Privacy policy

Last updated: 28 March 2026

Klai B.V. is based in the Netherlands and operates the Klai platform. This explains what data we collect, what we do with it, and what you can ask us to do.

Our role

When you visit our website (getklai.com), Klai is the data controller. We decide what data is collected and why.

When you use the Klai platform as part of an organisation’s subscription, Klai is the data processor. Your organisation is the controller — they decide what data is submitted to the platform. Our obligations as processor are set out in the Data Processing Agreement.

What we collect

Account data. Your name, email address, and company name. We need this to run your account. Legal basis: performance of contract (Article 6(1)(b) GDPR).

Usage data. Which features you use, when, and how often. This is pseudonymised (we record events tied to an internal ID, not your name or email). We use this to improve the product. We do not share it with anyone. Legal basis: legitimate interest (Article 6(1)(f) GDPR).

Query data. The content of your AI queries and any documents you upload. Queries are sent to Mistral AI (France) for AI inference to generate a response. Mistral does not retain query data. We do not store query content after your session ends, unless you turn on session logging in your account settings. Legal basis: performance of contract (Article 6(1)(b) GDPR).

Website analytics. When you visit getklai.com, we measure page views, click events, and referral sources using Umami, a privacy-friendly analytics tool that runs on our own servers. Umami does not use cookies and does not collect any personally identifiable information. Legal basis: legitimate interest (Article 6(1)(f) GDPR).

Audit logs. When you perform administrative actions on the platform (inviting a user, changing settings), we record the action, the actor, and a timestamp. These logs contain no message content — only metadata. We keep them for security and compliance purposes. Legal basis: legitimate interest (Article 6(1)(f) GDPR).

Billing data. Your billing contact details: name, company name, address, email address, Chamber of Commerce number (KvK), VAT number, and bank account number (IBAN) for SEPA direct debit. This data is processed by our billing platform Moneybird B.V. We never see or store payment card details. Moneybird retains billing records for seven years to comply with Dutch fiscal retention obligations (Article 52 AWR). Legal basis: performance of contract (Article 6(1)(b) GDPR).

What we do not do

  • Sell your data
  • Train AI models on your data
  • Transfer your data outside the European Economic Area
  • Use your data for advertising

That last point is worth saying plainly: Klai has no advertising business. There is no revenue model that requires us to know more about you than we need to run the service.

Where your data lives

All data is processed and stored within the European Economic Area. Account and usage data lives on our own infrastructure at Hetzner in Finland. Query data is sent to Mistral AI in France for AI inference and is not retained after processing. Billing data is stored by Moneybird at Amazon Web Services (Germany) and Google Cloud (Netherlands). All providers operate under contracts that comply with GDPR. See our sub-processor list for details.

Your rights

Under GDPR, you can ask us to:

  • Show you the data we hold about you
  • Correct anything that is wrong
  • Delete your account and associated data
  • Stop processing your data in specific ways
  • Give you a copy of your data in a portable format

To use any of these rights, email us.

Contact

Klai B.V.
Lubeckweg 2
9723HE Groningen
The Netherlands
E-mail: rights@getklai.com

This document is published under CC BY 4.0. You are free to adapt it for your own organisation. Credit: Klai B.V.