INTRODUCTIONKlark is a generative AI company that provides an AI-powered tool to help customer service teams respond faster and improve response quality. We are committed to protecting your data and privacy. This Privacy Policy explains how Klark collects, uses, and protects personal data in our service, and our commitment to handle data responsibly in compliance with the EU General Data Protection Regulation (GDPR).
We aim to be transparent about our practices and safeguard your information.
DATA COLLECTEDWe only collect and process personal data that is necessary to provide our customer service suggestion service. This typically includes:
- Contact information: Details like name, email address, phone number, or mailing address of customers using the service.
- Order and account details: Information related to customer orders or accounts, such as order numbers, parcel tracking numbers, customer IDs, or other reference numbers needed to handle the inquiry.
- Customer inquiry content: The content of customer support tickets or messages, which may include personal details provided by the customer (for example, descriptions of an issue, dates of purchase or service, and any other information the customer shares). This can sometimes include additional personal data like locations or transaction details relevant to resolving the query.
We
do not deliberately collect sensitive categories of data unless they appear in customer communications. Our system is designed to identify and protect personal data elements such as names, email addresses, phone numbers, addresses, and similar identifiers in the text.
Klark does not use personal data for purposes outside of providing and improving our service, as described below.
HOW DATA IS USEDWe use the collected data
only for the following purposes:
-
Providing AI Suggestions: Personal data in support tickets is used to generate AI-driven draft responses or suggestions to assist customer service agents in answering customer queries. For example, Klark’s system will analyze a customer’s message and context (including any provided name or order details) to draft a helpful reply, allowing the support agent to respond faster. In some cases, this can also automate the preparation of replies to common inquiries.
-
Improving the Service: We may analyze usage data and AI performance (in an anonymized or aggregated form) to refine our algorithms and improve the quality of suggestions over time. This helps us make sure the AI suggestions become more accurate and helpful. We
never use personal data for any kind of profiling beyond what is necessary for customer service, and we remove or anonymize personal identifiers when reviewing data for improvement.
-
Operational and Support Purposes: We might use data as needed to monitor the service functionality, fix bugs, and provide customer support to our client companies. For instance, if there is an issue with the suggestion system, our engineers may need to review logs that include anonymized parts of tickets to troubleshoot. We may also use data as required to comply with any legal obligations (such as keeping records for financial reporting or preventing fraudulent use of our service).
We do
not use personal data for advertising or marketing purposes, nor do we engage in any automated decision-making that produces legal or similarly significant effects on individuals without human involvement.
LEGAL BASIS FOR PROCESSINGUnder GDPR, Klark relies on the following legal bases to process personal data:
-
Contractual Necessity: When you (as a client) use Klark’s service, we process personal data in customer inquiries to perform the services outlined in our contract with you. This includes generating the AI suggestions and handling the data in your customer service tickets as needed to fulfill our service obligations. Without this data, we wouldn’t be able to provide the requested assistance to your customer service team.
-
Legitimate Interests: We process certain data as necessary for Klark’s legitimate business interests – for example, to provide customer support – in a way that does not override the privacy rights of individuals. We always consider your rights and expectations; for instance, when we keep logs to improve your suggestions, we anonymize personal details wherever possible.
-
Legal Obligation: In some cases, we must process or retain data to comply with laws and regulations. This includes obligations like maintaining transaction records for tax and accounting, or disclosing information if required by law (e.g. a court order). Klark will not retain personal data longer than necessary to meet these obligations.
-
Consent (if applicable): If we ever need to process personal data for a purpose that requires consent (for example, if we wanted to use a testimonial with personal details for marketing), we will first ask for your explicit consent. In such cases, you have the right to withdraw your consent at any time, and we will stop that specific processing.
DATA RETENTIONKlark only keeps personal data for as long as needed to fulfill the purposes described above, and no longer.
In practice, much of the personal data we handle is stored very briefly:
-
Short-Term Storage for Suggestions: Personal information used in generating AI suggestions (like a customer’s name or order number in a ticket) is typically kept only for the short time it takes to produce and deliver the suggestion to the customer service agent. In most cases, personal data from a ticket is stored for less than 24 hours. Once the suggestion is delivered and used, any personal data is promptly deleted from our active systems.
