Last Updated: May 1, 2026
Privacy policy
Privacy Policy
Last Updated: May 1, 2026
This Privacy Policy explains how K3X (“K3X,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information in connection with:
Our website at k3x.ai
The application at app.k3x.ai
Our APIs
Related services (collectively, the “Services”)
K3X is a customer relationship management (“CRM”) platform that combines lead, contact, deal, and pipeline management with goal-based AI agents.
We process two distinct categories of personal information:
Account Information
Information about you when you visit our website, sign up, and use the Services as a customer or authorized user.
Customer Data
Information that our customers (“Customers”) submit, import, or generate through the Services about their own leads, contacts, prospects, and end users.
For Account Information, K3X acts as the data controller.
For Customer Data, K3X acts as the processor (or “service provider” under California law) on behalf of the Customer. Customers are responsible for the lawfulness of the Customer Data they submit and for responding to data-subject requests from the individuals reflected in that data.
If you are an end user, prospect, or contact of one of our Customers and would like to exercise rights regarding your data, please contact that Customer directly.
1. Information We Collect
1.1 Information You Provide
Account and Profile Data
We collect information such as:
Name
Email address
Phone number
Profile photo
Job title
Company name
Time zone
Authentication identifiers, including Google or Microsoft account IDs when signing in via OAuth
Customer Data You Upload or Generate
This may include:
Lead, contact, organization, and deal records
Notes, files, and attachments
Custom fields
Emails and SMS messages
Call recordings and transcripts
AI agent configurations and outputs
Activity history
Communications and Support Data
Including:
Support requests
Survey responses
Feedback submissions
Billing Data
We collect company billing details and tax identifiers.
Payment card details are processed by Stripe. K3X does not receive or store full payment card numbers.
1.2 Information Collected Automatically
Usage and Device Data
We automatically collect:
IP address
Browser type
Operating system
Device identifiers
Pages and features accessed
Timestamps
Error logs
Similar telemetry data
Cookies and Similar Technologies
Please see our Cookie Policy for more information.
Logs and Security Data
Including:
API call metadata
Audit logs
Information necessary to detect, prevent, and respond to abuse or security incidents
1.3 Information From Third Parties
Authentication Providers
If you sign in with Google or Microsoft, we receive:
Name
Email address
Profile picture
Account ID
Authorized scopes
Connected Services
When you connect third-party accounts such as Gmail, Google Calendar, Microsoft 365, or Twilio phone numbers, we may access related email, calendar, contacts, call, and message metadata based on permissions you grant.
Enrichment and Lookup Data
For certain features, we may retrieve publicly available information to enrich CRM records.
Billing and Fraud-Prevention Partners
Our billing and infrastructure providers may share information related to:
Fraud prevention
Chargeback management
Billing reconciliation
2. How We Use Information
We use personal information to:
Provide, operate, secure, and improve the Services
Authenticate users and manage accounts
Enforce our Terms and Acceptable Use Policy
Power AI features, including drafting messages, summarizing calls, qualifying leads, generating embeddings for retrieval, and routing work between agents and humans
Send transactional communications
Provide customer support
Process payments and subscriptions
Detect and prevent fraud, abuse, and security incidents
Comply with legal obligations
Conduct internal analytics, research, and product development
Send marketing communications where permitted by law or with your consent
You may opt out of marketing emails at any time using the unsubscribe link or by contacting us.
AI Training
K3X does not use Customer Data to train K3X foundation models or third-party AI provider models.
Our agreements with AI providers, including OpenAI and Anthropic, prohibit the use of Customer Data submitted through APIs for training general-purpose models.
We may use aggregated or de-identified data to improve and evaluate the Services.
3. Legal Bases for Processing (EEA / UK / Switzerland)
Where GDPR or UK GDPR applies, we rely on the following legal bases:
Performance of a contract — To provide the Services
Legitimate interests — To secure and improve the Services and prevent fraud
Legal obligations — For tax, accounting, and compliance requirements
Consent — For cookies, certain marketing communications, and special-category data where applicable
You may withdraw consent at any time.
4. How We Share Information
We do not sell personal information.
We share information only in the circumstances described below.
