Kairos Ai
This page summarizes data processing roles, GDPR principles and customer responsibilities for Kairos Ai.
For website visitors and direct customer account management, the Kairos Ai operator may act as data controller. For Meta Ads data processed on behalf of a customer, the operator may act as processor or service provider depending on the final customer agreement.
Customers must ensure they have a lawful basis and required permissions to connect advertising accounts, upload business data and allow Kairos Ai to process campaign and performance information.
Processing may include account authentication, campaign analysis, AI recommendation generation, reporting, billing, security, support, abuse prevention and legal compliance.
Possible legal bases include performance of a contract, legitimate interests, consent where required, compliance with legal obligations and customer instructions for processor activities.
Individuals may request access, correction, deletion, restriction, portability or objection where applicable. Requests should be sent to info@kairosadvision.com and may require identity verification.
Data may be processed in countries where hosting, payment, AI or support providers operate. Appropriate safeguards should be documented before production launch where legally required.
The final subprocessor list should include hosting, database, payment, email, analytics, logging, security and AI vendors. Customers should be notified of material changes where required by contract or law.
Recommended measures include encrypted transport, secret management, access controls, audit logs, backups, environment separation, least-privilege API permissions and incident response procedures.
Business customers may require a Data Processing Agreement. A final DPA should define subject matter, duration, data categories, subprocessors, confidentiality, security, deletion and audit rights.
Before launch, this page must be completed with the legal entity, registered address, contact person, DPA terms, subprocessor list and jurisdiction-specific KVKK/GDPR details.
