Documentation
Our mission Steward ownership Careers Contact Privacy policy Terms of Service Data Processing Agreement Sub-processor list Tools we use Cookie policy Responsible disclosure

Privacy policy

Last updated: 14 May 2026

Klai B.V. i.o. is based in the Netherlands and operates the Klai platform. This explains what data we collect, what we do with it, and what you can ask us to do.

Our role

When you visit our website (getklai.com), Klai is the data controller. We decide what data is collected and why.

When you use the Klai platform as part of an organisation’s subscription, Klai is the data processor. Your organisation is the controller — they decide what data is submitted to the platform. Our obligations as processor are set out in the Data Processing Agreement.

What we collect

Account data. Your name, email address, and company name. We need this to run your account. Legal basis: performance of contract (Article 6(1)(b) GDPR).

Usage data. Which features you use, when, and how often. This is pseudonymised (we record events tied to an internal ID, not your name or email). We use this to improve the product. We do not share it with anyone. Legal basis: legitimate interest (Article 6(1)(f) GDPR).

AI query processing and telemetry. The content of your AI queries and any documents you upload is processed to generate a response. Queries are sent to Mistral AI (France) for AI inference. Mistral does not retain query data. By default, your workspace runs in shadow telemetry mode: Klai does not store the literal text of your queries after processing. Shadow mode only records limited, short-lived telemetry derived from the query, such as a vector fingerprint and retrieval-quality metadata, so we can detect whether search and retrieval are working well. If your workspace admin explicitly switches telemetry to full mode at getklai.getklai.com/admin/settings, Klai may temporarily store literal query text for debugging. Full-mode query content is deleted after 7 days. Legal basis: performance of contract (Article 6(1)(b) GDPR).

Website analytics. When you visit getklai.com, we measure page views, click events, and referral sources using Umami, a privacy-friendly analytics tool that runs on our own servers. Umami does not use cookies and does not collect any personally identifiable information. Legal basis: legitimate interest (Article 6(1)(f) GDPR).

Audit logs. When you perform administrative actions on the platform (inviting a user, changing settings), we record the action, the actor, and a timestamp. These logs contain no message content — only metadata. We keep them for security and compliance purposes. Legal basis: legitimate interest (Article 6(1)(f) GDPR).

Billing data. Your billing contact details: name, company name, address, email address, Chamber of Commerce number (KvK), VAT number, and bank account number (IBAN) for SEPA direct debit. This data is processed by our billing platform Moneybird B.V. We never see or store payment card details. Moneybird retains billing records for seven years to comply with Dutch fiscal retention obligations (Article 52 AWR). Legal basis: performance of contract (Article 6(1)(b) GDPR).

What we do not do

  • Sell your data
  • Train AI models on your data
  • Transfer your data outside the European Economic Area
  • Use your data for advertising

That last point is worth saying plainly: Klai has no advertising business. There is no revenue model that requires us to know more about you than we need to run the service.

Where your data lives

All data is processed and stored within the European Economic Area. Account and usage data lives on our own infrastructure at Hetzner in Finland and Germany. Query content is sent to Mistral AI in France for AI inference and is not retained by Mistral after processing. Klai does not store literal query text by default. If full telemetry mode is enabled for debugging, literal query text is retained for no longer than 7 days. Billing data is stored by Moneybird at Amazon Web Services (Germany) and Google Cloud (Netherlands). All providers operate under contracts that comply with GDPR. See our sub-processor list for details.

Your rights

Under GDPR, you can ask us to:

  • Show you the data we hold about you
  • Correct anything that is wrong
  • Delete your account and associated data
  • Stop processing your data in specific ways
  • Give you a copy of your data in a portable format

To use any of these rights, email us.

Contact

Klai B.V. i.o.
Lubeckweg 2
9723HE Groningen
The Netherlands
E-mail: rights@getklai.com