Kapis / Privacy Policy
Legal

Privacy Policy

Kapis AI Tech Pvt Ltd·Last updated: 6 July 2026·Effective: 6 July 2026

This policy is written in plain English on purpose. If you need the specifics that a regulator or your legal team will look for, keep reading — everything they expect is in here.

1. Who we are

Kapis (“Kapis”, “we”, “us”, “our”) is operated by Kapis AI Tech Pvt Ltd, a company incorporated in India. Kapis is a full-stack AI development company. Through kapis.ai and the AI Blueprint by Kapis product, we help enterprise, government and mid-market organisations diagnose where AI fits in their business and, if they choose to engage us, we design, build and operate that AI on the systems they already run.

This Privacy Policy explains how we collect, use, share and protect information when you visit kapis.ai or interact with the AI Blueprint by Kapis.

2. Scope

This policy applies to information we collect through:

  • The kapis.ai website and any sub-pages (including /insights).
  • The AI Blueprint by Kapis conversational tool.
  • Requests you send us by email (for example, to ops@kapis.ai).
  • Scheduling and booking flows we use to arrange calls (currently powered by Cal.com).

This policy does not cover websites, tools or services that are operated by third parties, even where we link to them.

3. Information we collect

3.1 Information you give us

  • What you type into the AI Blueprint. The business context, problem statements, goals, constraints, systems, data-access notes and any other content you share with the Blueprint during a conversation.
  • Contact information. If you request that we email you an AI Opportunity Plan (PDF) or book a call with our team, we collect the name, work email, phone number, company and any scheduling preferences you enter.
  • Direct communications. The content of emails, forms or messages you send to us, together with any files or attachments included in them.

3.2 Information collected automatically

  • Technical data. IP address (or a truncated version), device and browser type, operating system, referring URL, timestamps and pages visited.
  • Analytics. Aggregate usage data collected through Google Analytics 4 (property G-XY60FJMW5V) to understand which pages, articles and flows are working. IP addresses are truncated by Google before storage.
  • Cookies and similar technologies. See Section 12.

3.3 Sensitive categories

The AI Blueprint is designed for business context. Please do not paste into the Blueprint any government IDs, financial account numbers, payment card data, health data of identifiable individuals, precise geolocation of individuals, biometric identifiers, or other special-category personal data. If you share such data with us despite this notice, we will treat it as ordinary business information for the purpose of processing your request and delete it on reasonable notice.

4. How we use information

We use the information described above to:

  • Deliver the AI Blueprint. Route your conversation to our large-language-model provider, generate the AI Opportunity Brief, produce your AI Opportunity Plan and prepare for our follow-up call with you.
  • Respond to your requests, including scoping questions, requirement clarifications and follow-ups.
  • Send transactional communications such as the PDF plan you asked for and the calendar invite for your booked call.
  • Improve the service. Measure which flows work, identify usability problems, spot quality issues in the Blueprint's questions and outputs, and refine our AI models and prompts.
  • Comply with law and enforce our Terms of Use.
  • Secure the service, prevent abuse and investigate suspected breach or misuse.

We do not sell your personal data. We do not use the content of your Blueprint conversations for advertising. We do not share your business context with the general public.

5. Legal bases (for EU / UK / India visitors)

Where applicable law requires a legal basis, we rely on:

  • Contract / provision of service (GDPR Art. 6(1)(b); DPDP § 7(a)) — to deliver the AI Blueprint, produce your Plan and prepare for the call you asked for.
  • Legitimate interests (GDPR Art. 6(1)(f)) — for security, fraud prevention, service improvement, and communicating with prospective clients about the specific engagement they contacted us about. You can object to this basis at any time.
  • Consent (GDPR Art. 6(1)(a); DPDP § 6) — for analytics cookies where required by your jurisdiction, and for any optional marketing communications. You can withdraw consent at any time by emailing ops@kapis.ai.
  • Legal obligation (GDPR Art. 6(1)(c); DPDP § 7(g)) — where processing is required by law, court order or regulator.

6. Sharing your information

We share information only in the ways described here.

6.1 Sub-processors and service providers

We use a small number of trusted providers to run the service. Each is bound by contract to keep your data confidential and use it only to deliver the service to us:

  • Anthropic, PBC — provides the large language model that powers the AI Blueprint conversation. Anthropic states that API inputs and outputs are not used to train its default models. Data centre location: United States.
  • Netlify, Inc. — hosts kapis.ai and runs the streaming Edge Function that powers the Blueprint. Data centre locations: global (edge network).
  • Google LLC (Google Analytics 4) — website analytics with IP truncation. Storage: Google's global infrastructure.
  • Cal.com, Inc. — scheduling and calendar management for calls you book with us.
  • Hostinger International Ltd — provides our business email (ops@kapis.ai) and related mail infrastructure.
  • Cloudflare, Inc. — DNS resolution for kapis.ai and, where enabled, edge caching for public pages.
  • GitHub, Inc. — source-code hosting for the website itself (does not receive Blueprint conversation content).

