Privacy Policy

This Policy applies to information processed in connection with the Services. Depending on your role, we may process information as a controller (for example, for our website visitors and account owners) and as a processor when we host or process content on behalf of our business customers in accordance with their instructions and our agreements with them.

2.1 Account and contact information

We collect identifiers and contact details you provide when you create an account, subscribe to updates, request support, or communicate with us, such as name, email address, company name, billing details, and message content.

2.2 Usage and device data

We automatically collect certain technical data when you use our web properties or dashboards, such as IP address, device type, browser version, approximate location derived from IP, referral URLs, and diagnostic logs needed to operate and secure the Services.

2.3 Cookies and similar technologies

We use cookies, local storage, and similar technologies for authentication, preferences, security, analytics, and (where applicable) to measure the effectiveness of communications. You can control cookies through your browser settings; disabling certain cookies may limit functionality.

2.4 Voice platform and call-related data

To provide realtime voice experiences, we process audio streams, transcripts, telephony metadata (such as numbers, timestamps, call status, carrier information), assistant configurations, prompts, and tool or webhook payloads that you route through the platform. Retention and optional controls depend on your plan, dashboard settings, and documentation for the features you enable.

2.5 Information from third parties

We may receive information from service providers (such as payment processors, authentication providers, or analytics vendors) and from publicly available sources for fraud prevention, security, or account verification.

We use personal information to:

• Provide, operate, maintain, and improve the Services;
• Authenticate users, secure accounts, and detect abuse or fraud;
• Process payments, fulfill orders, and send administrative messages;
• Provide customer support and respond to inquiries and feedback;
• Analyze aggregate usage to improve reliability, latency, and product experience;
• Send optional product updates or marketing communications where permitted (you can opt out as described in those messages);
• Comply with law, enforce our terms, and protect rights and safety.

We may share information with:

• Service providers that host infrastructure, process payments, deliver email, provide analytics, or assist with security and customer support, subject to contractual obligations.
• Model, speech, and telephony partners when you configure integrations that require those subprocessors to deliver realtime voice, transcription, or connectivity features you select.
• Professional advisers such as auditors or counsel, where bound by confidentiality.
• Authorities when required by law, legal process, or to protect vital interests, consistent with applicable law.
• Business transfers in connection with a merger, acquisition, financing, or sale of assets, with notice where required.

We do not sell your personal information for money as that term is commonly defined under U.S. state privacy laws.

We may process information in the United States and other countries where we or our providers operate. When we transfer personal information from regions with data transfer requirements, we implement appropriate safeguards such as standard contractual clauses or other mechanisms permitted by law.

We retain information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and configuration; for example, call media or logs may be retained for shorter periods when zero-retention style controls apply, as described in product documentation for eligible configurations.

We implement technical and organizational measures designed to protect personal information, including encryption in transit, access controls, monitoring, and vendor reviews. No method of transmission or storage is completely secure; we encourage strong credentials, MFA where available, and careful handling of API keys.

Depending on where you live, you may have rights to access, correct, delete, or export personal information, or to object to or restrict certain processing. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact us at hello@karasu-labs.com. We may need to verify your request and may decline requests where permitted by law (for example, where information is needed to provide the Services you have requested or to meet legal obligations).

The Services are not directed to children under sixteen (16), and we do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps.

Residents of certain U.S. states may have additional rights under local laws (for example, to know categories of data collected, to access or delete certain information, and to appeal denials). Where the law applies and we are acting as a business, you may submit requests as described in Section 8. We will not discriminate against you for exercising rights granted by law.

If we process personal information subject to GDPR or UK GDPR, our lawful bases can include contract, legitimate interests (such as securing and improving the Services), consent where required, and legal obligation. You may contact us to exercise GDPR rights; you may also contact your local supervisory authority.

We may update this Policy from time to time. We will post the revised Policy on this page and adjust the "Last updated" date. Material changes may be communicated through the Services or by email when appropriate.

Karasu Labs. Privacy inquiries: hello@karasu-labs.com