The two kinds of data in KRBR

KRBR is a workspace where service businesses manage their own clients. That means there are two distinct categories of personal data, and our role is different for each:

What we collect

How we use data

AI features

KRBR includes AI features (drafting, search, briefings and document Q&A). When you use them, the relevant workspace content is processed by Microsoft Azure OpenAI Service under our agreement with Microsoft. Your content is not used to train third-party foundation models. AI features run only when you invoke them or enable them for your workspace.

Payments you receive from your clients

Client payments run through your own connected Stripe, PayPal or Square account. Your clients' payment card details are collected and processed by those providers under their privacy policies — KRBR never receives, stores or holds card numbers or funds. We store transaction metadata (amount, status, invoice reference) so your records stay in sync.

Who we share data with

We do not sell personal data. We share data only with the service providers required to run KRBR, each bound to process it solely for that purpose:

We may also disclose information if required by law, or as part of a merger or acquisition (in which case this policy continues to apply to previously collected data and we will notify you of any successor).

Data retention and deletion

Your workspace content is retained while your account is active. If you cancel, you may export your data first; we delete workspace content within 90 days of account closure, except records we must keep for legal, tax or security purposes. Public resource contact records are retained while they remain relevant to the request or our business relationship. You can request deletion at any time by contacting us.

Security

Data is encrypted in transit (TLS) and at rest. Access to production systems is restricted, integration tokens are stored encrypted and scoped per workspace, and passwords are stored as salted hashes. No system is perfectly secure; if we learn of a breach affecting your data, we will notify you without undue delay.

Your rights

Depending on where you live (including under GDPR and the CCPA), you may have the right to access, correct, export, restrict or delete your personal data, and to object to certain processing. To exercise any of these rights, email us at support@karbar.app. We will respond within 30 days. We do not discriminate against you for exercising your rights.

If your information appears in another business's KRBR workspace (you are someone's client), contact that business first — they control that data, and we will support them in fulfilling your request.

Children

KRBR is a business tool and is not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

Changes to this policy

If we make material changes, we will notify account holders by email or in-app notice before the changes take effect. The "Last updated" date above always reflects the current version.

Contact

Questions about privacy: support@karbar.app.