Privacy Policy

1. Who We Are

Kriseena is a product of Daanbi Services Ltd, a company registered in England and Wales. For questions about this policy or your personal data, contact us at privacy@kriseena.com.

2. Data We Collect

We collect the following categories of personal data:

• Account data — name and email address when you register for Kriseena.
• Workspace data — configuration settings, agent names, knowledge base content, and integration credentials you add to your workspace.
• Conversation data — messages sent by your end-customers through the Kriseena chat widget or connected email channels. This data belongs to you (our customer) and is processed on your behalf.
• Usage data — pages visited, features used, timestamps, and browser/device information, collected automatically to improve the Service.
• Billing data — payment details are handled by our payment processor (Stripe) and are never stored on our servers.

3. How We Use Your Data

• To provide, operate, and improve the Kriseena platform.
• To process AI-generated responses to your customers' queries.
• To send transactional emails (account setup, password reset, billing receipts).
• To respond to support requests and troubleshoot issues.
• To comply with our legal obligations under UK law.

We do not sell your personal data to third parties, and we do not use your customers' conversation data to train AI models.

4. Google API and Gmail Data

Kriseena's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

• What we access — when you connect a Gmail account, we read your inbox for unread emails (sender, subject, body) and send replies on your behalf using the Gmail API.
• Why — solely to operate the email support channel: converting inbound emails into support conversations and sending agent replies back to your customers.
• What we do not do — we do not use Gmail data to serve advertisements, we do not allow humans to read your Gmail data except as necessary to provide the service or where required by law, and we do not use Gmail data to train AI models.
• Token storage — Gmail OAuth tokens are stored encrypted in our database and are never exposed to the browser or shared with third parties.
• Revoking access — you can disconnect your Gmail account at any time from Dashboard → Settings → Channels. You can also revoke access directly from your Google Account at myaccount.google.com/permissions.

5. Legal Basis for Processing

Under UK GDPR, we process your data on the following bases:

• Contract — processing necessary to deliver the Service you have subscribed to.
• Legitimate interests — improving the platform, preventing fraud, and ensuring security.
• Legal obligation — compliance with applicable UK laws and regulations.
• Consent — where we explicitly ask for it (e.g., marketing communications).

6. Data Sharing

We share data only with trusted sub-processors necessary to operate the Service, including:

• OpenAI — AI model provider for generating automated responses. Customer conversation data is sent to OpenAI solely to generate replies and is never used to train OpenAI models.
• Google — Gmail API integration for connecting customer support email inboxes. When you connect a Gmail account, we access email content (subject, sender, body) to create support conversations. Gmail OAuth tokens are stored encrypted and are never shared with third parties. We do not access, store, or process any Gmail data beyond what is necessary to operate the email support channel.
• Supabase — database and authentication infrastructure.
• Stripe — payment processing.
• Vercel — web application hosting.
• Railway — backend API hosting.

All sub-processors are contractually bound to handle data in compliance with UK GDPR. Where data is transferred outside the UK, we ensure appropriate safeguards (such as Standard Contractual Clauses) are in place.

7. Data Retention

We retain your account and workspace data for as long as your subscription is active, and for up to 90 days after cancellation to allow for account recovery. Conversation data is retained for the duration of your subscription. You may request earlier deletion at any time (see Section 8).

8. Cookies

We use strictly necessary cookies to keep you logged in and maintain session state. We do not use third-party advertising or tracking cookies. Usage analytics, if enabled, are collected in an aggregated, anonymised form.

9. Your Rights

Under UK GDPR you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your personal data ("right to be forgotten").
• Restriction — ask us to limit how we process your data.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.

To exercise any of these rights, email privacy@kriseena.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Security

We implement appropriate technical and organisational measures to protect your data, including encrypted data storage, HTTPS-only communication, and role-based access controls. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security but we take all reasonable steps to protect your information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email before any material changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact Us

For privacy-related enquiries, contact:
Daanbi Services Ltd
Email: privacy@kriseena.com