Legal

Privacy Policy

Last updated: 22 April 2026

1. Who We Are

KlevAI is a trading name operated by Shubert Singoyi, registered in England and Wales. We are the data controller for personal data collected through our platform at klevai.co.uk.

Controller: Shubert Singoyi (KlevAI)

Email: hello@klevai.co.uk

Jurisdiction: England and Wales

2. What Data We Collect

Name and email addressProvided when you create an account or contact us.
Usage dataPages visited, features used, research queries run, timestamps, and device/browser type.
Payment dataBilling is handled by Stripe. We never store or see your card number, CVV, or full card details — only a Stripe customer ID and subscription status.
Session cookieA single JWT cookie named klevai-session, strictly necessary to keep you logged in. No tracking cookies.
IP addressLogged transiently for rate limiting and fraud prevention.

3. Why We Collect It

Account management — to create and maintain your account, authenticate you, and send essential service emails.
Billing — to process subscription payments via Stripe and manage plan upgrades, downgrades, and cancellations.
Product improvement — to understand which features are used and improve the platform.
Security — to detect and prevent abuse, fraud, and unauthorised access.
Marketing emails — only where you have explicitly opted in.

4. Legal Basis Under UK GDPR

Contract (Art. 6(1)(b))

Processing your account and billing data is necessary to perform the contract between you and KlevAI.

Legitimate Interests (Art. 6(1)(f))

Security monitoring, fraud prevention, rate limiting, and anonymised usage analytics are in our legitimate interests and do not override your rights.

Consent (Art. 6(1)(a))

Marketing emails are only sent where you have given clear, explicit consent. You can withdraw consent at any time by emailing us or clicking unsubscribe.

5. Data Retention

Account and personal data — retained while your subscription is active, then deleted 90 days after account closure.
Payment records — retained for 7 years to comply with UK financial regulations.
Anonymised usage analytics — retained indefinitely (no personal data is present once anonymised).

6. Third-Party Processors

We share data only with the processors listed below, solely to deliver the service. We do not sell your data.

Processor	Purpose	Location
Supabase	Database hosting	EU West — data stays in EU/EEA
Stripe	Payment processing	US (SCCs in place)
Vercel	Platform hosting & CDN	US/EU (SCCs in place)
DataForSEO	Keyword & SERP data	EU
Resend	Transactional email	EU/US (SCCs in place)

7. Your Rights

Under UK GDPR you have the right to:

Access — request a copy of the data we hold about you.
Rectification — ask us to correct inaccurate data.
Erasure — request deletion of your personal data ("right to be forgotten").
Restriction — ask us to limit how we use your data.
Portability — receive your data in a structured, machine-readable format.
Objection — object to processing based on legitimate interests.

To exercise any right, email hello@klevai.co.uk with the subject "Data Request — [Right]". We will respond within 30 days.

8. Cookies

We use one cookie: klevai-session — a strictly necessary JWT that keeps you logged in. This cookie does not track you across sites and requires no consent banner under PECR.

We do not use third-party analytics cookies, advertising pixels, or tracking scripts.

9. Right to Complain

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): ico.org.uk · 0303 123 1113. We would appreciate the chance to resolve any concerns first — please email us at hello@klevai.co.uk.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be notified by email to registered users at least 14 days before they take effect. The “Last updated” date at the top of this page will always reflect the current version.