Legal

Privacy Policy

Last updated: 26 May 2026

This Privacy Policy explains what personal data Kelo collects, how it is used, and what rights you have over it. We have written it in plain language because privacy is something you should be able to understand without a solicitor.

1. Who We Are

Kelo is a meeting intelligence product available at getkelo.co and via our iOS application. We are the data controller for personal data processed through the Service. If you have any questions about this Policy, contact us at kelo@alxstudio.ie.

2. Data We Collect

  • Account data. Your email address and a hashed password, stored securely by Supabase. If you use Sign in with Apple, we receive only the email address you authorise Apple to share.
  • Payment data. Processed entirely by Stripe. Kelo never sees or stores your card number or billing details. We receive only a Stripe customer ID and subscription status.
  • Audio recordings. Files you upload or record within the app. These are used solely for transcription and are permanently deleted immediately after. See Section 4.
  • Transcripts and Outputs. The text transcript produced by Whisper, and the six AI-generated Outputs (summary, action items, key decisions, email draft, explanation, chat history). Stored in your account and accessible only to you.
  • Technical data. Device type, browser or app version, and IP address, used for security monitoring and service reliability.

3. How We Use Your Data

  • To create and manage your account
  • To process your recordings and return AI-generated Outputs
  • To process subscription payments via Stripe
  • To send transactional emails such as account confirmation and billing receipts
  • To monitor for abuse, fraud, and security threats
  • To respond to support requests

We do not use your data for advertising. We do not sell your data to any third party. We do not use your transcripts or Outputs to train AI models.

4. Audio Data

Audio data deserves its own section because it is the most sensitive data in the Service. Here is exactly what happens to your recordings:

  1. You upload a file or record audio within the app.
  2. The audio is transmitted securely (TLS) to our server-side processing function.
  3. Our server sends the audio to OpenAI Whisper via the OpenAI API for transcription. This is the only third party that ever receives your audio.
  4. As soon as the transcript is returned, the original audio file is permanently deleted from our servers.
  5. The transcript is then processed by Claude AI to generate Outputs. No audio is involved at this stage.

By default, OpenAI does not use data submitted via the API to train or improve its models. You can verify this at openai.com/policies/api-data-usage-policies.

We retain no audio after transcription. No employee of Kelo has access to your recordings.

5. Third-Party Services

The following third-party services are used to operate Kelo. Each processes only the minimum data necessary.

SupabaseDatabase and authenticationsupabase.com/privacy
OpenAIAudio transcription only (Whisper API)openai.com/privacy
StripePayment processingstripe.com/privacy
AppleSign in with Apple (optional)apple.com/legal/privacy

6. Data Retention

  • Audio files: Deleted immediately after transcription. We retain zero audio.
  • Transcripts and Outputs: Retained until you delete the session or your account.
  • Account data: Retained until you delete your account, after which all personal data is permanently removed within 30 days.
  • Payment records: Stripe retains transaction records as required by financial regulations. Kelo retains only your subscription status.

7. Your Rights

If you are in the UK or European Economic Area, you have the following rights under GDPR and UK GDPR:

  • Access: request a copy of the personal data we hold about you
  • Rectification: request correction of inaccurate data
  • Erasure: request deletion of your personal data (you can also do this directly from your account settings)
  • Portability: receive your data in a machine-readable format
  • Restriction: request that we restrict processing of your data
  • Objection: object to processing based on legitimate interests

To exercise any of these rights, email kelo@alxstudio.ie. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK at ico.org.uk, or your local supervisory authority in the EEA.

8. Security

We use industry-standard security practices: all data is encrypted in transit using TLS and encrypted at rest by Supabase. Row Level Security policies ensure your data is accessible only to your account. No Kelo employee has access to your audio or transcripts.

No system is perfectly secure. In the event of a data breach that affects your personal data, we will notify you and the relevant supervisory authority as required by law.

9. Children's Privacy

Kelo is not directed to persons under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify you by email. Continued use of the Service after changes are posted constitutes your acceptance.

11. Contact

For any privacy questions or to exercise your rights, contact us at kelo@alxstudio.ie.

For Terms of Service, see our Terms of Service page.