Privacy policy
Privacy policy
Clouds
Clouds

Privacy Policy

Last updated: April 2026

This Privacy Policy explains how Kitra ("Kitra", "we", "us", "our") collects, uses, stores, and protects personal data when you use our services.

Kitra is an all-in-one SaaS platform that allows businesses to create booking pages, schedule meetings, automatically record meetings via the Kitra Notetaker, generate AI-powered notes and summaries, and interact with meeting data through Kitra Intelligence — our AI assistant available to Premium members.

1. Company Information

Virtual Mailing Address:
30 N Gould St, STE R
Sheridan, WY 82801, USA

Work Address:
Ulpiane, Dëshmorët e Kombit
Prishtina, 10000 Kosovo

Email: support@kitra.io

2. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

  • Contractual necessity — to provide Kitra services you have requested
  • User consent — for calendar access, meeting recording, AI processing, and marketing cookies
  • Legitimate interest — for security, fraud prevention, and service improvement
  • Legal obligation — for billing, tax compliance, and regulatory requirements

3. Data We Collect

3.1 Account Information

  • Name, email address, profile photo
  • Username and profile bio
  • For email signup: Your password is securely hashed and stored by our authentication provider (Supabase). We never store or have access to your plaintext password.
  • For Google signup: No password is stored. We receive OAuth tokens to access your calendar with your permission.

3.2 Billing Information

  • Payment details are processed securely by Stripe
  • We do not store your full credit card number

3.3 Calendar Data

  • Calendar events, availability schedules, and scheduling metadata
  • Meeting times, titles, and attendee information

3.4 Meeting Content

When you use the Kitra Notetaker, we store:

  • Audio recordings — so you can listen to your meetings within the app
  • Text transcripts — the written record of what was said
  • Speaker mapping — attribution of who said what
  • AI-generated content — summaries, action items, and meeting titles
  • Semantic embeddings — vector representations of your meeting content used to power search and the Kitra Intelligence AI assistant

How we use audio:

  • For transcription (converting speech to text)
  • For playback within your Kitra account
  • Audio is automatically deleted after your retention period expires (30 days for Free Trial; unlimited for paid plans)

What we do NOT do with audio:

  • We do NOT create voice prints or biometric profiles
  • We do NOT use audio to train AI models
  • We do NOT sell or share audio with third parties
  • We do NOT retain audio beyond your plan's retention period

What we do NOT store:

  • Video recordings
  • Biometric voice data or voice prints

3.5 Booking Data

  • Guest names, email addresses, and booking details
  • Custom form responses provided by guests
  • Scheduling preferences and time zones

3.6 Kitra Intelligence Data

When Premium members use Kitra Intelligence (our AI assistant), we process:

  • Your questions and prompts — the queries you ask the AI assistant
  • Meeting context — relevant transcripts, summaries, and notes retrieved to answer your questions
  • Conversation history — your chat history with the AI assistant within a session

We do NOT:

  • Use your conversations with Kitra Intelligence to train AI models
  • Share your AI assistant conversations with third parties
  • Retain AI conversation data beyond your account's active period

3.7 Usage Data

  • Technical logs and error reports
  • Feature usage patterns
  • Device and browser information

4. How the Kitra Notetaker Works

The Kitra Notetaker is an automated assistant that joins your meetings to transcribe them.

4.1 Visibility & Transparency

  • The Notetaker joins meetings as a visible participant named "Kitra Notetaker" (or your custom bot name)
  • All meeting participants can see when the Notetaker is present in the attendee list

4.2 How Transcription Works

  • Audio is captured during the meeting
  • Our AI system transcribes speech to text and identifies different speakers
  • Audio is stored so you can listen to your meetings in the app
  • Text transcripts and speaker attribution are generated and stored
  • Semantic embeddings are created from transcripts to enable search and AI assistant features
  • All meeting data (audio, transcripts) is automatically deleted after your retention period

4.3 Meeting Guest Consent

  • As the meeting host, you are responsible for informing guests that the meeting will be transcribed
  • We recommend announcing the Notetaker at the start of each meeting
  • Guests can see the Kitra Notetaker in the participant list and may leave if they do not consent

5. Google OAuth & Limited Use Disclosure

If you sign up or log in using Google, Kitra requests limited access to your Google account.

