Skip to content
Kachi
Kachi Site navigation

Privacy Policy

Last updated: February 20, 2026

Introduction

Kachi AI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI visibility and attribution platform at kachi.ai.

Information We Collect

Information You Provide

  • Account information (name, email, company)
  • Contact form submissions
  • Communication preferences

Information Collected Automatically

  • Server access logs for analytics processing
  • Usage data and feature interactions
  • Device and browser information
  • Analytics data (only with your consent — see Cookie Policy)

Third-Party Integrations

When you connect integrations like Google Analytics 4 or Google Search Console, we access data according to your authorization and the permissions you grant.

How We Use Your Information

  • Provide and maintain the Kachi platform
  • Process and analyze server logs for AI visibility metrics
  • Generate reports and dashboards
  • Communicate with you about your account
  • Improve our services and develop new features
  • Comply with legal obligations

Lawful Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and United Kingdom, we process your personal data on the following lawful bases under Article 6 of the GDPR:

  • Contract performance — Processing necessary to deliver the Kachi platform and fulfil our agreement with you (e.g. account management, service delivery).
  • Legitimate interests — Processing necessary for our legitimate interests, such as security monitoring, fraud prevention, and improving our services, where those interests are not overridden by your rights.
  • Consent — Where you have given explicit consent, for example to receive marketing communications or to allow analytics cookies.
  • Legal obligation — Where processing is necessary to comply with a legal obligation to which we are subject.

Data Security

We implement enterprise-grade security measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls and multi-factor authentication
  • Regular security audits and vulnerability assessments
  • Secure cloud infrastructure on AWS

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy or as required by law. Specific retention periods:

  • Account data — Retained for the life of your account and deleted within 30 days of an account deletion request.
  • Server log data — Retained for up to 13 months, then aggregated or deleted.
  • Analytics data (Google Analytics 4) — Retained for up to 26 months per Google's default retention settings.
  • Contact form submissions — Retained for up to 3 years for support purposes, then deleted.
  • Billing records — Retained for 7 years as required by applicable tax and accounting laws.

Your Rights

Depending on your location, you may have the following rights regarding your personal data. To exercise any of these rights, please contact us.

  • Right of access — Request a copy of the personal data we hold about you.
  • Right to rectification — Request correction of inaccurate or incomplete data.
  • Right to erasure — Request deletion of your personal data ("right to be forgotten").
  • Right to data portability — Receive your data in a structured, machine-readable format.
  • Right to restriction — Request that we restrict the processing of your data in certain circumstances (e.g. while accuracy is contested).
  • Right to object — Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

If you are located in the EEA or UK, you also have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu. UK residents may contact the Information Commissioner's Office (ICO).

International Data Transfers

Kachi AI is based in the United States. If you are accessing our services from the EEA, UK, or other regions with data protection laws, your information may be transferred to and processed in the United States or other countries where our service providers operate.

Where we transfer personal data from the EEA or UK to countries not deemed adequate by the European Commission, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, or other lawful transfer mechanisms, to ensure an adequate level of protection.

Third-Party Services

We do not sell your data to third parties. We may use third-party service providers to help operate our platform, subject to confidentiality agreements and data processing agreements where required. Current third-party processors include:

  • Amazon Web Services (AWS) — Cloud hosting and infrastructure.
  • Google Analytics 4 — Website analytics (loaded only with your consent).

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete it promptly.

California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know — Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell.
  • Right to delete — Request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to correct — Request correction of inaccurate personal information.
  • Right to opt out of sale or sharing — We do not sell or share your personal information with third parties for cross-context behavioural advertising. No opt-out is required, but you may submit a request via our contact page to confirm.
  • Right to non-discrimination — We will not discriminate against you for exercising your CCPA rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality because you exercised your privacy rights.
  • Right to limit use of sensitive personal information — We do not use or disclose sensitive personal information for purposes beyond those permitted by the CPRA.

To exercise your California privacy rights, please contact us at [email protected] or via our contact page. We will respond within 45 days as required by law. We will verify your identity before processing your request.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice (e.g. by email).

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us or email us at [email protected].