Privacy Policy

Kulu AI's Privacy Policy - Learn how we collect, use, and protect your personal data.

Privacy Policy

Last Updated: October 2025

Welcome to Kulu AI ("we", "us", "our", or "Company"). We are committed to protecting your data and privacy. This Privacy Policy explains how we handle your personal data when you use our SDK, platform, and services (collectively, the "Services").

Data We Process

The Kulu SDK processes the following data:

  • User Identification: User ID and description provided during SDK initialization, used to identify returning users and track their workflow progress
  • Workflow Progress: Current step, completion status, and session ID to resume workflows across sessions
  • Chat Interactions: Questions asked and AI responses (only if users interact with Kulu's AI agent) to provide context in future sessions
  • Authentication Data: SDK key and short-lived JWT tokens for secure API communication
  • Technical Data: Request logs, error information, and performance metrics for service monitoring

How We Use Your Data

We use your data to:

  • Provide and maintain our Services
  • Authenticate and authorize API requests
  • Monitor service performance and security
  • Comply with legal obligations
  • Improve our products and services

Data Security

We implement comprehensive security measures to protect your data:

Encryption

  • In Transit – All data transmitted to and from our services is encrypted using TLS 1.2 or higher
  • At Rest – Sensitive data is encrypted at rest using industry-standard encryption algorithms

Access Controls

  • Authentication – Secure authentication mechanisms for all user accounts
  • Authorization – Role-based access control (RBAC) ensures users only access data they need
  • Audit Logging – All access to sensitive data is logged and monitored

Infrastructure Security

  • Network Security – Firewalls, intrusion detection, and DDoS protection
  • Regular Updates – Timely patching and updates of all systems
  • Vulnerability Management – Regular security assessments and penetration testing

Data Storage

  • All workflow progress and chat history is stored securely on Kulu's backend
  • Data transmission is encrypted using HTTPS
  • You can request data deletion at any time by contacting support@heykulu.ai

Data Retention

We retain your data only as long as necessary to provide our Services or as required by law. You can request data deletion by contacting support@heykulu.ai.

Your Rights

Depending on your location, you may have rights to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Request a copy of your data

To exercise these rights, please contact us at support@heykulu.ai.

Data Protection Agreement (DPA)

For organizations requiring a Data Protection Agreement, we provide a comprehensive DPA document that outlines data processing terms and security commitments. Download DPA (PDF)

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes by updating the date above.

Contact Us

If you have questions about this Privacy Policy, please contact us at:

📧 Email: support@heykulu.ai

We are committed to working with you to resolve any privacy concerns.