Privacy Policy

1. Introduction

Kritmatta Limited ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI automation services.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Kritmatta Limited is the data controller for personal data processed through our services.

2. Information We Collect

We collect information you provide directly to us, including:

Personal Information

• Name and contact details (email address, phone number)
• Account credentials and profile information
• Billing and payment information
• Company name and business details
• Communications and correspondence with us

Usage Information

• Log data (IP address, browser type, operating system)
• Service usage patterns and preferences
• AI agent interactions and configurations
• Integration data from connected services

Cookies and Tracking

We use cookies and similar tracking technologies to maintain sessions, remember preferences, and analyse usage. You can control cookies through your browser settings.

3. How We Use Your Information

We use your information for the following purposes:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send technical notices and support messages
• Respond to comments, questions, and requests
• Monitor and analyse usage trends
• Detect, prevent, and address technical issues
• Comply with legal obligations
• With consent, send marketing communications

4. Legal Basis for Processing

We process your personal data based on:

• Contract: To perform our services and fulfill our agreement with you
• Legitimate Interests: To improve services, ensure security, and conduct business operations
• Consent: For marketing communications and optional features
• Legal Obligations: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Third parties who assist in operating our services
• Integration Partners: Services you choose to connect with our platform
• Legal Requirements: When required by law or to protect rights and safety
• Business Transfers: In connection with mergers, acquisitions, or asset sales
• Consent: With your explicit consent for specific purposes

We do not sell your personal data to third parties.

6. International Data Transfers

Your information may be transferred to and processed in countries outside the UK. We ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by the UK ICO
• Adequacy decisions where applicable
• Your explicit consent where required

7. Data Retention

We retain personal data for as long as necessary to provide our services and fulfill the purposes described in this policy. Retention periods vary based on:

• Nature of the data and purpose of processing
• Legal and regulatory requirements
• Business and operational needs

Account data is retained for the duration of your subscription plus 30 days. Financial records are kept for 7 years as required by UK tax law.

8. Your Rights

Under UK GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request limited processing of your data
• Portability: Receive your data in a machine-readable format
• Object: Object to certain processing activities
• Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at privacy@kritmatta.com. We will respond within one month.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Regular security assessments and testing
• Access controls and authentication measures
• Employee training on data protection
• Incident response procedures

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the information promptly.

11. Third-Party Links

Our services may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to review their privacy policies before providing personal information.

12. Marketing Communications

With your consent, we may send promotional emails about new features, products, or services. You can opt-out at any time by:

• Clicking "unsubscribe" in any marketing email
• Updating your account preferences
• Contacting us directly

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through our services. Your continued use after changes constitutes acceptance of the updated policy.

14. Complaints

If you have concerns about our data processing, please contact us first. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

15. Contact Information

For privacy-related questions or to exercise your rights, contact us at: