Kaiday
PrivacyTermsData deletionLog in

Privacy Policy

Last updated: 2 May 2026

This Privacy Policy explains how Kaiday (“Kaiday”, “we”, “us”) processes personal data when you use the Kaiday platform at kaiday.com, related sub-domains, the Kaiday API, and any connectors or integrations you choose to enable (together, the “Service”).

Kaiday is operated from the Netherlands. We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the Dutch GDPR Implementation Act (Uitvoeringswet AVG, “UAVG”).

1. Controller and contact

The data controller for personal data processed about visitors, account holders, and end-users of the Kaiday platform is:

  • Kaiday, operated by Sophometrics, Netherlands
  • Email: privacy@kaiday.com
  • General contact: hello@kaiday.com

For most personal data that customers upload or import via connectors, Kaiday acts as a processor on behalf of the customer (the controller). Where Kaiday determines purposes and means — for example, for account management, billing, security, and product analytics — Kaiday acts as a controller.

2. Personal data we process

2.1 Account & identity data

  • Name, email, password hash, profile photo, role, language preference
  • Workspace / organisation membership and permissions
  • Authentication identifiers from social or single sign-on providers (e.g. Google, Microsoft, Meta)

2.2 Content data

  • Files, documents, messages, notes, tasks, calendar events, contacts, and other content you create or upload
  • Data you import from third-party services through connectors (see §6)

2.3 Usage & technical data

  • Log data: IP address, user agent, device identifiers, timestamps, pages and features accessed
  • Diagnostic, performance, and error data
  • Cookies and similar technologies needed to keep you logged in and to remember your preferences

2.4 Communications

  • Support tasks, in-app messages, feedback, and survey responses

2.5 Billing data

  • Company name, billing address, VAT number, plan, invoice history
  • Payment is handled by our payment processor (Stripe). We do not store full card numbers.

3. How we use personal data and the lawful basis

We process personal data for the purposes listed below, on the lawful bases indicated (Art. 6 GDPR).

  • Provide the Service— create and authenticate accounts, run AI agents, sync connectors, deliver features you request. Basis: performance of a contract (Art. 6(1)(b)).
  • Service operations & security— logging, abuse and fraud prevention, rate-limiting, backups, incident response. Basis: legitimate interests (Art. 6(1)(f)) and legal obligation (Art. 6(1)(c)).
  • Billing and tax compliance— invoicing, accounting, statutory record-keeping. Basis: contract and legal obligation.
  • Product analytics— aggregated usage metrics to improve features. Basis: legitimate interests; consent where required for non-essential cookies.
  • Customer communications— service notices, security alerts, product updates. Basis: legitimate interests; consent for marketing emails, which you can withdraw at any time.
  • AI model usage— we send your prompts and the relevant context to large-language-model providers (e.g. Anthropic, OpenAI) strictly to generate the response you requested. We do not allow these providers to train their general models on your content. Basis: contract.

4. Automated decision-making and AI

Kaiday uses AI agents to draft, suggest, or, where you have explicitly enabled it, take actions on your behalf. Default behaviour follows an Observe → Suggest → Draft → Auto trust ladder; the Auto stage is opt-in per task. You can review, override, or undo any AI-generated action. Kaiday does not make decisions producing legal or similarly significant effects on data subjects without human review.

5. Cookies and similar technologies

We use strictly necessary cookies to keep you logged in and remember workspace selection. With your consent we may use analytics cookies to measure feature usage. You can manage cookie preferences in your browser and, where presented, in the cookie banner.

6. Third-party connectors and integrations

Kaiday connects to a wide range of third-party services only at your direction, using OAuth or an API key you provide. When you authorise a connector:

  • Kaiday reads, writes, and stores the data scopes you approve in the consent screen of the third party.
  • The third party becomes an independent controller of any data they receive from us as a result of your use.
  • You can revoke access at any time from Kaiday Settings → Connectors and from the third party’s own console.