5.1 OAuth Scopes Requested

We request the following permissions:

  • userinfo.email — Your email address, used to identify and authenticate your Kitra account
  • userinfo.profile — Your name and profile photo, used to display your profile within the app
  • calendar.events — Read/write calendar events, used to create booking events and Google Meet links on your calendar
  • calendar.readonly — Read-only calendar access, used to check your availability for scheduling

5.2 How We Use Google Data

  • Email: To identify your account and send booking notifications
  • Name & Photo: To display your profile on booking pages
  • Calendar Events: To create bookings with automatic Google Meet links
  • Calendar Availability: To show available time slots to people booking with you

5.3 What We Do With Calendar Access

  • Create events — When someone books with you, we create a calendar event with a Google Meet link
  • Read events — We check your calendar to determine available time slots
  • Update events — We can modify bookings if rescheduled
  • Delete events — We remove calendar events when bookings are cancelled
  • Send invites — Calendar invitations are sent to guests automatically

5.4 Limited Use Compliance

Kitra's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

We do NOT:

  • Sell or share Google user data with third parties
  • Use Google data for advertising purposes
  • Use Google data for purposes unrelated to the core Kitra service
  • Allow humans to read your Google data unless required for security, legal compliance, or with your explicit consent
  • Transfer Google data to third parties except as necessary to provide the service

5.5 Revoking Google Access

You can revoke Kitra's access to your Google account at any time:

  1. Visit Google Account Permissions
  2. Find "Kitra" in the list of connected apps
  3. Click "Remove Access"

Note: Revoking access will disable calendar sync and Google Meet integration.

6. Zoom Integration

If you connect your Zoom account, Kitra requests access to:

  • Zoom profile information
  • Meeting creation and management capabilities

This access is used to:

  • Create Zoom meetings for your bookings
  • Sync meeting information with your Kitra account

7. AI & Automated Processing

Kitra uses AI and machine learning services to deliver core features:

7.1 Transcription & Speaker Identification

  • WhisperX — for accurate speech-to-text transcription
  • Pyannote — for identifying different speakers in meetings

7.2 AI Summaries & Insights

  • Groq (Llama 3.3) — generates meeting summaries, action items, and meeting titles
  • Google Gemini — powers semantic search and the "Ask Kitra" feature

7.3 Kitra Intelligence (AI Assistant)

Kitra Intelligence is an AI-powered assistant available to Premium members. It allows you to:

  • Ask questions about your past meetings and get answers based on your transcripts and notes
  • Search across all your meeting data using natural language
  • Get insights, action items, and follow-ups from your meeting history

How Kitra Intelligence works:

  • When you ask a question, relevant meeting data is retrieved from your account using semantic search
  • The retrieved context is sent to our AI provider (Google Gemini) along with your question to generate a response
  • Only your own meeting data is used — Kitra Intelligence never accesses other users' data
  • AI providers process your data solely to generate responses and do not retain or train on your data

7.4 How AI Processing Works

  • All AI processing occurs under Kitra's control using our contracted service providers
  • No AI providers receive ownership rights over your data
  • AI models are not trained on your meeting content
  • Processing is performed solely to deliver the features you requested
  • Audio is used only for transcription and playback — never for AI training or biometrics

8. Data Storage & Security

We use industry-standard infrastructure providers with strong security practices:

