מדיניות פרטיות

Privacy Policy

Last Updated: March 23, 2026

Kal Solutions Group ("the Company") operates the KalOps.ai platform. This Privacy Policy explains how we collect, use, store, and protect your personal information.

1. Information We Collect

Account Information: Name, email address, phone number, company name, and billing information when you create an account or are added as a contact.

Usage Data: Pages visited, features used, IP address, browser type, device information, and session data.

Communication Data: Messages sent via WhatsApp (through Green API provider), email (via self-hosted SMTP), and meeting scheduling data synced with Google Calendar.

AI Interaction Data: Conversations with AI agents, tool calls, and generated content within the Platform.

Voice Data: Voice messages received via WhatsApp are transcribed using Google Speech-to-Text. Audio is processed in real-time and not stored by Google after transcription.

Notification Data: Push notifications via Firebase Cloud Messaging (FCM) and Telegram Bot API for staff alerts.

2. How We Use Your Information

We use your information to: (a) provide and maintain the Platform; (b) process communications and automate workflows; (c) power AI agent features; (d) send service notifications via email, Telegram, and push; (e) comply with legal obligations; (f) prevent fraud and ensure security.

3. Third-Party Service Providers

We share data with the following categories of service providers, solely for providing the service:

  • AI Processing: Anthropic (Claude) and OpenAI — conversation data is sent for AI responses and is not stored by providers beyond the session.
  • WhatsApp Messaging: Green API — phone numbers and message content for WhatsApp delivery.
  • Calendar Sync: Google Calendar API — meeting titles, times, attendees synced via OAuth2.
  • Voice Transcription: Google Speech-to-Text — audio processed in real-time for WhatsApp voice messages.
  • Push Notifications: Firebase Cloud Messaging — device tokens and notification content.
  • Staff Alerts: Telegram Bot API — notification text sent to linked Telegram accounts.
  • Invoicing: Invoice4U — invoice data for Israeli electronic invoicing compliance.
  • Hosting: DigitalOcean — all data hosted on DigitalOcean servers in the EU region.

We do not sell your personal data. All third-party providers process data only as instructed by us.

4. AI Data Processing & Guardrails

The Platform uses AI agents (AVA, ATLAS, SAGE, FELIX, SCOUT, NOVA) powered by Anthropic Claude and OpenAI. Data sent to AI providers includes conversation context, CRM entity data (lead/client names, emails, project details), and tool execution parameters. AI providers process data per their respective data processing agreements. We apply a two-layer guardrail system (regex pattern matching + AI content review) to filter sensitive data and block harmful content before delivery.

5. Data Storage and Security

Your data is stored on DigitalOcean servers. We implement the following security measures:

  • TLS/SSL encryption for all data in transit
  • Database access restricted to application service accounts
  • Role-based access controls within the Platform
  • CSRF protection on all forms
  • XSS input filtering
  • Session management with secure cookies
  • AI message guardrail pipeline

DigitalOcean volumes use AES-256 encryption at rest. All API integrations use secure token-based authentication (OAuth2, JWT, API keys). We conduct regular security reviews and maintain GDPR compliance through built-in consent management, data portability, and right-to-erasure workflows.

6. Data Retention

We retain your data for as long as your account is active. Communication logs (WhatsApp messages, email records, meeting history) are retained indefinitely for business continuity. Upon account termination request, we will work with you to export and delete your data within a reasonable timeframe. The Platform includes GDPR-compliant right-to-erasure workflows for data deletion requests.

7. Your Rights

You have the right to: (a) access your personal data; (b) correct inaccurate data; (c) request deletion of your data; (d) export your data; (e) object to certain processing; (f) withdraw consent. To exercise these rights, contact privacy@kalops.ai. We will respond within 30 days.

GDPR Compliance: We are GDPR compliant. We process data under legitimate business interest (Article 6(1)(f)) and explicit consent where applicable. The Platform includes built-in GDPR tools: consent purpose management, data portability exports, right to erasure, and consent audit trails. Our Data Protection Officer (DPO) is Adv. Tal Yaron, reachable at privacy@kalops.ai. For EU data subjects with unresolved concerns, you may lodge a complaint with your local supervisory authority.

8. Cookies

The Platform uses a single session cookie (ci_session) essential for authentication. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

9. International Transfers

Your data may be processed in: (a) the United States — for AI processing via Anthropic and OpenAI APIs; (b) various regions — for WhatsApp delivery via Green API. Our primary hosting is on DigitalOcean. We rely on the data processing agreements of our service providers to ensure adequate data protection for international transfers.

10. Children

The Platform is not intended for individuals under 16 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or Platform notification.

12. Contact

For privacy inquiries: privacy@kalops.ai
Kal Solutions Group
Israel