Privacy Policy

1. Introduction

This Privacy Policy describes how KlusAI Labs SRL ("KlusAI", "we", "us", or "our"), a company registered in Cluj-Napoca, Romania, collects, uses, and protects your personal data when you use our websites, products, and services.

As an EU-based company, we are subject to and fully comply with the General Data Protection Regulation (GDPR) and other applicable EU and Romanian data protection laws. Your data is processed and stored within the European Union.

2. Data Controller

KlusAI Labs SRL is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at:

• Email: [email protected]
• Location: Cluj-Napoca, Romania

3. Information We Collect

We collect information you provide directly to us, as well as information collected automatically when you use our services.

Information You Provide

• Account information (name, email address, password)
• Contact information when you reach out to us
• Payment information (processed securely by our EU-based payment providers)
• Communications you send to us
• Information provided in connection with our services

Information Collected Automatically

• Device and browser information
• IP address and approximate location
• Usage data and analytics
• Cookies and similar technologies (see Cookies section below)

4. Legal Basis for Processing

Under the GDPR, we process your personal data based on the following legal grounds:

• Contract: Processing necessary for the performance of a contract with you or to take steps at your request before entering into a contract (e.g., providing our services)
• Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services, security, and fraud prevention, where these interests are not overridden by your rights
• Consent: Where you have given explicit consent to the processing (e.g., marketing communications, non-essential cookies)
• Legal Obligation: Processing necessary to comply with legal obligations under EU or Romanian law

5. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and requests
• Develop new products and services
• Monitor and analyze trends, usage, and activities
• Detect, prevent, and address fraud and security issues
• Send marketing communications (where you have consented)

6. Information Sharing

We do not sell your personal data. We may share your information in the following circumstances:

• With your consent: When you explicitly agree to the sharing
• Service providers: With EU-based service providers who assist in our operations, bound by data processing agreements
• Legal requirements: To comply with applicable EU or Romanian laws, regulations, or legal processes
• Protection of rights: To protect the rights, property, and safety of KlusAI, our users, and the public
• Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate protections

7. International Transfers

As an EU-based company, your data is primarily processed and stored within the European Union. We do not transfer personal data outside the EU/EEA unless:

• The destination country has an adequacy decision from the European Commission
• Appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs)
• You have explicitly consented to the transfer

Our EU-native infrastructure means your data remains under EU jurisdiction, avoiding complexities related to transatlantic data transfers.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments
• ISO 27001 certified information security management

For more details, see our Security page.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right Regarding Automated Decision-Making: Not be subject to decisions based solely on automated processing with legal or significant effects

To exercise any of these rights, please contact us at [email protected]. We will respond within one month as required by GDPR.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For Romania, this is:

Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Website: www.dataprotection.ro

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• For the duration of our contractual relationship
• As required by applicable laws (e.g., tax and accounting requirements)
• To resolve disputes and enforce our agreements

When data is no longer needed, we securely delete or anonymize it.

11. Cookies and Tracking Technologies

This section explains how we use cookies and similar tracking technologies on our website, in accordance with EU ePrivacy Directive requirements.

What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites function properly and provide information to website owners.

Types of Cookies We Use

Essential Cookies

These cookies are necessary for the website to function properly. They enable core functionality such as security, session management, and accessibility. These cookies do not require consent under EU law.

• Session cookies for user authentication
• Security cookies to prevent fraud
• Load balancing cookies for performance

Analytics Cookies

These cookies help us understand how visitors interact with our website. We only set these cookies with your prior consent.

• Page views and navigation paths
• Time spent on pages
• Traffic sources

Functional Cookies

These cookies enable enhanced functionality and personalization. They require your consent.

• Language and region preferences
• Display preferences (e.g., dark mode)
• Previously entered form data

Managing Cookie Preferences

When you first visit our website, you will be presented with a cookie consent banner allowing you to accept or reject non-essential cookies. You can change your preferences at any time by:

• Browser settings: Most browsers allow you to refuse or delete cookies
• Cookie settings: Adjust preferences through our cookie consent tool

Please note that disabling certain cookies may impact the functionality of our website.

Cookie Retention

• Session cookies: Deleted when you close your browser
• Persistent cookies: Retained for a set period (typically 1–12 months)
• Analytics cookies: Typically retained for up to 13 months

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website with a new "Last updated" date. For significant changes, we may also notify you by email.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at [email protected].