Legal · effective January 1, 2026
Privacy Policy
This Privacy Policy explains what information Kabinet AI collects, how we use it, who we share it with, and the rights you have over your data.
1. Who we are
Kabinet AI Ltd. ("Kabinet", "we", "our", "us") is the controller of the personal data we collect about visitors and users of kabinet-ai.com and the Kabinet AI platform (the "Service"). You can reach us at privacy@kabinet-ai.com.
2. Information we collect
We collect data in three buckets:
- Account data — name, email, organization, password hash, profile photo (if you upload one), preferred language and timezone.
- Usage data — the content you create or upload (missions, plans, deliverables, memory items), AI request metadata (token counts, model used, timing), audit log entries, and integration tokens you authorize.
- Technical data — IP address, browser type, device identifiers, pages visited, referring URL, error logs, and similar diagnostics needed to operate the Service securely.
3. How we use your data
- To provide, maintain, and improve the Service.
- To authenticate you, prevent fraud, and keep the Service secure.
- To bill you for paid plans and process payments through our payment processor (Stripe).
- To send transactional and (with your consent) marketing communications.
- To comply with legal obligations and enforce our Terms.
4. AI processing
When your AI CEO and AI roles execute work, the relevant context (your business profile, mission text, prior outputs) is sent to our AI inference providers (currently Anthropic). We do not use your data to train foundation models. AI providers are bound by data-processing agreements that prohibit them from training on customer content.
5. Legal bases (GDPR/UK GDPR)
We rely on the following legal bases to process personal data:
- Contract — to deliver the Service you signed up for.
- Legitimate interest — to keep the Service safe, prevent abuse, and improve the product.
- Consent — for non-essential cookies and marketing communications.
- Legal obligation — for tax, accounting, and lawful requests from authorities.
6. Sharing your data
We share data with vetted sub-processors who help us run the Service (cloud hosting, AI inference, payments, email, analytics). A current list is at /legal/sub-processors. We never sell your personal data.
7. International transfers
Kabinet stores customer data in the European Union by default. Where data is transferred to other regions (for example, to a US-based AI provider), we rely on Standard Contractual Clauses and additional safeguards as required by applicable law.
8. Data retention
We retain account data while your account is active and for up to 30 days after deletion (in a read-only state) before permanent erasure. Anonymized usage statistics may be retained longer. Backup snapshots are deleted within 90 days. Audit logs may be kept for up to 2 years to support compliance.
9. Your rights
You have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate data.
- Erase your data (subject to legal retention requirements).
- Restrict or object to certain processing.
- Data portability — request a machine-readable export.
- Withdraw consent at any time.
- Lodge a complaint with your local data protection authority.
To exercise any of these, email privacy@kabinet-ai.com. We respond within 30 days.
10. Children
The Service is not directed to children under 16 and we do not knowingly collect their data.
11. Changes to this policy
We may update this policy from time to time. Material changes are announced by email and via in-product notification at least 30 days before they take effect.
12. Contact
For privacy questions, contact our Data Protection Officer at dpo@kabinet-ai.com.