Kairos IQ LLC (“Kairos IQ,” “we,” “our,” or “us”) values your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered real estate platform, including our conversation agent, lead management tools, and other subscription-based services (collectively, the “Services”).

2.1 Account Information

When you register for our Services, we collect:

• Name, email address, and contact details
• Professional information (brokerage affiliation, license numbers)
• Payment and billing information
• Account credentials
• User preferences and settings

2.2 Lead and Client Information

As a real estate professional using our platform, you may provide information about your leads and clients, including:

• Contact information (names, phone numbers, email addresses)
• Property preferences and requirements
• Transaction history and details
• Communication records
• Notes and task information

2.3 Conversation and Interaction Data

When you use our AI conversation agent, we collect:

• Conversation history and content
• Messages exchanged with the AI assistant
• Actions triggered during conversations
• Entity-specific context data (leads, deals, buyers)
• User queries and AI responses

2.4 Usage and Performance Data

We automatically collect certain information about your use of our Services:

• AI token usage statistics
• Feature access patterns
• System performance metrics
• Login times and session duration
• Device information and IP addresses

2.5 Subscription and Feature Data

We maintain records of:

• Your subscription package and tier
• Feature access permissions
• User role assignments
• Usage quotas and limitations

3.1 Gmail Data We Access

When you connect your Gmail account to KairosIQ, we access:

• Email Messages: Subject lines, sender/recipient information, message content, and timestamps
• Email Metadata: Thread IDs, message IDs, labels, and folder information
• Contact Information: Email addresses of senders and recipients
• Authentication Tokens: OAuth access and refresh tokens for continued access

3.2 Gmail API Scopes We Use

Our application requests the following Gmail API scopes:

• gmail.readonly: Read email messages and metadata (read-only access to all emails)
• gmail.send: Send emails on your behalf (permission to send emails)
• gmail.modify: Modify email labels and organization (permission to organize emails)
• userinfo.email: Access your email address (your primary email address)
• userinfo.profile: Access basic profile information (your name and profile details)

3.3 Why We Need These Permissions

• Lead Intelligence: Analyze emails for real estate leads and opportunities
• Deal Management: Track property-related communications and transactions
• AI Processing: Generate insights and recommendations based on email content
• Automated Responses: Send follow-up emails and communications
• Email Organization: Categorize and label real estate-related emails

3.4 Gmail Data Security & Encryption

We implement comprehensive security measures to protect your Gmail data:

• Encryption at Rest: All Gmail message content is encrypted using AES-256 encryption
• Secure Transmission: All data transfers use TLS 1.3 encryption
• Key Management: Encryption keys are managed through AWS Key Management Service
• Access Controls: Role-based access ensures only authorized personnel can access email data
• OAuth Token Security: OAuth tokens are encrypted before database storage
• Automatic Rotation: Tokens are automatically refreshed and rotated as needed

3.5 Gmail Data Processing

How we process your Gmail data:

• Instant Processing: Your emails are processed immediately when they arrive in your Gmail inbox, ensuring real-time insights
• Smart Analysis: Email content is automatically analyzed for real estate opportunities and important client communications
• Data Extraction: Key information like contact details, property information, and important dates are identified and organized
• AI Insights: Our AI generates helpful recommendations and insights based on your email patterns
• Secure Storage: All processed information is encrypted and securely stored in compliance with industry standards

3.6 Your Gmail Data Rights

You have complete control over your Gmail data:

• Access: View all Gmail data we have collected and processed
• Correct: Request correction of inaccurate email-related information
• Delete: Request deletion of all Gmail data and associated processing results
• Export: Receive a copy of your Gmail data in a portable format
• Revoke: Disconnect Gmail integration and revoke all permissions

3.7 Gmail Data Deletion Process

Upon your request to delete Gmail data:

• Immediate: OAuth tokens revoked and access terminated
• Within 24 hours: Email content marked for deletion in active systems
• Within 7 days: All processed insights and derived data deleted
• Within 30 days: Complete purge from all systems including backups
• Verification: Deletion completion confirmed via automated audit logs

3.8 Gmail Data Retention

We retain your Gmail data for specific periods:

• Email Content: Retained for 3 years or until account closure, whichever comes first
• Email Metadata: Retained for 5 years for analytical purposes
• OAuth Tokens: Retained while account is active, deleted within 30 days of deactivation
• Processing Logs: Retained for 1 year for security and debugging purposes

3.9 Microsoft Outlook Integration

When you connect your Microsoft Outlook account to KairosIQ, we provide the same level of security and data protection:

• Data Access: Email messages, metadata, contacts, and calendar information as needed for real estate lead management
• OAuth Scopes: Similar permissions to Gmail including read, send, and organize capabilities
• Real-time Processing: Instant email processing using Microsoft Graph API webhooks
• Security: Same AES-256 encryption and user-specific keys as Gmail data
• Data Rights: Identical user control options – access, correct, delete, export, and revoke
• Retention: Same retention periods as Gmail data (3-5 years depending on data type)

4.1 Providing and Improving Our Services

• Delivering core platform functionality
• Processing and analyzing lead information
• Generating AI-powered insights and recommendations
• Creating and managing tasks based on conversation context
• Maintaining conversation history and summaries
• Improving our AI models and algorithms

4.2 Personalization and Context

• Adapting content based on user role and preferences
• Generating role-appropriate system prompts
• Providing entity-specific context for AI interactions
• Customizing engagement levels based on user preferences
• Managing conversation states and continuity

4.3 Session and Activity Tracking

• Logged-In Users: Activity is linked to your account for personalization and service continuity
• Anonymous Users: Session data may be retained via cookies or device identifiers for basic functionality
• Conversation Continuity: Logged-in users benefit from persistent conversation history and preferences
• Data Association: Anonymous sessions are not linked to personal accounts unless you choose to log in
• Cookie Management: You can control cookies and tracking through your browser settings

4.4 Token Usage Monitoring & Cost Management

• Tracking AI token consumption for billing purposes and cost control
• Monitoring usage patterns to optimize system performance and detect abuse
• Enforcing subscription-based usage limitations and daily quotas
• Providing real-time usage statistics and cost projections
• Implementing automatic cost protection measures and spending caps
• Detecting unusual usage patterns that may indicate system abuse
• Generating usage alerts at 75% and 90% of monthly quotas

4.5 Privacy-Enhanced Processing

• Implementing data minimization in context handlers
• Redacting sensitive information from conversation context
• Generating conversation summaries for improved efficiency
• Enforcing role-based and subscription-based access controls

4.6 Pricing Flexibility & Notice Policy

• Pricing adjustments based on actual infrastructure costs and demand
• Transparent communication about cost factors and market conditions
• Options to lock in current pricing for extended periods during transitions
• Migration assistance to alternative subscription tiers if needed
• Grandfathered pricing protection for existing customers when possible

5.1 Third-Party AI Services & Training Data

We utilize AWS Bedrock to access Claude AI models. When you interact with our AI assistant:

• Your conversation messages are transmitted to these services for processing
• We share only the information necessary to generate appropriate responses
• We implement data minimization principles to limit sensitive data exposure
• Email data (Gmail/Outlook) is never shared with AI providers – only processed insights and summaries

Your AI Training Controls

• Opt-Out Available: Disable AI training use in your account dashboard
• Data Anonymization: All training data is anonymized and stripped of personal identifiers
• Enterprise Options: Custom retention and zero-training configurations available
• Transparency: Clear indicators when conversations may be used for training

5.2 Service Providers

We may share information with trusted third parties who assist us in operating our Services:

• Cloud hosting and storage providers
• Payment processors
• Customer support services
• Analytics providers
• Security and compliance services

5.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal process (subpoenas, court orders)
• Enforcement of our terms of service
• Protection of our rights, property, or safety
• Compliance with real estate regulations, including Fair Housing laws

5.4 Business Transfers

6.1 Feature Access Management

Our platform implements a tiered access model that restricts data access based on your subscription level:

• CORE_CRM: Basic lead and deal information
• KAIROS_IQ: AI conversation capabilities and analytics
• BUYER_IQ: Advanced buyer preference analysis and property matching
• LISTING_IQ: Enhanced listing optimization and seller analytics
• TRANSACTION_IQ: Transaction management and document processing

6.2 Role-Based Privacy Controls

User permissions are determined by assigned roles:

• Different roles (Agent, Broker, Lender, etc.) receive appropriately tailored data views
• System prompts and AI responses adapt based on professional role
• Data visibility is filtered according to role-appropriate access levels

6.3 Data Minimization

We implement privacy-by-design principles through:

• Context-appropriate data loading based on need
• Redaction of personally identifiable information in context texts
• Selective inclusion of lead and deal details based on relevance
• Privacy-optimized formatting for AI prompts

7.1 Storage and Retention

• Conversations are stored in our secure database with appropriate access controls
• Message content, timestamps, and metadata are maintained for continuity
• Conversation actions and triggered tasks are recorded for reference
• Inactive conversations may be automatically closed after extended periods

7.2 Conversation Summarization

To optimize token usage and improve efficiency:

• Our system may generate summaries of longer conversations
• Key points and decisions are extracted from conversation history
• Summaries focus on business-relevant information rather than personal details
• Summaries are stored securely with appropriate access controls

7.3 User Control Over Conversations

You can manage your conversation data by:

• Viewing conversation history
• Closing active conversations
• Managing conversation-triggered actions
• Controlling who has access to conversation content

8.1 Security Measures

We implement appropriate technical and organizational measures to protect your information:

