Skip to main content

Privacy policy

v1.0.0

December 30, 2025

This Privacy Policy describes how Komos Technology, Inc. ("Komos," "we," "us," or "our") collects, uses, and shares information when you use our browser automation platform and related services (the "Service").

1. Information We Collect

Information You Provide:

  • Account information: name, email address, organization name
  • Payment information: processed securely by Stripe (we do not store card numbers)
  • Credentials you store: encrypted using AES-256-GCM before storage
  • Automation configurations and workflows you create
  • Documents and data you upload to the Service
  • Communications with us (support requests, feedback)

Information Collected Automatically:

  • Device information: IP address, browser type, operating system
  • Usage data: features used, automations run, pages visited
  • Log data: access times, errors, performance metrics
  • Cookies and similar technologies (see Section 7)

Information from Third Parties:

  • Authentication data from identity providers (Google, GitHub) if you use SSO

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process transactions and send related information
  • Send technical notices, updates, and security alerts
  • Respond to your inquiries and provide customer support
  • Monitor and analyze usage patterns to improve functionality
  • Detect, prevent, and address fraud, abuse, or security issues
  • Comply with legal obligations
  • Send marketing communications (with your consent)

AI and Model Training:

We may use aggregated, de-identified data from your use of the Service to train and improve our machine learning models. This helps us enhance automation accuracy, improve AI suggestions, and develop new features.

You may opt out of having your data used for model training by contacting privacy@komos.ai or through your account settings. Opting out will not affect your access to the Service.

We do NOT use your stored credentials, personal documents, or identifiable personal information for model training.

Legal Basis for Processing (GDPR):

  • Performance of contract: to provide the Service you requested
  • Legitimate interests: to improve and secure the Service
  • Consent: for marketing communications
  • Legal obligation: to comply with applicable laws

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information with:

Service Providers: Third-party companies that help us operate the Service.

Legal Requirements: When required by law, subpoena, or legal process, or to protect our rights, privacy, safety, or property.

Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred.

With Your Consent: When you direct us to share information with third parties.

4. Data Security

We implement industry-standard security measures to protect your information:

  • AES-256-GCM encryption for stored credentials
  • TLS 1.3 encryption for data in transit
  • Row-level security (RLS) in our database
  • JWT-based authentication
  • Regular security audits and monitoring
  • Access controls and authentication requirements

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: retained until account deletion
  • Automation logs: retained for 90 days
  • Payment records: retained for 7 years (legal requirement)
  • Support communications: retained for 3 years

Upon account deletion, we will delete or anonymize your data within 30 days, except where retention is required by law.

6. Your Rights and Choices

All Users:

  • Access, update, or correct your personal information via account settings
  • Delete your account and associated data
  • Opt out of marketing communications
  • Opt out of model training
  • Export your data in a portable format

California Residents (CCPA):

  • Right to know what personal information we collect and how it's used
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your rights

European Residents (GDPR):

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

To exercise these rights, contact us at privacy@komos.ai.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep you logged in
  • Remember your preferences
  • Analyze usage patterns
  • Improve the Service

Types of Cookies:

  • Essential cookies: required for the Service to function
  • Analytics cookies: help us understand how the Service is used
  • Preference cookies: remember your settings

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

8. Service Providers

We use trusted third-party service providers to help us operate the Service, including providers for:

  • Authentication and identity management
  • Cloud hosting and database services
  • Payment processing
  • Email delivery
  • Analytics and monitoring
  • AI and machine learning capabilities

These providers only access your information as necessary to perform services on our behalf and are contractually obligated to protect your data.

For enterprise customers, a complete list of sub-processors is available in our Data Processing Agreement (DPA). To request a DPA, contact legal@komos.ai.

9. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers are located. If you are located outside the United States, your information will be transferred to the U.S. in accordance with applicable data protection laws.

For transfers from the European Economic Area, we rely on Standard Contractual Clauses approved by the European Commission.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@komos.ai.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 30 days before they take effect. The "Effective" date at the top indicates when the policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Komos Technology, Inc.
Email: privacy@komos.ai
Palo Alto, CA