Kairos IntelligenceKairos Intelligence

Privacy Policy

Last updated: June 1, 2026

This privacy policy describes how Kairos Intelligence ("Kairos", "we", "us") collects, uses, discloses and protects personal information in connection with the kairosintelligence.ca web application ("the dashboard") and the Kairos browser extension ("the extension"), together referred to as "the Service".

Kairos is an artificial-intelligence governance tool for agencies and their teams. Its design rests on a simple principle: the most sensitive data never leaves your device. Privacy is built in from the start (privacy by design).

1. Who we are

Kairos Intelligence is a project currently being incorporated, based in Montreal (Quebec, Canada).

For any question regarding the protection of personal information (within the meaning of Quebec's Law 25), to exercise your rights, or to reach the person responsible for the protection of personal information, write to confidentialite@kairosintelligence.ca.

2. The founding principle: PII detection is local

Kairos's PII guard feature analyzes your prompts entirely within your browser, before they are sent to the AI service you are using (ChatGPT, Claude, Gemini, Perplexity):

  • Pass 1: local rules (emails, phone numbers, IBAN, SIRET, card numbers, API keys, etc.);
  • Pass 2: an entity-recognition model run locally (WebAssembly). The model is downloaded once and then cached on your device; no data from your prompt is transmitted for this analysis.

As a result, the content of your prompts and the personal information they contain are never transmitted to Kairos's servers. The only exception is described in section 4 (the "Improve" button).

3. Information we collect

Information you provide to us:

  • Account: email address, name, password (stored in hashed form, never in clear text), membership in an agency and workspaces, role. If you sign in via Google or GitHub, we receive your email address, your name and an account identifier.
  • Library content: the templates, reusable blocks (snippets) and frameworks (frameworks) created by agency administrators.
  • Payment information (where applicable): processed by our payment provider. Kairos does not store your card numbers.

Information collected automatically:

  • AI usage data (anti-"shadow AI" feature): the extension records which AI services are used and when, along with associated technical metadata — but not the content of your prompts.
  • Product telemetry: aggregated counters (number of assisted prompts, number of PII items blocked, average quality score, Pass 2 deactivation rate). These metrics contain no prompt content.
  • Technical data: server logs, IP address, browser type, device or extension identifier, timestamps — used for the security and proper operation of the Service.

4. What we do not collect

  • The content of your prompts is neither collected nor stored by Kairos during PII analysis (see section 2).
  • Exception — the "Improve" button: if, and only if, you click "Improve" in the dashboard, the text of the relevant template is sent to Mistral AI (European Union) in order to propose an optimized version. This action is always triggered by you.

5. The purposes for which we use this information

  • to provide, maintain and secure the Service;
  • to authenticate you and manage your account;
  • to manage your agency's prompt library;
  • to provide agency administrators with AI-usage governance dashboards (see section 6);
  • to improve the product based on aggregated metrics;
  • to process payments, where applicable;
  • to comply with our legal obligations and to prevent fraud and abuse.

We do not sell your personal information and do not use it for targeted advertising.

6. Monitoring data and your employer's role

When an agency deploys Kairos to its teams, it may consult dashboards on AI usage by its employees. For this information, the agency is the controller and Kairos acts as a service provider (processor), processing the data according to the agency's instructions. If you are an employee of a client agency, direct your questions about this monitoring to your agency first.

7. Disclosure to third parties and service providers

We disclose your information only to the providers strictly necessary for the operation of the Service, bound by confidentiality commitments:

  • A payment provider — payment processing (where applicable);
  • Resend — sending transactional emails (verification, security);
  • Vercel — hosting of the web application;
  • DigitalOcean — hosting of the application server and database (Toronto, Canada data center);
  • Mistral AI — template optimization via the "Improve" button (European Union);
  • Hugging Face — distribution of the PII detection model downloaded by the extension (no personal data passes through it).

We may also disclose information if required by law, to enforce our terms, or in the context of a corporate reorganization (in which case this policy would continue to apply).

8. Hosting and disclosure outside Quebec

  • Account and library data are hosted in Canada (Toronto).
  • Processing by Mistral AI takes place in the European Union.
  • Some of our providers (Vercel, DigitalOcean and our payment provider) are companies established in the United States; your information may be processed there or be subject to foreign laws. In accordance with Law 25, we carry out a privacy impact assessment before any disclosure of information outside Quebec, and we are working to strengthen the sovereignty of our hosting.

9. Retention period

We retain information only for as long as necessary for the purposes described, or as required by law:

  • Account: for the entire duration of the relationship, then for a limited period after the account is closed;
  • Library: until deleted by your agency;
  • Session tokens (refresh tokens): at most 30 days;
  • Technical logs and usage data: for a limited period, after which they are deleted or anonymized.

10. Your rights

In Quebec (Law 25) and Canada (PIPEDA), you may: access your information, have it corrected, withdraw your consent, request that its dissemination cease or that it be de-indexed, and file a complaint with the Commission d'accès à l'information du Québec (CAI).

In the European Union (GDPR), you additionally have the rights of access, rectification, erasure, restriction, objection and portability, as well as the right to lodge a complaint with your supervisory authority (in France, the CNIL).

To exercise these rights, write to confidentialite@kairosintelligence.ca. We will respond within the time limits set by applicable law. If your request concerns monitoring data held on behalf of your agency, we will direct you to it (see section 6).

11. Automated decisions

Kairos makes no decision based solely on automated processing that produces legal effects or significantly affects you. PII detection and the quality score are assistance tools: the final decision (send, anonymize, cancel) always belongs to you.

12. Security

We implement reasonable security measures: encryption in transit (TLS), strict data isolation between tenants (Row-Level Security), authentication via signed tokens, password hashing (Argon2id) and restricted staff access. As no method of transmission or storage is perfectly secure, we cannot guarantee absolute security.

13. Cookies

We use only essential cookies needed for the operation of the Service (maintaining your authenticated session). We do not use advertising cookies.

14. Privacy incidents

In accordance with Law 25, we maintain a register of privacy incidents and, in the event of an incident presenting a risk of serious harm, we notify the Commission d'accès à l'information as well as the individuals concerned.

15. Information concerning minors

The Service is a professional tool that is not intended for minors and is not designed to knowingly collect information concerning persons under 14 years of age.

16. Changes

We may amend this policy. The update date appears at the top of the page; in the event of a material change, we will inform you by an appropriate means.

17. Contact us

Kairos Intelligence — Montreal (Quebec), Canada. For any question regarding privacy or to reach the person responsible for the protection of personal information: confidentialite@kairosintelligence.ca.

Kairos Intelligence

Kairos Intelligence aide les entreprises à sécuriser, encadrer et aligner leur utilisation des systèmes d'IA avec les exigences réglementaires et éthiques les plus strictes.

Services

AI GovernanceOur approach

Company

AboutContact

Legal

Terms of usePrivacy policy

Montréal, Canada

© 2026 Kairos Intelligence. All rights reserved.

Sign in