Legal · Privacy

Privacy Policy

Kritos AG · Churerstrasse 158, 8808 Pfäffikon, SwitzerlandLast updated: 29 April 2026
Privacy PolicyTerms of Service

1. Introduction

Kritos AG ("Kritos," "we," "us," or "our") operates the Agent K platform and the website at kritos.ai (together, the "Service"). This Privacy Policy explains how we collect, use, store, and protect information when you visit our website or use our platform.

We are committed to protecting your privacy and handling your data responsibly. Where the EU General Data Protection Regulation ("GDPR"), the Swiss Federal Act on Data Protection ("FADP"), or other applicable data protection laws apply, we act as a data controller for the data described in Sections 2 and 3, and as a data processor for Customer Data described in Section 4.

2. Information We Collect

2.1 Information you provide to us

  • Account information: When you create an account, we collect your name and email address via Google Single Sign-On (SSO). We do not collect or store passwords.
  • Communications: If you contact us by email or through our website, we collect the content of those communications.
  • Billing information: If you subscribe to a paid plan, we collect payment details through our third-party payment processor. We do not store credit card numbers on our systems.

2.2 Information collected automatically

  • Usage data: We collect information about how you interact with the Service, including features used, actions taken, timestamps, and session duration. This data is collected in anonymised or pseudonymised form where possible.
  • Device and browser information: We collect standard technical information such as browser type, operating system, and screen resolution.
  • Log data: Our servers automatically record information including your IP address, request times, and referring URLs.
  • Cookies: We use essential cookies required for the Service to function, and with your consent, analytics cookies to improve the Service. We do not use advertising or tracking cookies. See Section 8 for details.

2.3 Information from third-party integrations

Where you connect third-party services to the platform (such as Granola for meeting transcripts or Google Drive for document export), we receive data from those services as necessary to provide the requested functionality. We only access what is needed and do not retain third-party data beyond what is required for the Service.

3. How We Use Your Information

We use the information described in Section 2 for the following purposes:

  • Providing the Service: Operating the platform, authenticating users, and delivering features you request. Legal basis: performance of a contract (GDPR Art. 6(1)(b)) or, where no contract is in place, our legitimate interest in providing the Service.
  • Improving the Service: Analysing usage patterns to understand how the platform is used and to inform product development. We minimise the use of identifiable personal data for this purpose and rely on anonymised or pseudonymised data where practicable. Legal basis: your consent (GDPR Art. 6(1)(a)) for analytics cookies; our legitimate interest (GDPR Art. 6(1)(f)) for anonymised usage analysis.
  • Communications: Responding to your enquiries, sending service-related notices (e.g., downtime, security alerts, material changes to the Service), and providing onboarding support. Legal basis: performance of a contract or our legitimate interest in communicating with users.
  • Security and compliance: Detecting and preventing fraud, abuse, or security incidents, and complying with applicable legal obligations. Legal basis: our legitimate interest in maintaining security (GDPR Art. 6(1)(f)) and compliance with legal obligations (GDPR Art. 6(1)(c)).
We do not sell your personal data. We do not use your personal data for advertising or profiling.

4. Customer Data

When you use the Agent K platform, you and your organisation upload and create documents, files, analyses, and other materials ("Customer Data"). Customer Data is governed by your organisation's agreement with Kritos (the Beta Services Agreement or subsequent commercial agreement), not this Privacy Policy.

In summary:

  • Customer Data is used solely to provide the Service to your organisation.
  • Customer Data is not used to train or fine-tune AI models in a manner that would embed or reproduce it.
  • Customer Data is not shared with other customers or third parties, except for transmission to sub-processors necessary to operate the platform (such as AI model providers).
  • Customer Data is logically isolated from other customers' data.
  • Customer Data is deleted upon termination of your organisation's agreement, in accordance with the terms of that agreement.

For full details on how Customer Data is handled, please refer to your organisation's agreement with Kritos and the associated Data Processing Agreement.

5. Sub-Processors and Third-Party Services

We use third-party service providers to operate the platform. These include cloud infrastructure providers, AI model providers, authentication services, analytics providers (PostHog), error monitoring services (Sentry), and meeting transcript services. Each sub-processor is bound by contractual data protection obligations.

A current list of sub-processors is maintained at /sub-processors.

6. International Data Transfers

Kritos is based in Switzerland. Some of our sub-processors operate in the United States or other countries outside the European Economic Area (EEA) and Switzerland. Where personal data is transferred outside the EEA or Switzerland, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or applicable adequacy decisions.

7. Data Retention

  • Account information is retained for as long as your account is active, plus a reasonable period thereafter for legitimate business purposes (e.g., responding to enquiries, maintaining audit records).
  • Usage data and logs are retained in anonymised or aggregated form. Identifiable log data is retained for no longer than 12 months.
  • Customer Data is retained and deleted in accordance with the applicable customer agreement.
  • Communications (e.g., support emails) are retained for as long as reasonably necessary to resolve the matter and maintain records.

8. Cookies

We use the following categories of cookies:

Essential cookies

These cookies are strictly necessary for the Service to function. They do not require your consent.

CookiePurposeDuration
Session cookieAuthentication and session managementSession / short-lived

Analytics cookies

With your consent, we use analytics cookies to understand how the Service is used and to improve it. We use PostHog for product analytics (hosted in the EU) and Sentry for error and crash monitoring (EU hosting available).

CookiePurposeDuration
PostHog analyticsFeature usage, session analysis, product improvementUp to 1 year
SentryError monitoring, crash reporting, performance trackingSession / short-lived

Analytics cookies are only set after you provide consent via our cookie banner. You may withdraw your consent at any time through the cookie settings link in the footer of our website. If you decline analytics cookies, the Service will continue to function normally.

We do not use advertising or third-party tracking cookies.

9. Your Rights

Depending on your location, you may have the following rights under applicable data protection law:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate personal data.
  • Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Restriction: Request that we restrict processing of your personal data in certain circumstances.
  • Portability: Request a copy of your personal data in a structured, machine-readable format.
  • Objection: Object to processing of your personal data where we rely on legitimate interest as the legal basis.
  • Withdraw consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, contact us at privacy@kritos.ai. We will respond within the timeframe required by applicable law (generally 30 days).

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with a supervisory authority. For Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC). For the EU, this is the supervisory authority in your country of residence.

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption of data in transit and at rest, access controls, and periodic security reviews. For details on our security programme as it relates to Customer Data, please refer to the Data Processing Agreement associated with your organisation's agreement.

11. Children

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on our website with a revised "Last updated" date. Where required by applicable law, we will provide additional notice (e.g., by email).

13. Contact

If you have questions about this Privacy Policy or our data practices, please contact:

Kritos AGChurerstrasse 158
8808 Pfäffikon, Switzerland
Email: privacy@kritos.ai

See also: Terms of Service →