-
Automatic Anonymization: If an AI-generated suggestion containing personal data is not used by the agent (for example, the agent deletes it or it was not applicable), our system will automatically anonymize any personal information in that suggestion after a maximum of 30 days. This means we irreversibly remove or alter identifiers so that individuals cannot be identified.
-
Longer Retention of Anonymized Data: We may retain certain data about the usage of our service for a longer period, but
only in anonymized or aggregated form. For instance, Klark keeps logs of suggestions and their outcomes (without personal identifiers) for analytics, service improvement, and billing purposes. This usage data helps us track service performance and fulfill our business obligations.
-
End of Contract: If your organization stops using Klark’s services (for example, if the contract is terminated), we will not retain your personal data except as needed for legal obligations. We ensure that personal data associated with your account is deleted or anonymized once it’s no longer necessary for the service or any post-contract requirements. After the end of our relationship and after any required retention period (such as for final billing), personal data will be securely erased or anonymized in our systems.
In summary, personal data is kept only for the duration necessary to serve its purpose and is removed or anonymized as soon as that purpose is fulfilled. We apply the principle of
data minimization and
storage limitation: no personal data is kept indefinitely on our systems.
DATA SHARING AND DISCLOSUREKlark does not sell or rent your personal data to any third parties. We only share data in very limited ways, as outlined here:
-
Within Klark (Authorized Personnel): Access to personal data is restricted to a small number of Klark employees who need it to operate and support our service. These team members (such as certain engineers or support staff) can access data
only for legitimate work purposes (like maintaining the system or assisting with a support issue). Every such person is bound by strict confidentiality agreements and must adhere to our internal data protection policies and GDPR obligations. In short, only authorized staff who have committed to protect personal data can see it, and they only do so when necessary for their job.
-
Trusted Service Providers: We may share data with a few trusted partners that help us run our service – for example, cloud hosting providers or sub-processors that provide infrastructure, or analytics tools that help us measure performance. In all cases, these partners are contractually obligated to protect your data and use it
only for providing services to Klark. We carefully vet our service providers for strong security practices and GDPR compliance, and we
never allow them to use your data for their own purposes. Your data remains under Klark’s control and is protected by stringent agreements.
-
Legal Requirements: In rare cases, we might have to disclose data if required by law – for instance, to comply with a court order or a binding request from law enforcement. If this happens, we will only provide the minimum data necessary and, whenever legally possible, we will inform you of such disclosures.
Aside from the purposes above,
we do not share personal data with third parties.
In particular, Klark will never share your data with third-party companies for their own marketing or advertising. Your information is used strictly to support your customer service processes and for Klark’s internal operations as described. We maintain transparency with our client companies about any sub-processors we use, and we can provide a list of these partners on request.
DATA SECURITYWe take the security of personal data very seriously. Klark has implemented a range of technical and organizational measures to safeguard your information from unauthorized access, disclosure, or alteration. These measures include:
-
Encryption: All personal data handled by Klark is encrypted both in transit and at rest. We use strong encryption protocols (such as AES-256) to protect data, which means your information is stored in a secure format that cannot be read without the proper decryption keys. This applies to our databases and backups, ensuring that even if data were accessed without authorization, it would be unintelligible.
-
Secure EU Hosting: We store personal data on secure cloud servers located in the European Union. Our primary data storage is in data centers within the EU (for example, in Paris), which ensures your data remains under the protection of European data privacy laws. We currently rely on reputable cloud infrastructure providers that are compliant with high security standards. No customer personal data is stored outside of the EU.
-
Access Controls: Klark maintains strict access control policies. Only authorized personnel with a legitimate need can access systems containing personal data, and they must use strong authentication methods. Every employee or contractor with access to data is required to sign confidentiality agreements and follow GDPR-aligned principles. Access to sensitive data is logged and monitored. We regularly review and update permissions to ensure least-privilege access.
