and is not stored as a separate record in Kronos' database.
  • The AI agent's reply to its own end-user conversation may quote or reference end-customer information that the agent retrieved (for example, an order status that includes the shipping city). That reply is persisted as a conversation message because it is the message the Customer actually sent to its end user.
  • Tool-execution audit entries record the fact that a tool was called, the tool name, the resulting status, and timing — never the body of the data exchanged.
  • The Customer's connected platform continues to be the system of record. Deletion of end-customer data inside the connected platform must be performed in that platform. Kronos provides the deletion mechanisms it controls in Section 10 and at /data-deletion.

D. Usage and Device Data

  • Activity logs within the Service (actions taken, pages viewed, timestamps).
  • Technical information such as IP address, browser type, operating system, language, error logs, and performance metrics.
  • Anonymized analytics events (page navigation, feature usage) keyed by a salted IP hash, not the raw IP, when the user is not yet authenticated.

E. Cookies and Similar Technologies (Website)

We may use cookies or similar technologies to:

  • Maintain authenticated sessions and enhance security.
  • Measure performance and improve the Service.

3) How We Use Information

We use information to:

  1. Provide the Service: create accounts, authenticate users, operate features, enable integrations, display conversations, broker calls to connected applications, and send replies through connected channels.
  2. Security and Fraud Prevention: protect accounts, detect malicious activity, investigate incidents, and prevent abuse.
  3. Product Improvement: debug, analyze performance, and develop new features. We do not use the body of merchant end-customer data for product development.
  4. Support: respond to requests, troubleshoot issues, and communicate about the Service.
  5. Legal Compliance: meet applicable legal obligations and respond to lawful requests.

We do not sell personal data. We do not use message content for advertising. We do not train external AI models on the Customer's data; AI provider configurations are set to disable training where the provider offers a data-controller opt-out.

4) AI and Automation

Kronos offers automation and AI-assisted features, including generating responses, analyzing content, and executing tool calls against connected applications. To provide these features it is necessary to process information provided by the Customer (messages, context, account data, and payloads returned by connected applications) to:

  • Generate replies, summaries, classifications, or routing decisions.
  • Extract intent, tags, or defined objectives.
  • Execute tool calls (for example, "look up an order", "update inventory") on the Customer's instruction.
  • Improve workflows and operational outputs as configured by the Customer.

Where AI providers are involved, we limit shared information to what is necessary to deliver the requested functionality, consistent with Customer configuration. AI provider sub-processors are listed in Section 6.

5) Legal Bases and Roles

Where required by data protection laws (including the EU GDPR, the UK GDPR, the California Consumer Privacy Act, and Mexico's Federal Law on the Protection of Personal Data Held by Private Parties — LFPDPPP), we process information based on:

  • Contract performance — to provide the Service to the Customer.
  • Legitimate interests — security, abuse prevention, and product improvement, balanced against the rights of the individuals concerned.
  • Consent — for certain cookies or optional features, where applicable.
  • Legal obligations — compliance with applicable laws and lawful requests.

Controller / processor model: For data the Customer feeds into the Service or connects through a third-party platform, the Customer is the controller and Kronos is the processor. For data Kronos collects about its authorized users directly (sign-up information, billing, security telemetry), Kronos is the controller. Under the LFPDPPP (effective March 21, 2025), processors are within the explicit scope of the law; Kronos honors the ARCO rights of data subjects accordingly (see Section 9).

6) How We Share Information — Sub-Processors

We use third-party sub-processors to deliver the Service. Each sub-processor is contractually required to protect information and use it only to deliver services to Kronos. The current list is published below and is kept up to date; material additions are reflected here.

A. Infrastructure and Platform

  • Vercel Inc. (United States) — application hosting and global edge delivery. Privacy policy.
  • Supabase Inc. (United States; EU region available) — managed Postgres database, authentication, file storage, vault for OAuth secrets. Privacy policy.
  • Cloudflare Inc. (United States) — DNS, edge security, the Workers runtime that bridges voice calls. Privacy policy.
  • Hostinger International Ltd. (Lithuania / EU) — transactional and administrative email delivery (SMTP). Privacy policy.

B. Connected Applications and OAuth Brokerage

  • Composio Labs Inc. (United States) — OAuth broker and tool-execution runtime for connected applications such as Gmail, Shopify, and others. Composio holds SOC 2 Type II and ISO 27001 certifications and provides a standard Data Processing Addendum. When the Customer connects an application through Kronos, Composio receives the OAuth grant, stores the resulting access and refresh tokens, and brokers each tool call between Kronos and the upstream application API. Tool arguments and response payloads transit Composio for the duration of the call. Privacy policy.

