KaiZilla
← Back to app

Privacy Policy

Effective date: 21 April 2026

1. Who we are

This Privacy Policy is issued by KaiZilla AB, a company registered in Sweden under organisation number 559123-4567, with registered office at Kungsgatan 12, 111 43 Stockholm, Sweden ("KaiZilla", "we", "us", or "our").

KaiZilla is the Data Controller for the personal data you provide directly when registering and using our service. For the business and financial records that we retrieve from the external systems you choose to connect, KaiZilla acts as a Data Processor and you are the Data Controller.

2. What data we collect

2.1 Account data (directly from you)

2.2 Connection credentials

When you choose to connect an external data source, we store the credentials or tokens required to synchronise data on your behalf. Credentials are encrypted at rest using industry-standard cryptographic methods and are accessible only by the service processes that need them to perform the synchronisation you have authorised.

2.3 Data retrieved from connected systems

When you connect an external system, we retrieve the records required to deliver the features you have enabled. Depending on the system and the features you configure, this may include:

We only retrieve data categories that are necessary for the features you have enabled. You can review and change which categories are enabled at any time from within the application.

2.4 Usage and technical data

3. How we use your data

PurposeLegal basis (GDPR Art. 6)
Provide the reporting, analytics, and automation features of the servicePerformance of contract
Authenticate users and protect account securityLegitimate interest; legal obligation
Send service and security notificationsPerformance of contract; legitimate interest
Detect and prevent fraud, abuse, and security incidentsLegitimate interest; legal obligation
Improve product quality and performanceLegitimate interest (aggregated / anonymised)
Comply with legal, tax, and accounting obligationsLegal obligation

We do not sell, rent, trade, or market your data, or the data we retrieve from systems you have connected, to any third party. We do not use your data to train general-purpose machine-learning models.

4. Automated processing and AI features

Parts of the service use automated processing, including machine learning, to generate summaries, answers, and insights. Inputs to these features may include a condensed, non-sensitive summary of your data together with the question you have asked. We use only service providers whose commercial terms prohibit the use of customer inputs to train general-purpose models. You can disable AI features in your account settings.

5. Data storage, location, and security

Your data is hosted within the European Union. We apply a defence-in-depth security approach including:

6. Data retention

We retain your data for as long as your account is active. When you disconnect an integration, the associated credentials are revoked and removed within 24 hours. When you delete your account, all personal data and data retrieved from connected systems are deleted within 30 days, except where retention is required by law (for example, Swedish accounting law requires certain records to be retained for 7 years) or where data has been fully anonymised for statistical purposes.

7. Your rights

Under GDPR and applicable local law you have the right to:

To exercise any of these rights, email privacy@kzilla.ai. We will respond within 30 days.

8. Sub-processors

We engage a limited number of reputable sub-processors to help deliver the service, covering categories such as infrastructure hosting, automated processing, delivery of notifications, and payment handling. Each sub-processor is bound by contractual obligations consistent with this Privacy Policy and with applicable data-protection law. A current list of categories and any material changes will be made available on request at privacy@kzilla.ai.

Where a sub-processor is located outside the European Economic Area, international transfers are protected by appropriate safeguards such as the Standard Contractual Clauses adopted by the European Commission.

9. Cookies

We use only strictly-necessary cookies to maintain your login session. We do not use advertising, marketing, or third-party tracking cookies. Session cookies are cleared when you log out.

10. Third-party integrations

You may choose to connect external systems to the service. Your use of those systems is governed by their own terms and privacy policies. We access those systems only via the official authorisation flows they provide and only for the purposes you enable. You can revoke our access to any connected system at any time from the settings of that system or from inside our application. Once revoked, we cease all access immediately and delete stored credentials within 24 hours.

We are not affiliated with, endorsed by, or a partner of any specific external provider unless expressly stated in writing. Trademarks belong to their respective owners.

11. Breach notification

In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the Swedish supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33, and we will notify affected users without undue delay.

12. Children

The service is a business-to-business product and is not directed at children under 16. We do not knowingly collect personal data from children.

13. Changes to this policy

We may update this Privacy Policy from time to time. The "Effective date" at the top of this page reflects the latest version. Material changes will be communicated by email to registered users at least 30 days before taking effect.

14. Contact

Data protection inquiries: privacy@kzilla.ai
General support: support@kzilla.ai
Postal address: KaiZilla AB, Kungsgatan 12, 111 43 Stockholm, Sweden