Privacy Policy

Company name: Reactor Technology OÜ

Product name: Kshaf

Website: kshaf.ai

Address: Harju maakond, Tallinn, Kesklinna linnaosa, Narva mnt 5, 10117 Estonia

Contact email: info@kshaf.ai

Privacy contact: info@kshaf.ai

If you have questions about this Privacy Policy or wish to exercise your privacy rights, you can contact us at info@kshaf.ai.

If you are located in the European Union, you may also have the right to contact your local data protection authority. In Estonia, the relevant supervisory authority is the Estonian Data Protection Inspectorate.

We may collect and process the following categories of personal data:

2.1 Account and identity information

This may include:

a. full name;

b. business name;

c. job title or role;

d. email address;

e. phone number;

f. country, city, or business location;

g. login details;

h. account preferences; and

i. age confirmation or eligibility confirmation where required.

2.2 Business information

To create and manage your business website, we may collect:

a. business name;

b. business category or industry;

c. business description;

d. opening hours;

e. business address;

f. phone number;

g. WhatsApp number;

h. email address;

i. social media links;

j. Google Business Profile or map information;

k. services, products, pricing, or offers;

l. images, logos, brand assets, and website content;

m. reviews, testimonials, or publicly available business information; and

n. other information you provide so we can build or manage your website.

2.3 Billing and payment information

Payments are processed through Stripe or other payment processors we may use. We may collect and process:

a. billing name;

b. billing address;

c. email address;

d. subscription plan;

e. invoice details;

f. payment status;

g. transaction records; and

h. limited payment details provided by Stripe, such as the last four digits of a card, card brand, payment method type, or payment confirmation.

We do not store your full card number or full payment credentials on our own systems.

2.4 Website visitor and technical data

When you visit kshaf.ai, use the dashboard, or interact with a Kshaf-powered website, we may collect technical data such as:

a. IP address;

b. browser type and version;

c. device type;

d. operating system;

e. time zone;

f. referring website;

g. pages visited;

h. clicks and interactions;

i. session duration;

j. approximate location based on IP address;

k. error logs;

l. cookies and similar tracking technologies; and

m. analytics and performance data.

2.5 Communications and support data

When you contact Kshaf, request edits, submit support tickets, send emails, use live chat, or communicate with us, we may collect:

a. your name;

b. email address;

c. phone number;

d. business details;

e. message content;

f. attachments or files you provide;

g. support history;

h. edit requests; and

i. internal notes needed to resolve your request.

2.6 Free trial, cancellation, and refund data

If you start a free trial, cancel a plan, or request a refund, we may collect:

a. account details;

b. plan information;

c. cancellation reason;

d. refund request details;

e. service usage history; and

f. communications related to your trial, cancellation, or refund.

2.7 Marketing and preference data

We may collect:

a. marketing preferences;

b. email subscription status;

c. campaign interactions;

d. ad source or referral source;

e. survey responses;

f. feedback; and

g. whether you opened, clicked, or interacted with our communications.

2.8 Customer enquiries submitted through Business Websites

If a visitor submits a form, booking request, WhatsApp request, email request, or other enquiry through a Kshaf-powered Business Website, we may process:

a. visitor name;

b. visitor email address;

c. visitor phone number;

d. message content;

e. booking or service request details;

f. date and time of submission;

g. IP address or technical metadata; and

h. any other information the visitor chooses to submit.

This information is processed to deliver the enquiry to the relevant business and to operate the Business Website.

We do not intentionally collect special categories of personal data, such as information about race, ethnicity, religion, political opinions, trade union membership, health data, genetic data, biometric data, sexual orientation, or sex life.

You should not submit sensitive personal data to Kshaf unless it is strictly necessary for the Services and you have a lawful basis to do so.

If a Business Website collects sensitive information from its visitors, the business customer is responsible for ensuring that such collection is lawful, necessary, transparent, and compliant with applicable data protection laws.

We may collect personal data in the following ways:

a. directly from you when you create an account, start a trial, purchase a plan, request support, or provide website content;

b. automatically when you use kshaf.ai, the dashboard, or Kshaf-powered websites;

c. from payment processors such as Stripe;

d. from analytics, advertising, and tracking tools;

e. from third-party platforms you connect or authorize us to access;

f. from public sources, such as your business website, social media pages, Google Business Profile, directories, or other public business listings;

g. from referrals, partners, or agencies where you have agreed to be introduced to Kshaf; and

h. from communications between you and Kshaf.