Categories of connectors currently supported include, without limitation:

  • Identity & productivity: Google Workspace, Microsoft 365, Slack, Notion, Atlassian (Jira, Confluence), Asana, Trello, Linear, Discord
  • Social & advertising:Meta (Facebook & Instagram), Meta Ads, Threads, LinkedIn (Social, Ads, Recruiter), TikTok Ads, Google Ads, Google Analytics, ManyChat
  • Sales & CRM: HubSpot, Salesforce, Pipedrive, Apollo, Attio, Affinity, Clay, Clearbit
  • Customer support: Intercom, Zendesk, Front, Crisp, Canny, Productboard
  • Finance & payments: Stripe, Mercury, Brex, Ramp, Moneybird, QuickBooks, Xero, Pilot, Puzzle
  • E-commerce: Shopify, Tiendanube, Webflow, Framer, Vercel
  • HR & legal: Greenhouse, Lever, Ashby, Gem, Carta, Clerky, Common Paper, DocSend, DocuSign, Ironclad
  • Analytics: Mixpanel, Amplitude, PostHog
  • Scheduling: Cal.com, Calendly
  • Automation: Make, Zapier, generic REST & webhook connectors

For each connector we maintain a written record of the data scopes used. A current list with retention details is available on request.

6.1 Meta Platforms (Facebook Login & Graph API)

When you sign in with Facebook or connect a Meta-owned account (Facebook Page, Instagram Business, Meta Ads, Threads), we receive only the scopes you approve in the Meta consent dialog. We use that data solely to operate the feature you requested (e.g. publishing posts, reading messages, fetching ad metrics). We do not sell Meta platform data and do not use it for any purpose not explicitly disclosed to you. You can disconnect at any time from Kaiday or by visiting Facebook Settings → Apps and Websites. To request deletion of data Kaiday holds about you that originated from Meta, follow the instructions on our Data deletion page.

7. Sub-processors

Kaiday relies on the following categories of sub-processors. They process personal data only on our documented instructions and under written data-processing terms:

  • Cloud infrastructure: Amazon Web Services (eu-central-1, Frankfurt) for hosting, storage, email delivery (Amazon SES) and monitoring
  • AI inference: Anthropic (Claude), OpenAI — covered by zero-retention or short-retention agreements where available
  • Payments: Stripe
  • Customer support & product analytics: tools listed in our public sub-processor register

A current list of named sub-processors is available at privacy@kaiday.com. We notify customers in advance of material changes and offer a reasonable opportunity to object.

8. International transfers

Personal data is primarily stored in the European Union (AWS eu-central-1, Frankfurt). Some sub-processors are established outside the EEA, principally in the United States. For those transfers we rely on:

  • The EU-U.S. Data Privacy Framework, where the recipient is certified, and/or
  • Standard Contractual Clauses adopted by the European Commission (Decision 2021/914), supplemented by the technical and organisational measures described in our security documentation.

You can request a copy of the relevant transfer mechanism by contacting us.

9. Retention

  • Account data: for as long as your account is active, plus up to 90 days after closure.
  • Customer content: until you delete it or until 30 days after subscription termination, after which it is purged from primary systems and within 90 days from backups.
  • Connector data: retained until you disconnect the connector or delete the synced records.
  • Logs and security events: typically up to 12 months.
  • Invoicing and tax records: 7 years, as required by Dutch law (art. 52 AWR).

10. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you (Art. 15)
  • Rectify inaccurate or incomplete data (Art. 16)
  • Erase your data (Art. 17)
  • Restrict processing (Art. 18)
  • Receive your data in a portable format (Art. 20)
  • Object to processing based on legitimate interests, including profiling (Art. 21)
  • Withdraw consent at any time, without affecting prior lawful processing (Art. 7(3))

To exercise any of these rights, email privacy@kaiday.com. We will respond within one month (extendable by two months for complex requests). You can also file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl) or the supervisory authority of your EU member state.

11. Security

Kaiday encrypts personal data in transit (TLS 1.2+) and at rest (AES-256). We apply role-based access controls, least-privilege engineering access, audit logging, vulnerability scanning, and continuous monitoring. We will notify affected customers and, where required, the supervisory authority within 72 hours of becoming aware of a personal-data breach (Art. 33-34 GDPR).

12. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children under that age. If you believe a child has provided us personal data, contact us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the new version on this page and, for material changes, notify account holders by email or in-app notice at least 14 days before the change takes effect.

14. Contact

Questions, requests or complaints about privacy: privacy@kaiday.com.

© 2026 Kaiday. All rights reserved.

PrivacyTermsData deletion