Privacy Policy for KalkiGPT.com
Effective Date: 4 August 2025
Who we are
KalkiGPT (“we,” “our,” “us”) operates the website https://kalkigpt.com and related application-programming-interface services (collectively, the “Service”). This Privacy Policy explains what data we collect, why we collect it, and how we protect, use, and share your information. By accessing or using the Service, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.
1. Scope
This policy covers information we collect when you:
- Browse our public site
- Create an account or purchase a subscription via WooCommerce
- Generate or manage API keys
- Send content to—or receive content from—our API endpoints
- Contact our support or sales teams
- Interact with marketing emails, social content, or partner sites
2. Information We Collect
2.1 Information You Provide Directly
| Data Type | Examples | Purpose |
|---|---|---|
| Account Details | Name, email, billing / company info | Create and manage your account |
| Payment Data | Card/UPI details (handled by Stripe/Razorpay), WooWallet balances | Process transactions; we do not store full card numbers |
| API Content | Prompts, file uploads, model outputs | Provide core AI functionality |
| Support Materials | Emails, chat logs, debug files | Customer assistance & troubleshooting |
2.2 Information We Collect Automatically
| Category | Examples | Purpose |
|---|---|---|
| Usage Logs | Request counts, tokens in/out, model routed | Metering, analytics, abuse prevention |
| Device & Connection | IP address, browser type, OS, referral URL | Security, diagnostics, localization |
| Cookies & Similar | Session cookies, analytics pixels | Smooth login, site analytics, preference storage |
3. How We Use Your Information
- Deliver the Service – authenticate you, route prompts, return results
- Improve & Secure – analyze aggregated usage, detect anomalies, prevent fraud
- Billing & Account Management – calculate quotas, process renewals, send receipts
- Support & Communication – respond to inquiries, announce updates, provide documentation
- Legal & Compliance – fulfill contractual or statutory obligations (GDPR, CCPA, etc.)
We never sell or rent your personal data to third-party marketers.
4. Legal Bases (EEA/UK Residents)
We process personal data under one or more of the following bases:
- Contract performance (Art. 6 (1)(b) GDPR)
- Legitimate interests – e.g., preventing abuse, improving security (Art. 6 (1)(f))
- Consent – for optional cookies or marketing emails (Art. 6 (1)(a))
- Legal obligation (Art. 6 (1)(c))
You may withdraw consent at any time without affecting lawful processing based on consent before its withdrawal.
5. Sharing & Disclosure
We share data only as necessary:
| Recipient | Reason | Safeguards |
|---|---|---|
| Cloud/Hosting Providers (Render, AWS, Hostinger) | Run servers, store encrypted backups | DPAs, standard contractual clauses |
| Payment Gateways (Stripe, Razorpay) | Process transactions | PCI-DSS compliance |
| Analytics & Monitoring (e.g., Grafana, Sentry) | Performance metrics, error tracing | Pseudonymized IDs |
| Legal Authorities | Respond to lawful requests | Reviewed by counsel |
| Business Transfers | Merger, acquisition, reorganization | Notice & choice given where required |
6. International Transfers
We are headquartered in India with infrastructure in multiple regions. Where we transfer data outside your jurisdiction, we rely on:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions
- Your explicit consent (where applicable)
7. Data Rentention
| Data Type | Retention Period |
|---|---|
| Account & billing records | 7 years (tax & audit) |
| API logs | 30 days rolling (unless flagged for abuse) |
| Model prompts & outputs | Deleted automatically after 30 days or sooner via dashboard controls |
| Cookies | 1 year max, renew on consent |
You may request deletion of your personal data at any time (see Section 10).
8. Security
- TLS 1.2+ encryption in transit
- AES-256 encryption at rest for databases and backups
- Role-based access controls
- pgBouncer pooling & anomaly rate limits
- Routine vulnerability scanning and penetration tests
- Incident response plan with 72-hour breach notification commitment (GDPR Art. 33)
9. Children’s Privacy
The Service is not directed to children under 16. We do not knowingly collect personal data from minors. If you believe a child has provided us data, contact privacy@kalkigpt.com for prompt removal.
10. Your Rights
Depending on location, you may have rights to:
- Access or receive a copy of your data
- Correct inaccurate information
- Delete your data (“right to be forgotten”)
- Object to or restrict processing
- Data portability
- Opt-out of sale / sharing (CCPA)
Send requests to privacy@kalkigpt.com or via the dashboard. We’ll respond within 30 days.
11. Cookies & Tracking
We use first-party cookies for session management and third-party cookies for aggregated analytics. Cookie categories:
- Strictly Necessary – login, checkout
- Performance – page load metrics
- Marketing – optional, requires consent
You can manage preferences via our cookie banner or browser settings.
12. Third-Party Links
Our site may contain links to external resources (docs, partner blogs). We are not responsible for the privacy practices of those sites.
13. Changes to this Policy
We may update this Privacy Policy periodically. Material changes will be announced via email or dashboard notice. Continuing to use the Service after an update means you accept the revised terms.
Last updated: 4 August 2025
14. Contact Us
KalkiGPT Privacy Office
Email: privacy@kalkigpt.com