We may use personal data for the following purposes:

a. to create and manage your Kshaf account;

b. to verify your identity and eligibility;

c. to provide the free trial;

d. to build, launch, host, and manage your Business Website;

e. to provide website edits, support, and customer service;

f. to connect or manage domain-related services;

g. to process payments, subscriptions, renewals, invoices, refunds, and failed payments;

h. to send account, billing, legal, security, and service notifications;

i. to improve website design, product features, hosting, speed, and user experience;

j. to provide SEO setup, AI-search-readiness, analytics, and website performance features;

k. to deliver visitor enquiries from your Business Website to your business;

l. to detect, prevent, and investigate fraud, abuse, security incidents, or misuse;

m. to comply with legal, tax, accounting, regulatory, and contractual obligations;

n. to send marketing communications where permitted by law;

o. to measure and improve our marketing campaigns;

p. to ask for feedback, reviews, or survey responses;

q. to enforce our Terms and Conditions; and

r. to protect the rights, safety, and property of Kshaf, our users, customers, and third parties.

Where GDPR or similar laws apply, we rely on one or more lawful bases to process personal data.

Performance of a contract means we process your data because it is necessary to provide the Services you requested.

Legitimate interests means we process your data where it is necessary for our business interests, provided those interests are not overridden by your rights and freedoms.

Consent means you have given us clear permission to process your data for a specific purpose, such as certain marketing or non-essential cookies.

Legal obligation means we process your data because we must comply with applicable laws, tax rules, accounting rules, regulatory requests, or legal claims.

We may send you emails, messages, or other communications about Kshaf services, product updates, offers, onboarding, tips, and promotions.

You may opt out of marketing communications at any time by:

a. clicking the unsubscribe link in our emails;

b. updating your preferences where available; or

c. contacting us at info@kshaf.ai.

Even if you opt out of marketing, we may still send you important service, account, billing, security, legal, or transactional messages.

We do not intend to send third-party marketing communications without consent where such consent is required by law.

Kshaf may use cookies, pixels, tags, local storage, tracking links, and similar technologies on kshaf.ai, the dashboard, and Kshaf-powered websites.

Cookies may be used to:

a. keep you logged in;

b. remember preferences;

c. secure the Services;

d. measure website performance;

e. understand how users use our website and dashboard;

f. improve the Services;

g. personalize content;

h. measure advertising performance; and

i. support marketing and retargeting where permitted.

Some cookies are essential for the Services to function. Other cookies, such as analytics or advertising cookies, may require your consent depending on applicable law.

You can manage cookies through your browser settings. If you block cookies, some parts of the Services may not work properly.

Where required, Kshaf may provide a cookie banner or consent tool to allow users to manage cookie preferences.

We may use analytics, advertising, and measurement tools to understand traffic, improve the Services, and measure campaign performance.

These tools may collect technical and usage data, such as IP address, device information, page views, clicks, referral source, and conversion events.

Depending on our current setup, these tools may include services such as:

a. Google Analytics;

b. Google Ads;

c. Meta Pixel;

d. LinkedIn Insight Tag;

e. Microsoft Advertising;

f. customer support tools;

g. product analytics tools; and

h. other similar platforms.

Where required by law, these tools will only be used after appropriate consent.

Kshaf uses Stripe to process payments, subscriptions, renewals, refunds, and billing-related transactions.

When you make a payment, your payment data is processed by Stripe according to Stripe's own terms and privacy policy.

Kshaf receives limited payment information from Stripe, such as payment status, invoice details, billing email, card brand, last four digits, and transaction references. We do not store full card numbers or full payment credentials on our own systems.

We may share personal data with trusted third parties where necessary to provide, operate, improve, protect, or market the Services.

This may include:

a. payment processors, including Stripe;

b. hosting and cloud infrastructure providers;

c. domain registrars and DNS providers;

d. email delivery providers;

e. analytics and advertising platforms;

f. customer support and communication tools;

g. CRM and business management tools;

h. security, fraud prevention, and monitoring providers;

i. contractors, team members, agencies, or service providers who support Kshaf;

j. professional advisers, including lawyers, accountants, auditors, and insurers;

k. regulators, authorities, courts, or law enforcement where required; and

l. business successors in connection with a merger, acquisition, restructuring, investment, or sale of assets.

We require service providers to process personal data only as necessary to provide their services and to protect personal data appropriately.

We may also share aggregated or anonymized data that does not directly identify you.

When a visitor contacts your business through a Kshaf-powered Business Website, the visitor's personal data may be shared with you so you can respond to the enquiry.