C. Messaging Channels

  • Meta Platforms, Inc. (United States) — Facebook Messenger, Instagram Direct, and WhatsApp Cloud API for inbound and outbound messaging. Privacy policy.
  • Telegram FZ-LLC (UAE) — Telegram bot inbound and outbound messaging. Privacy policy.

D. Voice Channel

  • Twilio Inc. (United States) — public telephone network connectivity for the voice channel and regulatory bundle review for Mexican phone numbers. Privacy policy.
  • Google LLC (United States) — Gemini Live real-time speech-to-speech model used by the voice channel. Data-controller flag is set so audio is not retained for model training. Privacy policy.

E. AI Model Providers

  • Groq Inc. (United States) — low-latency inference (Llama family) used for routing decisions, classification, and post-call summaries. Privacy policy.
  • Google LLC (United States) — Gemini embedding model for semantic search over conversation history and knowledge bases (no training on Kronos data per controller flag).
  • OpenRouter Inc. (United States) — multi-provider routing fallback for model availability. Privacy policy.
  • DeepSeek Ltd. (Hong Kong / People's Republic of China) — model provider used in non-protected reasoning fallbacks only. Not used for any flow that contains end-customer personal data from regulated jurisdictions.

F. Billing

  • MercadoPago / Mercado Libre, Inc. (Argentina; Mexican entity) — subscription billing, payment-method tokenization. Kronos does not store card numbers on its infrastructure. Privacy policy.

G. Customer-Connected Integrations Outside the Sub-Processor List

When the Customer connects an upstream platform (for example, the Customer's Shopify store, a Customer's Gmail mailbox), data exchange may occur based on the Customer's configuration and the third party's rules. Those upstream platforms are not sub-processors of Kronos; they are the Customer's own controllers or counterparties, and Kronos does not control their privacy practices.

H. Legal and Safety Requirements

We may disclose information if reasonably necessary to:

  • Comply with laws, legal processes, or valid governmental requests.
  • Enforce our terms, prevent fraud, or protect rights, property, and safety.

I. Business Transfers

If we are involved in a merger, acquisition, or asset sale, information may be transferred as part of that transaction, subject to reasonable safeguards and notice where required by law.

7) Data Retention

Retention is set per data category. Items not listed here follow the default rule: kept while the account is active, purged on cancellation, except where a legal obligation requires retention.

CategoryRetention
Account and workspace recordsWhile the account is active. Purged on plan cancellation; certain billing-history rows are retained for legal and tax purposes.
Conversation transcripts and attachmentsWhile the account is active. Purged on cancellation alongside the rest of operational data.
Tool-execution audit log (Composio actions)Up to 30 days, then purged. Stores metadata only (tool name, success status, timing) — no request or response payloads.
OAuth access tokens for connected applicationsStored by Composio (the OAuth broker) while the connection is active; revoked on disconnect or on account cancellation. Kronos references the token indirectly via an opaque connection identifier.
KYC documents (voice number provisioning)Maximum 30 days after the Twilio regulatory decision; deleted by a daily automated job.
Voice transcripts and call summariesWhile the account is active. Purged on cancellation. Audio is not recorded.
Billing usage and AI-cost metricsRetained beyond cancellation as billing history.
Security logs and audit trailsRetained while necessary for security investigations and legal compliance.

When information is no longer needed, we delete or anonymize it using reasonable measures, subject to technical and legal limitations and to the backup cycle described in Section 10.

8) Security

Kronos implements technical and organizational measures designed to meet or exceed the requirements of Shopify's Level 2 protected customer data program. These include:

  • Encryption in transit — TLS 1.2 or above for all Service endpoints, both internal and external.
  • Encryption at rest — AES-256 provided by the managed database and storage providers used by Kronos.
  • Encrypted backups — automated backups inherit the encryption posture of the primary store and are restricted to authorized personnel.
  • Environment separation — production, staging, and development environments are isolated; production data is not used in test environments.
  • Access controls — least privilege, role-based access, multi-factor authentication for administrative accounts, short-lived credentials where supported, hardware-backed keys for the administrative console.
  • Access logging — administrative actions affecting Customer or end-customer data are logged and reviewable.
  • Vault-based secret storage — third-party tokens and shared secrets are stored in an encrypted vault rather than in application tables; vault entries are deleted on account cancellation.
  • Incident response policy — documented procedures for triage, containment, notification, and post-incident review. Material security incidents that affect Customers will be notified without undue delay in accordance with applicable law.
  • Vulnerability disclosure — researchers and Customers may report suspected vulnerabilities to [email protected].
  • Sub-processor due diligence — sub-processors are selected in part for their independent certifications (Composio: SOC 2 Type II and ISO 27001; Vercel and Supabase: SOC 2; others as published by each provider).