4.1 Sub-Processors
We use trusted third-party providers to deliver the Services. Each provider is bound by written agreements that include confidentiality, security, and, where required, data-processing terms.
Our current sub-processors include Google Cloud Platform for hosting, compute, storage, and databases; Firebase for authentication, hosting, and file storage; OpenAI for AI inference, transcription, and embeddings; Anthropic for AI inference; Tavily for web search and content extraction for AI agents; LangSmith for AI agent observability and tracing; Twilio for SMS, voice calling, and phone number provisioning; SendGrid for transactional and system email; Google APIs for Gmail, Calendar, geocoding, time zone, and Places integrations; Microsoft Graph for Outlook, Calendar, and OneDrive integrations; and Stripe for payment processing and billing.
These providers may process data in the United States and, where applicable, the European Union.
We may update this list from time to time and will provide notice of material additions where required by your contract with us.
4.2 Other Recipients
Other Users in Your Workspace
Information shared within a workspace may be visible to authorized workspace users.
Connected Services
If you authorize integrations, data may flow to those services according to their permissions and privacy practices.
Legal and Safety Purposes
We may disclose information if required by law or necessary to:
Protect rights or safety
Prevent fraud
Address security incidents
Business Transfers
Personal information may be transferred during mergers, acquisitions, financing events, or asset sales.
With Your Consent or Direction
We may share information where you direct us to do so.
5. International Data Transfers
K3X is based in the United States, and our infrastructure is primarily hosted there.
If you access the Services from outside the United States, your information may be transferred to and processed in the United States or other countries where our providers operate.
Where required, we rely on safeguards such as:
Standard Contractual Clauses (SCCs)
UK International Data Transfer Addendum
Supplementary security measures
6. Data Retention
We retain personal information only as long as necessary.
Account Data
Retained while your account is active and for up to 90 days after termination, unless longer retention is required by law or necessary for dispute resolution, audits, backups, or security purposes.
Customer Data
Retained according to Customer instructions and our Terms. Customer Data is generally deleted within 60 days after termination, subject to backup retention cycles.
Logs and Security Data
Retained for up to 13 months.
Billing Records
Retained for the period required by tax and accounting laws, typically seven years in the United States.
7. Security
We implement administrative, technical, and physical safeguards designed to protect personal information, including:
Encryption in transit (TLS) and at rest
Field-level encryption for designated sensitive fields
Strong authentication and role-based access controls
Logging and monitoring for unauthorized access and anomalous behavior
Regular security reviews and dependency patching
Vendor due diligence on sub-processors
No system is completely secure.
If we become aware of a security incident affecting personal information, we will notify affected parties and authorities as required by law.
8. Your Rights
Depending on your location, you may have rights to:
Access your personal information
Correct inaccurate information
Request deletion
Request portability
Restrict or object to processing
Withdraw consent
Exercise non-discrimination rights under California law
California residents may also opt out of “sales” or “sharing” of personal information. K3X does not sell personal information or share it for cross-context behavioral advertising as defined by the CCPA/CPRA.
To exercise your rights, contact:
Email:
We may need to verify your identity before fulfilling requests.
If you are an end user or contact associated with one of our Customers, please contact that Customer directly.
You may also lodge complaints with your local data protection authority.
9. Financial Services Data
K3X is designed for SMB companies operating in the U.S. financial services sector.
If you are subject to the Gramm-Leach-Bliley Act (“GLBA”) or similar laws, you are responsible for:
Determining whether the Services are appropriate for your use
Configuring the Services appropriately
Providing required notices to your customers
We will handle nonpublic personal information in accordance with our agreements and applicable law.
10. Children
The Services are not directed to children under 16.
We do not knowingly collect personal information from children under 16.
If you believe a child has provided personal information to us, please contact:
11. Changes to This Policy
We may update this Privacy Policy periodically.
The “Last Updated” date reflects the latest revision.
If material changes are made, we will provide notice through the Services or by email.
Continued use of the Services after changes become effective constitutes acceptance of the updated policy.
12. Contact Us
For privacy questions or to exercise your rights:
Email:
Mail:
K3X Inc. – Attn: Privacy
1111B S Governors Ave.
Dover, DE 19904
United States
Phone:
For EU/UK privacy matters, our data protection point of contact can be reached at: