Effective date: 21 April 2026
This Privacy Policy is issued by KaiZilla AB, a company registered in Sweden under organisation number 559123-4567, with registered office at Kungsgatan 12, 111 43 Stockholm, Sweden ("KaiZilla", "we", "us", or "our").
KaiZilla is the Data Controller for the personal data you provide directly when registering and using our service. For the business and financial records that we retrieve from the external systems you choose to connect, KaiZilla acts as a Data Processor and you are the Data Controller.
When you choose to connect an external data source, we store the credentials or tokens required to synchronise data on your behalf. Credentials are encrypted at rest using industry-standard cryptographic methods and are accessible only by the service processes that need them to perform the synchronisation you have authorised.
When you connect an external system, we retrieve the records required to deliver the features you have enabled. Depending on the system and the features you configure, this may include:
We only retrieve data categories that are necessary for the features you have enabled. You can review and change which categories are enabled at any time from within the application.
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide the reporting, analytics, and automation features of the service | Performance of contract |
| Authenticate users and protect account security | Legitimate interest; legal obligation |
| Send service and security notifications | Performance of contract; legitimate interest |
| Detect and prevent fraud, abuse, and security incidents | Legitimate interest; legal obligation |
| Improve product quality and performance | Legitimate interest (aggregated / anonymised) |
| Comply with legal, tax, and accounting obligations | Legal obligation |
We do not sell, rent, trade, or market your data, or the data we retrieve from systems you have connected, to any third party. We do not use your data to train general-purpose machine-learning models.
Parts of the service use automated processing, including machine learning, to generate summaries, answers, and insights. Inputs to these features may include a condensed, non-sensitive summary of your data together with the question you have asked. We use only service providers whose commercial terms prohibit the use of customer inputs to train general-purpose models. You can disable AI features in your account settings.
Your data is hosted within the European Union. We apply a defence-in-depth security approach including:
We retain your data for as long as your account is active. When you disconnect an integration, the associated credentials are revoked and removed within 24 hours. When you delete your account, all personal data and data retrieved from connected systems are deleted within 30 days, except where retention is required by law (for example, Swedish accounting law requires certain records to be retained for 7 years) or where data has been fully anonymised for statistical purposes.
Under GDPR and applicable local law you have the right to:
To exercise any of these rights, email privacy@kzilla.ai. We will respond within 30 days.
We engage a limited number of reputable sub-processors to help deliver the service, covering categories such as infrastructure hosting, automated processing, delivery of notifications, and payment handling. Each sub-processor is bound by contractual obligations consistent with this Privacy Policy and with applicable data-protection law. A current list of categories and any material changes will be made available on request at privacy@kzilla.ai.
Where a sub-processor is located outside the European Economic Area, international transfers are protected by appropriate safeguards such as the Standard Contractual Clauses adopted by the European Commission.
We use only strictly-necessary cookies to maintain your login session. We do not use advertising, marketing, or third-party tracking cookies. Session cookies are cleared when you log out.
You may choose to connect external systems to the service. Your use of those systems is governed by their own terms and privacy policies. We access those systems only via the official authorisation flows they provide and only for the purposes you enable. You can revoke our access to any connected system at any time from the settings of that system or from inside our application. Once revoked, we cease all access immediately and delete stored credentials within 24 hours.
We are not affiliated with, endorsed by, or a partner of any specific external provider unless expressly stated in writing. Trademarks belong to their respective owners.
In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the Swedish supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33, and we will notify affected users without undue delay.
The service is a business-to-business product and is not directed at children under 16. We do not knowingly collect personal data from children.
We may update this Privacy Policy from time to time. The "Effective date" at the top of this page reflects the latest version. Material changes will be communicated by email to registered users at least 30 days before taking effect.
Data protection inquiries:
privacy@kzilla.ai
General support:
support@kzilla.ai
Postal address: KaiZilla AB, Kungsgatan 12, 111 43 Stockholm, Sweden