8.1 Infrastructure Providers

  • Supabase — Database & Authentication (EU - Ireland)
  • Vercel — Application Hosting (USA - East)
  • Railway — Background Processing (EU - West)
  • Cloudflare R2 — Audio & File Storage (Global CDN)
  • Cloudflare Workers — Event Processing & API Proxy (Global)
  • Modal.com — AI Transcription / GPU (USA)
  • Groq — AI Summaries (USA)
  • Google Cloud — AI Embeddings, Search & Kitra Intelligence (USA)
  • Stripe — Payment Processing (USA)
  • Resend — Email Delivery (USA)
  • Framer — Marketing Website (USA)
  • Meta (Facebook) — Advertising & Conversion Tracking (USA)

8.2 Security Measures

  • Encryption at rest — all stored data is encrypted
  • Encryption in transit — all data transfers use TLS/HTTPS
  • Row-Level Security (RLS) — database access is restricted to authorized users only
  • OAuth tokens — securely stored and refreshed automatically
  • Access controls — role-based permissions and audit logging
  • Regular monitoring — automated security monitoring and alerting
  • Automatic deletion — all meeting data is automatically purged after retention period
  • PII hashing — personal data sent to advertising platforms is hashed (SHA-256) before transmission

9. Data Retention

We retain your data only as long as necessary to provide services:

9.1 Meeting Data (Audio, Transcripts & Notes)

Retention periods by plan:

  • Free Trial: 30 days
  • Pay-As-You-Go: Unlimited (while your account is active)
  • Basic: Unlimited (while your account is active)
  • Premium: Unlimited (while your account is active)

For the Free Trial plan, meeting data is automatically and permanently deleted after 30 days. For paid plans, data is retained for as long as your account remains active. Upon account deletion, all data is permanently removed within 30 days.

9.2 Audio Recordings

  • Audio is stored so you can listen to your meetings within the app
  • Audio follows the same retention period as other meeting data (30 days for Free Trial; unlimited for paid plans)
  • We do not use audio for voice biometrics, AI training, or any purpose other than playback and transcription

9.3 Account Data

  • Profile information is retained while your account is active
  • When you delete your account, all associated data is permanently deleted within 30 days

9.4 Billing Records

  • Transaction records may be retained for up to 7 years for tax and legal compliance

10. International Data Transfers

Your data may be processed in different jurisdictions where our service providers operate:

  • Primary database: EU (Ireland)
  • AI processing: USA
  • Application hosting: USA and EU

For transfers outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) with our processors
  • Data processing agreements with all third-party providers
  • Compliance with applicable data protection frameworks

11. Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights:

Right to Access
Request a copy of the personal data we hold about you.

Right to Rectification
Request correction of inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data.

Right to Data Portability
Request your data in a machine-readable format.

Right to Restrict Processing
Request that we limit how we use your data.

Right to Object
Object to processing based on legitimate interests.

Right to Withdraw Consent
Withdraw consent at any time for consent-based processing, including marketing cookies.

How to Exercise Your Rights:
You can exercise these rights through the Data & Privacy section in your account settings, or by contacting us at support@kitra.io. We will respond to your request within 30 days.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to Know — what personal information we collect, use, and disclose
  • Right to Delete — request deletion of your personal information
  • Right to Opt-Out — opt out of the sale of personal information (note: we do not sell your data)
  • Right to Non-Discrimination — we will not discriminate against you for exercising your rights

To exercise these rights, contact us at support@kitra.io.

13. Email Communications

13.1 Transactional Emails

We send essential emails related to your use of Kitra:

  • Booking confirmations and reminders
  • Meeting recap summaries
  • Account security notifications
  • Service updates and changes

13.2 Marketing Emails

With your consent, we may send:

  • Product updates and new features
  • Tips and best practices
  • Promotional offers

You can unsubscribe from marketing emails at any time using the link in any email or through your account settings.

14. Cookies, Tracking & Advertising

14.1 Cookie Consent

We use CookieYes to manage cookie consent on our marketing website (trykitra.com). When you first visit our site, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies. You can change your preferences at any time through the cookie settings.

