Privacy Policy

Kloey collects the data it needs to run a content-research tool for short-form creators — your account info, the creators you've told us to track, and the drafts you generate. We don't sell your data, we don't train models on your private drafts, and we don't post to your accounts.

Account data. Email, password hash, name, plan tier, billing details (processed by Stripe — we never see your card number).

Product data. The creators you track, the reels in your vault, the scripts you generate, the maps you build, your saved hooks. Scoped to your workspace.

Usage data. Pages you visit inside Kloey, buttons you click, generations you trigger. We use this to improve the product and squash bugs.

Public creator data. When you point Kloey at a public Instagram, TikTok, or Reddit profile, we ingest the public posts, captions, and transcripts. We only touch accounts you explicitly tell us to track.

• To run the product — radar refreshes, voice remixes, search.
• To bill you and prevent fraud.
• To send transactional emails (receipts, password resets, security alerts).
• To send product emails about new features. You can opt out at any time from a link in the email or from Settings.
• To debug and improve performance.

We do not use your private drafts, scripts, or workspace content to train Kloey's models or any third-party model.

We share data with the third parties we need to run the product:

• Stripe — payment processing.
• Supabase — database hosting (PostgreSQL).
• Vercel — application hosting.
• OpenRouter / Anthropic / OpenAI — LLM and transcription API calls. Generation inputs are processed ephemerally and are not used by these providers for training.
• Apify — public-data scraping for the radar.
• Resend — transactional email delivery.

We don't sell your data to advertisers, brokers, or anyone else. Period.

We use a session cookie to keep you logged in and a small set of first-party analytics cookies to count page views. We don't use third-party ad cookies.

We keep your account data for as long as your account is open. When you delete your account, we wipe your data within 30 days (the grace window exists in case you change your mind). Backups age out within 90 days.

Depending on where you live, you may have the right to access, correct, export, or delete the personal data we hold about you. Email privacy@kloey.ai and we'll get back to you within 30 days.

If you're in the EU/UK, you have the right to lodge a complaint with your local data protection authority.

Kloey isn't designed for kids under 13 and we don't knowingly collect data from them. If we discover an account belongs to a child, we delete it.

Kloey is operated from the United States and our infrastructure is hosted in US data centers. By using Kloey, you consent to your data being processed in the US.

We use industry-standard encryption in transit (TLS) and at rest. Passwords are stored as one-way hashes. Internal access to production data is limited to engineers who need it. No system is bulletproof — if a breach happens, we'll notify affected users within 72 hours.

If we materially change this policy we'll email registered users and post the change on this page. Continued use after changes means you accept the new policy.

Privacy questions: privacy@kloey.ai. Everything else: hello@kloey.ai.