-
Regular Audits and Testing: We routinely audit our security practices and systems to identify and address any vulnerabilities. Internal security audits are conducted on a regular schedule (at least semi-annually) and we also undergo external audits by independent experts periodically
. These audits cover our IT infrastructure, applications, data handling processes, and security controls to ensure we remain compliant with GDPR and follow industry best practices. Any findings are acted upon promptly to improve our safeguards. Additionally, we perform periodic penetration testing and have monitoring in place to detect unusual activities.
-
Staff Training and Awareness: We invest in training our team to uphold data security. All Klark employees and relevant subcontractors receive regular training on data protection, privacy, and security best practices. We require mandatory GDPR and security refresher training every year, so that everyone understands their responsibilities in protecting personal data. This fosters a culture of security and awareness within our company.
-
Organizational Security Measures: We enforce strong password policies and multi-factor authentication for our systems. All company devices are secured and centrally managed. We have no on-premise servers – we rely on secure cloud infrastructure – which reduces physical security risks. We also have an internal incident response plan and business continuity measures to maintain protection of data even in unforeseen events.
These measures are designed to protect against unauthorized access, alteration, disclosure, or destruction of personal data. While no system can be 100% secure, Klark follows industry standards and continually updates its security practices to respond to new threats. If, in the unlikely event, any data breach affecting personal data occurs, we will promptly inform affected clients and, if required, data protection authorities in accordance with GDPR requirements.
RIGHT OF USERSWe respect your rights to control your personal data. If Klark is processing your personal data (for example, if you are a customer whose inquiry is processed by our AI, or you are a user of our client’s service), you have the following rights under GDPR:
-
Right of Access: You can request confirmation if we are processing your personal data, and if so, ask for a copy of that data. We will provide you with a summary of the personal information we have about you, along with an explanation of why we have that data.
-
Right to Rectification: If any personal data we hold about you is incorrect or incomplete, you have the right to have it corrected. Upon your request, we will promptly update or rectify any inaccuracies in your data.
-
Right to Erasure: You have the right to request deletion of your personal data in certain circumstances (also known as the "right to be forgotten"). For example, if the data is no longer needed for the purposes it was collected, you withdraw consent, or you object to our processing (and there are no overriding legitimate grounds), then you can ask us to delete your data. We will honor valid erasure requests and remove your data from our systems, except for information we are required to keep by law.
-
Right to Object: You may object to our processing of your personal data when we are doing so under a legitimate interest basis or for direct marketing. If you lodge an objection, we will review our reasons for processing and will stop processing your data for that purpose unless we have a compelling legitimate reason that overrides your rights or if it’s needed for legal claims. For example, you can object to us using your data for improvement analytics, and we will accommodate your request unless we have an overriding need to keep it.
-
Right to Restriction: You have the right to request that we limit the processing of your personal data in certain situations – for instance, while a request to correct or object is being evaluated, or if you need us to preserve data for a legal claim. When processing is restricted, we will continue to store your data but will not use it until the issue is resolved (aside from keeping it secure or as required by law).
-
Right to Data Portability: You can request to receive the personal data you provided to us in a structured, commonly used and machine-readable format, and you have the right to have this data transmitted to another service provider (where technically feasible). This right applies when the processing is based on your consent or a contract with you, and is carried out by automated means. In practice, since Klark mainly processes data on behalf of our client companies, if you are an end-customer, we would work with our client to export any necessary data for you. If you are a direct user of Klark, we will provide you your data in a convenient format upon request.
To exercise any of these rights, you or your authorized representative can contact us (see the Contact section below). We will respond to all valid requests within the timeframes required by GDPR (typically within one month) and at no cost to you. Please note that we may need to verify your identity or gather more information to fulfill certain requests, especially when we act as a data processor on behalf of a client company. If your data has been provided to us by one of our client companies (e.g., your employer or a company whose customer you are), we may refer your request to that company’s data protection team as appropriate, but we will assist in ensuring your rights are respected.
Additionally, you have the right to lodge a complaint with your local Data Protection Authority (DPA) if you believe your data has been handled in a way that doesn’t comply with the law. We encourage you to contact us first so we can address your concerns directly.
CONTACT INFORMATIONIf you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us.
Klark has appointed a Data Protection Officer (DPO) to oversee compliance and address any data protection inquiries. You can reach our DPO,
Nicolas Pellissier, by email at dpo@klark.ai.