14.2 Essential Cookies

We use essential cookies for:

  • User authentication and session management
  • Security and fraud prevention
  • Remembering your preferences
  • Cookie consent preferences (CookieYes)

These cookies are always active and do not require consent.

14.3 Advertising & Marketing Cookies

With your consent, we use the following marketing cookies and tracking technologies:

  • Meta (Facebook) Pixel — We use the Meta Pixel to track website visits and conversions (such as sign-ups, trial activations, and purchases) on both trykitra.com and kitra.io. The Pixel sets the following cookies:
    • _fbp — identifies your browser for ad targeting and measurement (90-day duration)
    • _fbc — stores click information when you arrive from a Facebook ad (90-day duration)

14.4 Meta Conversions API (Server-Side Tracking)

In addition to the browser-based Meta Pixel, we use the Meta Conversions API (CAPI) to send conversion events directly from our server to Meta. This is done to:

  • Improve the accuracy and reliability of conversion tracking
  • Measure ad performance even when browser-side tracking is limited
  • Provide Meta with conversion data for ad optimization

The following data may be sent to Meta via the Conversions API:

  • Event type (e.g., PageView, Lead, StartTrial, Purchase)
  • Page URL where the event occurred
  • IP address and browser user agent (collected server-side)
  • Browser ID (_fbp) and Click ID (_fbc) if available
  • Hashed email address, first name, last name, and user ID (for logged-in events only — hashed with SHA-256 before transmission)
  • Transaction value and currency (for purchase events)

We do NOT send plaintext personal data to Meta. All personally identifiable information is hashed using SHA-256 before transmission.

14.5 Opting Out of Advertising Cookies

You can control advertising cookies in the following ways:

Note: Declining marketing cookies will prevent the browser-side Meta Pixel from loading. However, server-side conversion events (via the Conversions API) may still be sent for logged-in users where we have a legitimate interest or contractual basis, such as tracking completed purchases for billing and ad measurement purposes.

14.6 Analytics

We may use analytics tools to understand how our service is used and to improve the user experience.

15. Children's Privacy

Kitra is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information promptly.

16. Third-Party Links

Our service may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies before providing any personal information.

17. Data Breach Notification

In the event of a data breach that affects your personal data, we will:

  • Notify affected users within 72 hours of becoming aware of the breach
  • Notify relevant supervisory authorities as required by law
  • Provide information about the nature of the breach and steps being taken

18. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last updated" date at the top of this policy
  • For significant changes, we will notify you via email or through the service
  • Continued use of Kitra after changes constitutes acceptance of the updated policy

19. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: support@kitra.io

Mailing Address:
30 N Gould St, STE R
Sheridan, WY 82801, USA

For GDPR-related inquiries, you may also contact your local data protection authority.

20. Summary of Key Points

  • What we collect: Account info, calendar data, audio recordings, text transcripts, AI assistant interactions, and usage data
  • Audio usage: Only for transcription and playback — never for voice biometrics or AI training
  • What we DON'T store: Video recordings or biometric voice data
  • How we use AI: Transcription, summaries, action items, semantic search, and Kitra Intelligence — all under our control
  • Kitra Intelligence: AI assistant for Premium members — uses only your meeting data, never shared or used for training
  • The Notetaker: Visible participant in meetings named "Kitra Notetaker"
  • Data storage: EU (Ireland) primary database, with processing in EU and USA
  • Retention: 30 days for Free Trial; unlimited for paid plans while your account is active
  • Advertising: We use Meta Pixel and Conversions API for ad measurement; PII is hashed before sending
  • Cookie consent: Managed via CookieYes; you can decline marketing cookies at any time
  • Your rights: Access, correct, delete, and export your data at any time
  • Security: Encryption, access controls, PII hashing, and industry-standard security practices
  • No data sales: We never sell your personal data to third parties

This Privacy Policy is effective as of April 2026.