Privacy Policy

Kairo ("we", "us") provides portfolio intelligence software. This policy explains how we collect, use, store, and protect personal data when you use kairo.app and related services.

• Account data: email address, display name, authentication identifiers (Firebase Auth), and subscription status.
• Portfolio data: positions you enter or sync, asset symbols, quantities, cost basis, manual property entries, and derived analytics (allocation, risk scores, briefs).
• Wallet data: public blockchain addresses you connect and token balances we read via providers such as Alchemy (no private keys are collected).
• Usage & technical data: logs, IP address, device/browser type, and security events needed to operate and protect the service.
• Payment data: billing handled by Stripe; we receive customer IDs and subscription state, not full card numbers.

We use personal data to authenticate you, display your portfolio, compute risk and performance metrics, generate Market Pulse and personal briefs, run VERSUS comparisons, operate Academy progress, process payments, prevent fraud, and improve reliability. AI features send portfolio summaries and market context to model providers — never your password.

Data is stored in Google Firebase (Authentication and Firestore) with industry-standard access controls. Traffic is encrypted in transit (TLS). Sensitive server operations use environment-isolated credentials. We apply least-privilege access for operators and do not sell your portfolio data to third parties.

No method of transmission or storage is 100% secure; you use the service at your own risk and should protect your login credentials.

We share data only as needed to run the product, including:

• Stripe — payments and subscriptions
• Google — Firebase (auth, database) and Gemini (AI briefs and analyst, when enabled)
• Vercel / Upstash — hosting, caching, and rate limiting
• Market data providers — e.g. CoinGecko, Yahoo Finance, Finnhub (aggregated quotes, not your identity)
• Alchemy — on-chain balance reads for wallets you connect

Each processor is bound by its own terms and privacy policy. We select vendors with appropriate security practices but do not control their operations directly.

You may:

• Access and update profile fields in Settings
• Export or correct portfolio entries you control in the app
• Delete your account and associated data by emailing privacy@kairo.app from your registered address. We will confirm identity and complete deletion within a reasonable period, subject to legal retention obligations (e.g. tax or fraud records).

If you are in the European Economic Area, UK, or Switzerland, you may have rights to access, rectify, erase, restrict processing, object, and data portability where applicable. Our lawful bases typically include contract (providing the service), legitimate interests (security and product improvement), and consent where required.

You may lodge a complaint with your local supervisory authority. For all privacy requests, contact privacy@kairo.app.

Data may be processed in the UAE, United States, and other regions where our subprocessors operate. We rely on appropriate safeguards where required for cross-border transfers.

We retain account and portfolio data while your account is active and for a limited period afterward for backups, disputes, or legal compliance. We do not knowingly collect data from children under 16.

We may update this policy; material changes will be posted on this page with an updated date. Continued use after changes constitutes acceptance.

Privacy inquiries: privacy@kairo.app. General support: hello@kairo.app. See also our Investment Disclaimer.