Privacy Policy

Last updated: April 15, 2026

This policy explains how Kazozo, Inc. ("Kazozo," "we," "us") collects, uses, and protects information in connection with kazozo.com and the Kazozo AI agent platform (the "Service"). For business customers, the processing of personal data about their end users is also governed by our Data Processing Agreement, where Kazozo acts as a processor.

1. Information we collect

We collect three broad categories of information:

• Information you provide — name, email, phone number, company, billing address, and any content you submit through forms, support channels, or the product itself.
• Information from use of the Service — conversation content processed by the AI agents you configure, event logs (logins, feature usage, errors), and metadata about sessions.
• Information from your devices — IP address, browser and OS identifiers, approximate location derived from IP, and cookie or similar identifiers described in Section 7.

When business customers use Kazozo to run AI agents, we process data about their end users on their behalf. For that data, we act as a processor and the customer is the controller — the DPA governs that relationship.

2. How we use information

We use information to:

• Provide, operate, secure, and improve the Service.
• Configure and deliver AI agents for customer workflows.
• Process payments and send billing communications.
• Respond to support requests and provide customer service.
• Send product updates, security notices, and — with consent where required — marketing communications.
• Prevent fraud, abuse, and violations of our Terms or Acceptable Use Policy.
• Comply with legal obligations.

3. AI processing

When you interact with a Kazozo agent, your messages are processed by large language models ("LLMs") to generate responses. We use LLM infrastructure from Anthropic (Claude) as the primary provider and OpenAI as a fallback, under agreements that prohibit those providers from retaining your content to train their public models. See the subprocessors page for the complete list and roles.

We do not use customer content to train a shared or general-purpose Kazozo model. Conversations may be reviewed by authorized Kazozo personnel on a need-to-know basis to diagnose errors, investigate abuse, or in response to a customer support request.

Kazozo agents are deterministic in some paths and generative in others. Generative responses are grounded in sources the customer configures (knowledge base, CRM, product catalog). Kazozo is not a substitute for professional advice; outputs should be reviewed before being relied on for legal, medical, financial, or safety-critical decisions.

4. Legal bases for processing (EEA, UK, Switzerland)

Where GDPR or UK GDPR applies, we rely on the following legal bases:

• Performance of a contract — to provide the Service you or your organization has signed up for.
• Legitimate interests — to secure the Service, prevent fraud, analyze product usage to improve features, and contact existing business customers about relevant offerings. We balance these against your rights and preferences.
• Consent — for non-essential cookies, optional marketing emails, and any processing where consent is the applicable basis; you can withdraw consent at any time.
• Legal obligation — for tax, accounting, and lawful regulatory or law-enforcement requests.

5. Data sharing

We share information only with:

• Subprocessors operating the Service under contract — hosting, model infrastructure, email and SMS delivery, analytics, payments. The current list is at kazozo.com/subprocessors.html.
• Integration partners you've authorized — for example, the CRM, calendar, or messaging platform you connect.
• Professional advisers — accountants, auditors, and lawyers bound by confidentiality.
• Corporate transactions — in the event of a merger, acquisition, or sale of assets, subject to notice and continued protection.
• Law enforcement or regulators — where required by law and, where permitted, after challenging overbroad requests.

We do not sell personal information as that term is defined under the California Consumer Privacy Act (CCPA/CPRA), and we do not share personal information for cross-context behavioral advertising.

6. International transfers

Kazozo is based in the United States and processes most data there. When we transfer personal data out of the EEA, UK, or Switzerland to a country without an adequacy decision, we rely on the EU Standard Contractual Clauses (2021/914), the UK International Data Transfer Addendum, and — where applicable — our certification under the EU–US Data Privacy Framework (and UK/Swiss extensions). See the DPA for details.

7. Cookies and similar technologies

We use a small number of cookies and similar identifiers:

• Essential — authentication, load balancing, CSRF protection. These cannot be turned off without breaking the Service.
• Analytics — aggregate usage measurement (self-hosted PostHog). Can be declined.
• Functional — remembers UI preferences like theme or last-viewed page.

You can control cookies through your browser settings and, where applicable, through an in-product cookie banner. We honor Global Privacy Control (GPC) signals as a valid opt-out under the CCPA/CPRA.

8. Your rights

Depending on where you live, you may have the following rights over your personal data:

• Access — a copy of the personal data we hold about you.
• Correction — fix inaccurate or incomplete data.
• Deletion — erase your data, subject to limited legal exceptions.
• Portability — receive your data in a structured, machine-readable format.
• Restriction and objection — pause or stop certain processing, including direct marketing.
• Withdraw consent — where processing is based on consent.
• Lodge a complaint — with your local supervisory authority (for EEA/UK residents) or state Attorney General.

California residents (CCPA/CPRA) additionally have the right to know the categories of personal information collected, the categories of sources, the business or commercial purpose, and the categories of third parties with whom it is shared; the right to correct inaccurate personal information; the right to limit the use and disclosure of sensitive personal information; and the right not to be discriminated against for exercising these rights. Kazozo does not use sensitive personal information for purposes that trigger the "right to limit" — we use it only for the purposes exempt under §7027(m).

To exercise any of these rights, email privacy@kazozo.com. We will verify your identity before responding. Authorized agents may submit requests on your behalf with written permission. We will respond within the timeframes required by applicable law (generally 30 days under GDPR, 45 days under CCPA).

9. Data retention

We retain personal data only as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

• Account data is retained for the duration of the subscription plus 30 days after termination to allow export.
• Conversation content is deleted or anonymized within 90 days of account termination.
• Billing records are retained for 7 years to meet tax and accounting requirements.
• Security logs are retained for up to 12 months.

10. Security

We implement technical and organizational measures appropriate to the risk, including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based access, logical tenant isolation, audit logging, and regular security testing. Detail is on our Trust & Security page. No method of transmission or storage is 100% secure; if we become aware of a breach affecting your personal data, we'll notify you and applicable regulators within the required timeframes.

11. Children

The Service is for business use and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact privacy@kazozo.com and we'll delete it.

12. Changes to this policy

We may update this policy periodically. The "Last updated" date at the top reflects the most recent change. For material changes, we'll provide additional notice (email to account admins or an in-product notice) at least 30 days before they take effect, where practicable.

13. Contact us

Kazozo, Inc. · privacy@kazozo.com for privacy and data subject requests · legal@kazozo.com for DPA and contract questions · security@kazozo.com for security concerns. Our EU and UK representatives' details are available on request.