No system is completely secure. Customers are responsible for protecting credentials, configuring access controls, training their own personnel, and maintaining appropriate internal security practices.

9) Your Rights and Choices

Depending on your jurisdiction, you may have the following rights with respect to personal data Kronos processes about you as a controller:

  • Access — obtain a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete information.
  • Cancellation / Deletion — request deletion of personal data, subject to legal retention obligations.
  • Opposition — object to or restrict certain processing.
  • Portability — receive a copy of your data in a structured, commonly used format, where applicable.
  • Opt-out of automated decisions — where applicable.

For data subjects in Mexico the LFPDPPP recognizes these as the ARCO rights (Acceso, Rectificación, Cancelación, Oposición). For data subjects in the European Economic Area, the United Kingdom, or California, equivalent rights are recognized under the GDPR, the UK GDPR, and the CCPA respectively.

Requests: Contact us using the details in Section 13. If you are an authorized user under a Customer account, or an end customer who interacted with a business that uses Kronos, please first contact the Customer that holds the account; Kronos will act on the Customer's instructions where it is the processor. We will respond to verifiable requests within 30 days, subject to identity verification and any extension permitted by law.

10) Data Deletion

Kronos maintains a dedicated page with instructions for deleting data, including requests received through integration providers' mandatory data-deletion webhooks (Meta, Shopify, others). The page covers automated handling, manual request channels, timing, and backup-rotation expectations.

Data Deletion Page: https://www.kronos.com.mx/data-deletion

11) International Transfers

Kronos operates from Mexico. Production infrastructure and most sub-processors are US-hosted. Where personal data of individuals in the European Economic Area or the United Kingdom is transferred, we rely on:

  • The European Commission's Standard Contractual Clauses (SCCs) and the UK's International Data Transfer Addendum.
  • The EU-US Data Privacy Framework where the sub-processor is self-certified.
  • Other lawful transfer mechanisms recognized by applicable law.

Customers operating with strict data-residency requirements (for example, EU public-sector or EU AI Act high-risk classifications) should evaluate this transfer model in advance.

12) Children's Privacy

The Service is intended for business use and is not designed for use by children under the age of majority in their jurisdiction. We do not knowingly collect personal data from children.

13) Contact and Data Protection Officer

For questions, requests, or DPA requests under this Privacy Policy:

Kronos AI — Privacy

Privacy / Data Protection Officer: [email protected]

Legal and DPA: [email protected]

Security incidents: [email protected]

Support: [email protected]

Connected E-Commerce Platforms — Shopify

What we access and why

When a Customer connects a Shopify store, Kronos requests access to a defined set of Shopify Admin API scopes that map to the conversational use-cases the Customer's AI agents support (catalog questions, inventory checks, order status inquiries, discount management, fulfillment status, file management). Access is requested only to the minimum amount of data required to deliver this functionality.

One of the scopes requested, read_customers, is classified by Shopify as protected customer data and includes fields such as customer name, email, phone, and address. Kronos commits to Shopify's Level 1 and Level 2 program requirements when handling that data, as set out in Section 8 above (encryption in transit and at rest, backup encryption, environment separation, data-loss-prevention strategy, access controls, strong authentication, access logs, and incident response).

How the data flows

  1. The merchant grants access through Shopify's standard OAuth consent screen, on a per-shop basis.
  2. The resulting access and refresh tokens are stored by Composio, the OAuth broker, on the merchant's behalf. Kronos references each connection through an opaque connection identifier and does not see the token itself.
  3. When the merchant's AI agent needs to read Shopify data, Kronos asks Composio to execute the corresponding tool against the merchant's store. The response is held in memory during the agent turn and then discarded; Kronos does not maintain a separate copy of the merchant's Shopify records.
  4. The agent's reply to the end-user conversation may quote information it read from Shopify (for example, the status of an order). That reply is persisted as a message because it is the content the merchant's agent actually sent to its end customer.
  5. A tool-execution audit row is recorded for each Shopify call — metadata only, no payloads. The audit row is purged after 30 days at the latest and on account cancellation.

