Privacy notice.

1. Who we are

Kraos AI Labs LLP ("Kraos", "we", "us") provides AI implementation and consulting services. This notice explains how we collect, use, share, and protect personal data, and the rights you have over it. It applies to visitors to this website and to people who contact us, become clients, or work with us.

For personal data we decide the purpose and means of processing, we are the data fiduciary (data controller). Where we process personal data inside a client’s own systems to deliver a build, we act as a data processor on that client’s instructions under a separate written agreement, and the client remains the fiduciary for that data.

2. The personal data we collect

We keep what we collect to what the work requires. Depending on how you interact with us, that may include:

• Contact and identity details you give us, such as your name, work email, phone number, company, and role.
• What you tell us about your business in enquiries, calls, and during a project.
• Records of our work together, such as call notes, Blueprints, proposals, and correspondence.
• Website and device data collected automatically, such as IP address, browser type, pages viewed, and similar usage data (see Cookies below).
• Where a build connects to your systems, the business data needed to deliver that build, under access we agree with you in writing.

3. How we use personal data, and our basis for it

We use personal data only for clear purposes, and only where we have a lawful basis to do so:

• To respond to your enquiry, arrange and hold the free call, and follow up (your request, and our legitimate interest in responding).
• To prepare your Blueprint and to scope, build, and run the work you ask for (performance of a contract, or steps you ask us to take before one).
• To operate, secure, and improve this website (our legitimate interest in a working, safe site).
• To meet our legal, tax, and accounting obligations (legal obligation).
• For any other purpose we explain to you at the time, where you have given consent. Where we rely on consent, you can withdraw it at any time.

4. Cookies and analytics

This site uses only the cookies and similar technologies needed to make it work and to understand, in aggregate, how it is used. We do not use them to build advertising profiles. You can control cookies through your browser settings; blocking some may affect how the site works. Where the law requires consent for non-essential cookies, we ask for it before they are set.

5. Who we share it with

We do not sell your personal data. We share it only in these cases:

• With service providers and sub-processors who help us run our work (for example hosting, email, scheduling, and analytics), under agreements that limit them to our instructions and to keeping the data secure.
• Where we are required to by law, regulation, court order, or a lawful request from an authority.
• In connection with a reorganisation, merger, or sale of our business, with the data kept subject to this notice.

6. International transfers

We work with clients and tools across borders, so personal data may be processed in countries other than your own. Where it is, we take steps to ensure it is protected to a standard consistent with this notice and with applicable law, including appropriate contractual safeguards with the providers involved.

7. How we keep it secure

We limit access to personal data to the people who need it for the work, and we agree any access to your systems with you in writing and keep it to what the build requires. Anything that touches money, stock, or a customer waits for a named person to approve it; we do not deploy systems that take such actions on their own. We use reasonable technical and organisational measures to protect data against loss, misuse, and unauthorised access, though no method of storage or transmission is completely secure.

8. How long we keep it

We keep personal data for as long as we need it for the purpose it was collected, and for as long as the law requires us to (for example for tax and accounting records). When we no longer need it, we remove or anonymise it.

9. Your rights

Subject to applicable law, you can ask us to:

• Confirm what personal data of yours we hold and how we use it, and give you access to it.
• Correct or complete data that is wrong, incomplete, or out of date.
• Erase data we no longer need, or restrict how we use it.
• Provide data you gave us in a portable form, or object to certain uses, where the law gives you that right.
• Withdraw consent at any time where we relied on it, and nominate another person to exercise your rights if you are unable to.

10. Raising a grievance

If you have a concern about how we handle your personal data, you can reach our grievance contact at privacy@kraos.ai, or through the Contact page. We will acknowledge and address your grievance within a reasonable time and within any period the law requires. If you are not satisfied, you may have the right to complain to the relevant data protection authority.

11. Children

Our website and services are intended for businesses and the people who run them, not for children. We do not knowingly collect personal data from children. If you believe a child has given us personal data, contact us and we will remove it.

12. Changes to this notice

We may update this notice as our work, the tools we use, or the law changes. When we do, we will revise the date below, and where the change is significant we will take reasonable steps to bring it to your attention.

13. How to reach us

For any question about this notice or your personal data, contact us at privacy@kraos.ai or through the Contact page. The binding terms of any engagement, including how we handle data in a specific project, are set out in the agreement we sign with you.