• Secure database connections with parameterized queries
• Encryption of sensitive data (including Gmail content with AES-256 encryption)
• Role-based access controls
• Regular security assessments and updates
• Secure API integrations with third-party services
• CASA Tier 2 compliance for Gmail OAuth integration

8.2 Connection Security

Our platform secures data transmission through:

• Encrypted connections for all external services
• Secure database connection pooling
• Proper exception handling to prevent data leakage
• Controlled access to database operations

8.3 Token Authentication

• We implement secure token-based authentication for all API access
• Authentication credentials are securely stored and transmitted
• Session management includes appropriate timeout controls
• Failed authentication attempts are monitored and logged

9.1 Account Information

You can access and update your account information through your account settings or by contacting us. You may also:

• Update your profile information
• Change your password and security settings
• Modify your notification preferences
• Update subscription and billing details

9.2 Communication Preferences

You can manage your communication preferences by:

• Updating email notification settings
• Adjusting in-app notification preferences
• Opting out of marketing communications
• Setting preferences for AI interaction levels

9.3 Data Subject Rights & Controls

You have comprehensive control over your data and privacy settings:

Data Access & Portability

• Access and Download: View and export all your stored data through your account dashboard
• Conversation Export: Download your AI conversation history in multiple formats
• Data Reports: Request comprehensive reports of all data we hold about you

Data Management

• Correct Information: Update or correct inaccurate profile and account information
• Delete Specific Conversations: Remove individual AI interactions at any time
• Account Deletion: Request complete account closure and data removal
• Selective Deletion: Choose what data to keep and what to remove

Privacy Controls

• Opt Out of AI Training: Disable use of your conversations for model improvement
• Auto-Deletion Settings: Configure automatic conversation deletion (3, 6, 12, or 18 months)
• Revoke Email OAuth: Disconnect Gmail/Outlook access and delete associated email data
• Communication Preferences: Control marketing and notification settings

Legal Rights

• Restrict or object to certain processing activities
• Request portability of your information
• Withdraw consent where processing is based on consent
• File complaints with relevant data protection authorities

10.1 Fair Housing Compliance

Our AI systems are designed to comply with Fair Housing laws:

• AI responses avoid biased or discriminatory content
• System prompts include fair housing guidance
• Regular auditing ensures compliance with anti-discrimination requirements
• Data processing techniques minimize potential for discriminatory outcomes

10.2 Professional Responsibilities

As a real estate professional, you remain responsible for:

• Ensuring compliance with applicable laws and regulations
• Reviewing and validating AI-generated content before client sharing
• Maintaining appropriate client confidentiality
• Using AI tools as assistive technology rather than definitive advice

11.1 Retention Periods

We retain your information for different periods based on data type and business need:

• Account Information: Retained while account is active plus 7 years after closure
• AI Conversation Data: Default retention of 18 months, with user-controlled deletion and auto-deletion options
• Lead/Client Data: Retained as long as you maintain it in your account
• Email Data (Gmail/Outlook): Email content retained for 3 years, metadata for 5 years (see Section 3.8-3.9)
• Usage Analytics: Aggregated data retained for 5 years for service improvement
• Billing Records: Retained for 7 years for tax and legal compliance
• Compliance & Audit Records: Retained as required by applicable laws and regulations (including real estate recordkeeping requirements)

11.2 User-Controlled Data Management

• Individual Deletion: Delete specific conversations at any time
• Bulk Deletion: Clear conversation history by date range or topic
• Auto-Deletion Settings: Set automatic deletion windows (3, 6, 12, or 18 months)
• Immediate Processing: Deleted conversations removed from active systems within 30 days
• Account Dashboard: Manage all data retention preferences from one central location
• Download Options: Export your conversation data before deletion

11.3 Data Deletion Process

Upon account closure or data deletion request:

• Personal data is deleted within 30 days of request verification
• Conversation histories are permanently removed from active systems
• Aggregated analytics may be retained in anonymized form
• Legal hold data may be retained longer if required by law
• Backup systems are purged within 90 days of deletion request

11.4 Secure Deletion

We employ industry-standard secure deletion practices:

• Multi-pass overwriting of deleted data on storage devices
• Cryptographic erasure for encrypted data stores
• Physical destruction of decommissioned storage hardware
• Verification of deletion completion through automated auditing

Our Services are not directed to individuals under 18 years of age, and we do not knowingly collect personal information from children. If we learn we have collected personal information from a child under 18, we will delete that information promptly.

We may update this Privacy Policy periodically to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the “Effective Date” at the top of this policy
• Providing email notification of significant changes
• In-app notifications about policy updates

Your continued use of the Services after such changes constitutes your acceptance of the revised Privacy Policy.

This Privacy Policy is tailored to the specific features and functionality of our Kairos IQ platform. We recommend consulting with legal counsel to ensure full compliance with applicable laws and regulations in your jurisdiction.