Mandatory compliance webhooks

Kronos honors the three mandatory compliance webhooks defined by Shopify for apps that touch customer data:

  • customers/data_request — when an end customer of the merchant submits a data-access request through Shopify, Kronos receives the request, locates the data it holds associated with that customer's identifier across conversation transcripts and audit entries, and delivers it to the merchant within 30 days.
  • customers/redact — when an end customer requests deletion, Kronos scrubs the corresponding identifier from conversation messages, redacts any quoted data attributable to that customer where reasonably feasible, and removes related audit entries. The action is completed within 30 days.
  • shop/redact — 48 hours after the merchant uninstalls the Kronos app, Shopify notifies Kronos to delete all data for that shop. Kronos removes the integration record, the linked conversations and messages, the audit entries, and revokes the Composio connection. The action is completed within 30 days.

All three endpoints verify the Shopify HMAC-SHA256 signature on the incoming request and return a 401 Unauthorized status if the signature is invalid. They return a 200 series status on successful receipt. Implementation details are reflected in our Data Deletion page.

Merchant transparency commitment

Kronos discloses which Shopify scopes are requested, why each scope is needed, and which sub-processor (Composio) brokers the OAuth and the API traffic. The Customer remains the controller of its own end-customer data; Kronos acts as a processor on the Customer's documented instructions. A written Data Protection Addendum is available on request.

Voice Channel — Data Categories & Processors

What we collect and how we store it

When you activate the voice channel for any AI agent, the following data flows through Kronos:

  • KYC documents (RFC, INE, proof of address) — uploaded once during Twilio bundle review. Stored in a private Supabase Storage bucket scoped to your tenant. Wiped automatically 30 days after Twilio's regulatory decision by a daily cron. We do not retain copies after that window.
  • Call metadata (call SID, direction, start / end timestamps, duration, final status). Persisted in the conversations row associated with the call. Retained while you are an active customer; deleted on plan cancel via the operational-data purge.
  • Transcripts (text of each turn in the conversation). Calls are transcribed, NOT audio-recorded. The transcript is persisted as messages rows with message_type='voice_transcript'.
  • Call summary — a short post-call summary generated by a small Llama model (via Groq) and stored on the conversation row. Operators can edit it from the inbox.
  • Status log — call-lifecycle transitions (initiated, ringing, in-progress, completed, etc.) appended to the conversation's metadata. Used to render live state in the inbox and reconcile billing.

Third-party processors

The voice channel requires three external service providers, each acting as a data processor for the specific function listed below:

  • Twilio Inc. — PSTN connectivity (carrying the call), provisioning, regulatory bundle review. Per the terms you accepted when creating your Twilio account, Twilio may retain call data on their infrastructure for up to a maximum of 3 years, independent of Kronos' own retention. Privacy policy: twilio.com/legal/privacy.
  • Google LLC (Gemini Live) — real-time speech-to-speech model. Audio streams ephemeral through Google's infrastructure; we do not authorize Google to retain audio for model training (data-controller flag set on the Gemini API account). Privacy policy: policies.google.com/privacy.
  • Groq Inc. — small Llama model used to summarize the transcript post-call. Only the transcript text is sent. Privacy policy: groq.com/privacy-policy.

In-call disclosure

Every voice call begins with an automated disclosure where the agent identifies itself as an AI and informs the caller that the conversation is transcribed. This disclosure is mandatory and cannot be removed by the operator. It is intended to comply with US and EU AI-transparency expectations (FTC AI guidance, EU AI Act Article 50 on AI-system transparency).

Retention & deletion

Functional voice data (conversation rows, transcripts, summaries) follows the same retention rules as the rest of your inbox: kept while you are an active customer, then purged on plan cancellation alongside other operational data. KYC documents follow a stricter 30-day cap regardless of subscription state. Billing-related metrics (number of calls, minutes used, billing-period rollups) are retained beyond cancellation as billing history, separately from the operational purge.

Twilio-side retention is separate from Kronos. Twilio acts as an independent processor for PSTN connectivity, and the terms you accepted when creating your Twilio account govern how long Twilio retains call data on its own infrastructure (up to a maximum of 3 years per Twilio's policy). Kronos cannot delete those Twilio-side records on your behalf — for end-of-life deletion of data Twilio holds, you must contact Twilio directly.

© 2026 Kronos AI. All rights reserved.

Privacy Policy | Kronos AI