Privacy Policy
How Kleos collects, uses, shares, and protects personal data across prospect research, AI voice calling, appointment booking, and the Kleos AI coach. Kleos is a compliance-first system: data handling is a product gate, not an afterthought.
Who we are
Kleos operates an AI sales-operations platform used by business partners ("partners") to research prospects, run compliant AI voice outreach, book appointments, and coach their teams. Depending on the activity, Kleos acts either as a data controller (for our own website, accounts, and billing) or as a data processor acting on a partner's documented instructions (for that partner's prospect and customer data). The Data Processing Addendum governs the processor relationship.
Data we process
- Account data — partner name, company, work email, region, and login credentials handled by our authentication provider.
- Prospect and customer records — business contact details and records a partner imports or that Kleos sources from public business listings, with provenance tracked.
- Call data — call metadata (time, duration, outcome, disposition), and transcripts or recordings only where a campaign is configured for it with a lawful basis and required notice.
- Consent and suppression records — the consent ledger and do-not-call / opt-out suppression lists that gate outbound calling.
- Booking data — appointment times, meeting type, and free/busy availability (never event titles or attendees) read from a connected calendar.
- Product and billing data — usage/credit metering, plan, and Stripe-managed payment records (card data never touches Kleos).
- Kleos AI coach conversations — messages exchanged with the in-product coach, used to answer and, where enabled and reviewed, to improve the product.
How we use data
- To provide the platform: research, scoring, script preparation, compliant calling, booking, transcripts, and reporting.
- To enforce compliance gates: consent verification, suppression screening, calling-window checks, and AI-disclosure rules before any call.
- To operate accounts and billing, provide support, and secure the service.
- To improve Kleos under human review — learning candidates from transcripts and outcomes are redacted and reviewed before anything is retained; no model influences production until it passes our evaluation gates.
Lawful basis and consent
Outbound AI voice runs only against contacts with a documented lawful basis for the relevant region and call type. Consent, its wording and source, and any revocation are recorded in a consent ledger. Research and enrichment do not by themselves create calling permission — every record still passes the consent, suppression, channel, and campaign gates before any call.
Our lawful bases include performance of a contract (providing the service to partners), legitimate interests (securing and improving the platform, and a partner's reactivation of its own customers), and consent where required for automated/AI marketing calls.
Sharing and subprocessors
We do not sell personal data. We share it with vetted subprocessors strictly to run the service — voice, telephony, calendar, email, payments, AI, and infrastructure providers — each bound by data-protection terms. The current list is maintained in the Data Processing Addendum.
International transfers
Where data is transferred across borders (for example to US-based infrastructure), we rely on appropriate safeguards such as Standard Contractual Clauses and the UK addendum, and we minimize what is transferred.
Retention
We keep personal data only as long as needed for the purpose it was collected, to meet the partner's instructions, and to satisfy legal recordkeeping (for example, telemarketing records that must be retained under applicable rules). Suppression records are retained rather than deleted, so an opt-out keeps being honored.
Your rights
Depending on your region you may have rights to access, correct, delete, port, or restrict your data, and to object to direct marketing. Prospects and customers of a partner should contact that partner (the controller); we will assist them as processor. To exercise rights against Kleos directly, or to reach our data protection contact, email privacy@kleos.click or dpo@kleos.click.
Security
We apply tenant isolation (row-level security), least-privilege access, encryption of sensitive tokens at rest, audit logging, and safe-by-default gating so external actions stay off until explicitly enabled. See our Trust & Security page for detail.
Contact
Questions or requests: privacy@kleos.click. Postal and entity details will be published here before launch.