K Kraitos
Home About Us Demo FAQ
Privacy Policy

Privacy Policy

LAST UPDATED: JUNE 29, 2026

Kraitos ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit kraitos.app, join the waitlist, receive beta builds, use the Kraitos mobile app, use the Kraitos desktop app, connect to the Kraitos cloud backend at api.kraitos.app, or use the Kraitos AI agent runtime.

1. Scope

This policy applies to the Kraitos website, Android and iOS mobile apps, Windows desktop app, cloud APIs, beta distribution hub, remote control and pairing features, account services, and related support workflows. It also applies to future manager/worker fleet features that use the same account, device, and remote-control infrastructure.

2. Information We Collect

Depending on which Kraitos features you use, we may collect or process the following categories of information:

  • Account and contact data: Email address, account identifiers, display name, beta waitlist status, approval status, assigned build bundle, and support messages you send us.
  • Authentication and pairing data: Login tokens, session tokens, one-time pairing codes, generated device IDs, desktop names, mobile device names, token expiration metadata, and revocation status.
  • Mobile app data: App version, platform, service URL, device/app diagnostics, selected files or images you choose to upload, camera-captured images if you grant camera access, and locally stored access tokens saved through secure device storage.
  • Desktop app data: Desktop runtime configuration, installation and update status, operating system information, provider settings, local runtime logs, workspace metadata, command history, chat messages, task results, pairing status, and remote-control connection status.
  • User content and AI task data: Prompts, commands, chat messages, uploaded files, selected images, generated outputs, workspace files, screenshots, tool results, and other content you intentionally provide to the agent runtime or ask the agent to process.
  • Screen, file, camera, and audio data: The desktop app may process screen captures, local files, and microphone/audio input when you enable features that require them. The current Android mobile app requests camera access for image capture/upload and does not request Android microphone permission. Future voice features may request microphone access only with platform permission prompts.
  • Cloud backend data: API requests, IP address, user agent, timestamps, logs, rate-limit data, workspace recovery/sync metadata, remote-control session events, queued commands, status reports, grants, locks, audit events, and error diagnostics.
  • Third-party connection data: If you connect Google, Meta/Facebook, Telegram, AI model providers, or other integrations, we may process the account identifiers, tokens, scopes, profile/contact information, messages, files, or API responses you authorize those services to provide.
  • Website and waitlist data: Email address, Turnstile anti-spam token results, local storage flags for waitlist state, browser type, IP address, page requests, and beta access link metadata.

3. Mobile App Permissions

The mobile app may request platform permissions only when needed for a feature:

  • Camera: Used to capture photos or screenshots you choose to send to the desktop agent or cloud backend.
  • Photos, files, and document picker: Used when you choose files, screenshots, or images to upload or send with a command.
  • Secure storage: Used to store access tokens, pairing state, service URL settings, and similar local app state on your device.

The mobile app does not use location for core Kraitos functionality and does not use advertising identifiers for ads.

4. How We Use Information

We use information to:

  • Operate accounts, beta approvals, build distribution, and access links.
  • Send transactional emails such as account verification codes, login notices, beta approvals, access links, and support messages.
  • Pair mobile devices with desktop runtimes and authenticate remote-control sessions.
  • Send commands, chat messages, files, screenshots, and task results between the mobile app, desktop app, cloud backend, and enabled integrations.
  • Run AI agent workflows, generate responses, execute user-approved actions, and return task outputs.
  • Maintain cloud backend reliability, security, abuse prevention, rate limits, diagnostics, audit trails, and support workflows.
  • Improve app quality, fix bugs, verify build compatibility, and develop fleet-management features.
  • Comply with legal obligations and platform requirements, including Google Play and Meta developer policies.

5. Local Processing and Cloud Processing

Kraitos is designed around a desktop owner runtime. Many actions, files, credentials, screen captures, and provider API keys may stay on your desktop depending on your configuration. When you enable cloud, mobile companion, remote-control, workspace recovery, account sync, AI provider, or integration features, relevant data may be transmitted through the Kraitos cloud backend or to the third-party services you selected so those features can work.

You should not send sensitive files, credentials, financial information, health information, or confidential third-party data to the agent unless you have the right to do so and understand which enabled services will process it.

6. Sharing and Disclosure

We do not sell your personal data. We share information only as needed to operate, secure, or improve Kraitos, or when you direct us to connect with another service. Recipients may include:

  • Hosting, backend, and storage providers: Used to host the website, APIs, beta access database, logs, and cloud workspace features.
  • Netlify and Netlify Blobs: Used for the public website, waitlist, approval status, and beta access metadata.
  • Cloudflare: Used for Turnstile bot challenge validations and related anti-abuse protections.
  • Resend: Used to deliver transactional emails such as verification codes, login notices, beta approval messages, access links, and support emails.
  • Google and Google Play: Used for Android app distribution, Play Console operations, OAuth/sign-in features when enabled, and platform services you choose to use.
  • AI model and speech providers: OpenAI, Anthropic, Google/Gemini, xAI, DeepSeek, OpenRouter, or other providers you configure may receive prompts, chat history, images, files, screenshots, audio transcripts, tool outputs, and related context needed to fulfill your requests.
  • Integration providers: Telegram, Meta/Facebook, Google Workspace, and other connected services may receive or return data according to the integrations you enable and their own policies.
  • Legal and safety recipients: We may disclose information if required by law, to protect rights and safety, investigate abuse, or enforce our terms.

7. Retention

We retain personal data only as long as needed for the purposes described in this policy, including account operation, beta access, security, debugging, legal compliance, and abuse prevention. Waitlist and beta access records are kept while your account or approval is active. Cloud backend logs, remote-control events, pairing records, and diagnostics may be kept for a limited period for security and troubleshooting. Local desktop data remains on your machine unless you enable features that transmit or sync it.

8. Security

We use administrative, technical, and organizational safeguards including HTTPS, HTTP Strict Transport Security (HSTS), Content Security Policy (CSP), cryptographic token validation, token expiration, secure local storage where available, access controls, rate limiting, and abuse monitoring. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

9. Your Choices and Rights

You can choose whether to join the waitlist, install the apps, grant mobile permissions, pair a device, connect third-party accounts, upload files/images, enable cloud features, or provide AI provider API keys. Depending on your location, you may have rights to access, correct, delete, export, or restrict processing of your personal data. To exercise these rights, contact us at the email below.

10. Data Deletion

You may request deletion of your waitlist, beta access, mobile app, desktop app, cloud backend, pairing, or integration-related personal data by contacting us at security@kraitos.app, or by following the account deletion instructions at kraitos.app/delete-account. Include the email address, account identifier, or device identifier associated with your Kraitos access so we can locate the relevant records. Deleting cloud records may not delete files or settings stored locally on your own desktop or mobile device; you can remove those by uninstalling the apps or deleting local app data.

11. Children

Kraitos is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided personal data to us, contact us so we can delete it.

12. International Transfers

We may process and store information in countries other than your own. Where required, we use appropriate safeguards for international data transfers.

13. Changes to This Policy

We may update this Privacy Policy as Kraitos evolves. The "Last Updated" date above shows when the policy was last revised. Material changes will be reflected on this page and, when appropriate, in app or account notices.

14. Contact Us

If you have questions or comments about this Privacy Policy, please contact us at:

security@kraitos.app

© 2026 Kraitos. All rights reserved.

kraitos.app Privacy Policy Delete Account Terms of Service Accessibility / נגישות GitHub