Privacy Policy

Last updated: March 28, 2026

1. Introduction

Welcome to Kayvo ("we," "us," or "our"). We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at kayvo.me (the "Website").

This policy applies to all visitors and users of our Website, regardless of location. We have designed this policy to comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable US state privacy laws.

By using our Website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this policy, please do not access our Website.

2. Data Controller

For the purposes of the GDPR and UK GDPR, the data controller responsible for your personal data is:

Kayvo
[YOUR ADDRESS]
Email: privacy@kayvo.me

3. Information We Collect

3.1 Information Collected Automatically

When you visit our Website, certain information is collected automatically through your interaction with our services. This includes:

IP Address: Your Internet Protocol address, which may identify your approximate geographic location and Internet Service Provider.
Browser and Device Information: Browser type and version, operating system, device type, screen resolution, and language preferences.
Usage Data: Pages visited, referring and exit URLs, date and time of access, time spent on pages, clickstream data, and other standard server log information.
Approximate Location: We derive country, region, and city from your IP address via Cloudflare. This is approximate and does not pinpoint your exact location.
Cookies and Similar Technologies: We may use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. Please see Section 8 (Cookies) for more details.

3.2 Information You Provide Voluntarily

We may also collect information that you voluntarily provide to us, such as when you:

Join our waitlist by submitting your email address
Fill out a contact form or send us an enquiry
Subscribe to a newsletter or mailing list
Submit feedback or participate in surveys

This information may include your name, email address, and any other information you choose to provide.

4. How We Use Your Information

4.1 Purposes of Processing

We use the information we collect for the following purposes:

Providing, operating, and maintaining our Website
Managing our waitlist and notifying you when early access is available
Ensuring the security and integrity of our Website and systems
Diagnosing technical issues and improving Website performance
Analysing usage trends and user behaviour to improve our services
Preventing fraud, abuse, and unauthorised access
Rate limiting to prevent automated abuse of our services
Responding to your enquiries and providing customer support
Sending administrative communications and service updates
Complying with legal obligations and enforcing our terms

4.2 Legal Basis for Processing (EEA and UK Visitors)

For visitors located in the European Economic Area (EEA) and the United Kingdom, we process your personal data based on the following legal grounds under Article 6 of the GDPR/UK GDPR:

Legitimate Interests (Article 6(1)(f)): We process IP addresses and related log data based on our legitimate interest in maintaining the security, performance, and availability of our Website, preventing fraud, and understanding how our Website is used. We have conducted a balancing test and determined that this processing is necessary for these purposes and does not override your fundamental rights and freedoms.
Consent (Article 6(1)(a)): Where required, we obtain your consent before placing non-essential cookies or sending marketing communications. You may withdraw consent at any time.
Legal Obligation (Article 6(1)(c)): We may process your data where necessary to comply with a legal obligation to which we are subject.
Contract (Article 6(1)(b)): Where you have entered into a contract with us, we process your data as necessary for the performance of that contract.

5. Third-Party Service Providers

We use certain third-party service providers to help us operate our Website and deliver our services. These providers may process your personal data on our behalf.

5.1 Cloudflare, Inc.

We use Cloudflare as a content delivery network (CDN), DNS provider, hosting platform (Cloudflare Pages), key-value storage (Cloudflare KV), and security service. Cloudflare processes certain data, including your IP address, to provide services such as:

Distributed Denial of Service (DDoS) protection
Web Application Firewall (WAF)
Content caching and performance optimisation
Bot management and threat detection
DNS resolution and traffic routing
Cookieless web analytics

Cloudflare processes this data as a data processor on our behalf and in accordance with their privacy policy, available at cloudflare.com/privacypolicy. Cloudflare is certified under the EU-US Data Privacy Framework, which provides a mechanism for lawful transfers of personal data from the EEA to the United States.

5.2 Resend

We use Resend to send internal notification emails when a new user joins our waitlist. Your email address may be included in these notifications. Resend processes this data as a data processor on our behalf. See Resend's Privacy Policy.

6. International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA or the UK, including the United States, where our service providers operate.

Where such transfers occur, we ensure that appropriate safeguards are in place to protect your personal data, including:

EU-US Data Privacy Framework certifications
Standard Contractual Clauses (SCCs) approved by the European Commission
UK International Data Transfer Agreements or Addendums
Adequacy decisions by the European Commission or UK authorities

You may request a copy of the safeguards we use by contacting us at the details provided in Section 13.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected.

Server Logs and IP Addresses: Visitor logs (IP address, location, pages visited, browser information) are stored in Cloudflare KV and automatically deleted after 90 days, unless a longer retention period is required by law or necessary for the establishment, exercise, or defence of legal claims.
Waitlist Email Addresses: Retained until you request removal or until the waitlist is no longer active.
Cookies: Retention periods vary by cookie type. See Section 8 for details.
Contact Enquiries: Retained for as long as necessary to respond to your enquiry and for a reasonable period thereafter.

When personal data is no longer needed, it is securely deleted or anonymised.

8. Cookies and Similar Technologies

Our Website uses cookies and similar tracking technologies. Cookies are small text files placed on your device when you visit a website.

8.1 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the operation of our Website. These cannot be disabled.
Performance and Analytics Cookies: We use Cloudflare Web Analytics, which is a privacy-focused, cookieless analytics service. It does not place tracking cookies on your device.
Functional Cookies: We use browser session storage to remember your consent acknowledgment. This is cleared when you close your browser tab.

8.2 Cloudflare Cookies

Cloudflare may set cookies on your device to support its security and performance services, including bot detection and challenge mechanisms. These are classified as strictly necessary cookies.

8.3 Managing Cookies

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our Website. For EEA and UK visitors, non-essential cookies will only be placed with your consent.

9. Your Rights

9.1 Rights for EEA and UK Residents

Under the GDPR and UK GDPR, you have the following rights with respect to your personal data:

Right of Access: You may request a copy of the personal data we hold about you.
Right to Rectification: You may request correction of inaccurate or incomplete data.
Right to Erasure: You may request deletion of your personal data in certain circumstances.
Right to Restrict Processing: You may request that we limit the processing of your data.
Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format.
Right to Object: You may object to processing based on legitimate interests, including profiling.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@kayvo.me. We will respond to your request within one month, subject to any applicable extensions permitted by law.

You also have the right to lodge a complaint with your local data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.

9.2 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the CCPA as amended by the CPRA:

Right to Know: You have the right to know what personal information we collect, use, disclose, and sell or share.
Right to Delete: You may request deletion of personal information we have collected from you.
Right to Correct: You may request correction of inaccurate personal information.
Right to Opt Out: You have the right to opt out of the sale or sharing of your personal information. We do not sell your personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights.

9.3 Rights Under Other US State Privacy Laws

Residents of Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws may have similar rights to those described above. Please contact us to exercise your rights under applicable state law.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and use of Cloudflare's security services.

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee its absolute security.

11. Children's Privacy

Our Website is not directed at children under the age of 16 (or 13 in the United States). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take steps to delete it promptly. If you believe we have collected information from a child, please contact us at privacy@kayvo.me.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on this page with a revised "Last Updated" date.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Kayvo
[YOUR ADDRESS]
Email: privacy@kayvo.me

For EEA and UK residents, if you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.