We may add, replace or remove sub-processors as the service evolves. Where required by law, we will update this list.

6.2 Legal and safety disclosures

We may disclose information where we believe in good faith that disclosure is necessary to (a) comply with law, regulation, court order or lawful government request, (b) enforce our Terms of Use or investigate a suspected violation, (c) protect the rights, property or safety of Kapis, our clients, our users or the public, or (d) prevent fraud or security incidents.

6.3 Corporate transactions

If Kapis is involved in a merger, acquisition, restructuring, sale of assets or insolvency, information may be transferred as part of that transaction. In that event we will notify you and, where the law requires, give you a chance to object before your data is used under a materially different policy.

7. International data transfers

Because our team, sub-processors and clients are in multiple jurisdictions (including India, the United States, the European Union, the United Kingdom and the United Arab Emirates), your data may be transferred to and processed in countries other than the one you live in. Where transfers are made from the EU/UK, we rely on Standard Contractual Clauses (or equivalent safeguards) with our sub-processors. Where transfers involve India, we comply with the applicable requirements of the Digital Personal Data Protection Act, 2023.

8. Retention

We keep personal data only as long as we need it:

  • Blueprint conversation content — retained in temporary logs for up to 30 days for troubleshooting and quality review, unless you ask us to delete it sooner.
  • AI Opportunity Plans we've generated for you and any follow-up correspondence — retained while a live engagement or discussion is active, and then archived for up to 24 months so we can respond if you return to us.
  • Contact information — retained until you ask us to delete it, or until it has been inactive for 24 months, whichever is sooner.
  • Aggregated analytics — retained in line with Google Analytics' default retention settings (currently 14 months).
  • Records required by law (for example, tax, contracts, statutory correspondence) — retained for the period the law requires.

9. Security

We use reasonable technical and organisational measures to protect information under our control, including encryption in transit (HTTPS/TLS), secrets stored as server-side environment variables (never in client code), access controls on our infrastructure, isolation of the marketing/website account from the product build environment, and periodic review of sub-processor security postures. No system is perfectly secure. If you believe you've found a security issue, please email us at ops@kapis.ai.

10. Your rights

10.1 Everyone

Regardless of where you live, you may email ops@kapis.ai to request access to, correction of, or deletion of information we hold about you. We'll respond within a reasonable time (targeting 30 days).

10.2 If you are in India (DPDP Act, 2023)

You have the right to access, correction, completion, updating and erasure of your personal data; the right to grievance redressal; and the right to nominate someone to exercise your rights if you are unable to. To exercise these rights, contact the Grievance Officer named in Section 14.

10.3 If you are in the EU / UK (GDPR / UK GDPR)

You have the right to access, rectification, erasure, restriction of processing, data portability and objection to processing. You also have the right to lodge a complaint with your national data protection authority. Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing that took place before withdrawal.

10.4 If you are in California (CCPA/CPRA)

You have the right to know what personal information we've collected about you, to request deletion of that information, to correct inaccurate information, to opt out of any “sale” or “sharing” of personal information as those terms are defined by California law (we don't sell or share for cross-context behavioural advertising), and to non-discrimination for exercising your rights.

11. Cookies and similar technologies

We use a small number of cookies and browser-storage items to make the site work and to understand usage:

  • Strictly necessary — session state for the AI Blueprint, security tokens, and load-balancer routing. These cannot be disabled.
  • Analytics — Google Analytics 4 uses cookies (typically _ga and _ga_*) with IP truncation. Where required by law (for example, in the EU), we will only load these after you consent.

You can control cookies through your browser settings. Blocking strictly necessary cookies may cause parts of the site to stop working.

12. Children

kapis.ai and the AI Blueprint are business tools. They are not directed to children. We do not knowingly collect personal information from anyone under the age of 18 (or under the age the law defines as a minor in your jurisdiction). If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top will always reflect the most recent version. Material changes will be announced on kapis.ai at least seven days before they take effect, and we'll email registered contacts where we have their consent to do so.

14. How to contact us

Kapis AI Tech Pvt Ltd
Email: ops@kapis.ai
Website: https://kapis.ai/

Grievance Officer (India / DPDP Act, 2023): Piush Gupta — Founder & CEO. Please write to ops@kapis.ai with the subject line “Data protection query” and we will respond within the timelines required by law.

This document is provided as a general template that reflects our practices as of the effective date. It is not legal advice. If you are relying on this in a regulated context, please have your counsel review it against the exact laws that apply to you.