As the business using the Business Website, you are responsible for how you use visitor enquiries and customer data after you receive them.

You must use visitor data lawfully and only for appropriate business purposes, such as responding to enquiries, confirming bookings, providing services, or following up with customers where permitted by law.

You must not misuse visitor data, send unlawful spam, or process personal data without a valid legal basis.

Business Websites are intended to publish business information publicly. This may include your business name, logo, address, phone number, opening hours, service descriptions, images, prices, maps, social links, reviews, and other information you choose to display.

Once published online, this information may be indexed by search engines, AI search engines, directories, social platforms, or other third-party services. Kshaf cannot control how third parties index, cache, display, or remove publicly available information.

Kshaf may work with referral partners, agencies, consultants, or business partners who introduce customers to Kshaf.

If a partner refers you to Kshaf, we may receive your name, business name, email address, phone number, and relevant business information from that partner.

If you refer another business to Kshaf, you confirm that you have permission to share that person's or business's contact details with us.

We will use referral information only for appropriate business purposes, such as contacting the referred business, managing the referral, providing the Services, and handling any applicable referral arrangement.

Kshaf does not permit the use of its Services for spam, phishing, deceptive marketing, or unlawful communications.

You must comply with all applicable anti-spam, email marketing, SMS, telemarketing, and electronic communications laws in the countries where you operate.

If you believe a Kshaf-powered website or customer is being used for spam or abuse, contact us at info@kshaf.ai.

Kshaf may suspend or terminate accounts that violate this policy.

Kshaf is operated from Estonia and may use service providers located in the European Economic Area ("EEA") and outside the EEA.

Where personal data is transferred outside the EEA, we will take steps required by applicable law to protect the data. These steps may include using European Commission-approved Standard Contractual Clauses, adequacy decisions, data processing agreements, or other lawful transfer mechanisms.

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy.

Retention periods may depend on:

a. the type of data;

b. the reason we collected it;

c. whether your account or subscription is active;

d. legal, tax, accounting, or reporting obligations;

e. the need to resolve disputes or enforce agreements;

f. fraud prevention and security needs; and

g. technical backup and deletion cycles.

Examples:

a. account data may be kept while your account is active and for a reasonable period after cancellation;

b. billing records may be kept as required for tax and accounting purposes;

c. support communications may be kept to help resolve future issues and improve service quality;

d. website content may be deleted or archived after cancellation; and

e. analytics data may be retained in aggregated or anonymized form.

You may contact us at info@kshaf.ai to request more information about retention periods.

We take reasonable technical and organizational measures to protect personal data from unauthorized access, loss, misuse, alteration, disclosure, or destruction.

These measures may include access controls, encryption where appropriate, secure hosting, monitoring, backups, restricted internal access, and service provider controls.

However, no internet-based service is completely secure. We cannot guarantee that personal data transmitted through the internet or stored electronically will always be perfectly secure.

If we become aware of a personal data breach that requires notification under applicable law, we will notify affected users and/or relevant authorities as required.

Depending on where you live and the laws that apply, you may have rights over your personal data.

Under GDPR, these rights may include:

a. the right to access your personal data;

b. the right to correct inaccurate or incomplete data;

c. the right to request deletion of your personal data;

d. the right to restrict processing;

e. the right to object to certain processing;

f. the right to data portability;

g. the right to withdraw consent where processing is based on consent; and

h. the right to lodge a complaint with a data protection authority.

To exercise your rights, contact us at info@kshaf.ai.

We may need to verify your identity before responding to your request. We may refuse or limit requests where permitted by law, for example if a request is clearly unfounded, excessive, repetitive, or conflicts with legal obligations.

Kshaf is intended for business users who are at least 21 years old.

We do not knowingly collect personal data from children or from anyone under 21.

If we learn that a person under 21 has provided personal data to Kshaf, we may delete the information and close the account.

Kshaf websites and communications may contain links to third-party websites, platforms, tools, payment pages, maps, social media profiles, booking tools, or other services.

This Privacy Policy does not apply to third-party websites or services. We are not responsible for their privacy practices, content, security, or terms.

You should review the privacy policies of any third-party services you use.

Kshaf may use automated tools, AI-assisted systems, or internal workflows to help create website content, layouts, SEO structures, support responses, analytics, or service recommendations.

We do not intend to make decisions based solely on automated processing that produce legal or similarly significant effects on you, unless we notify you and comply with applicable legal requirements.

We may update this Privacy Policy from time to time.

The latest version will be posted on kshaf.ai or made available through the dashboard.

If we make material changes, we may notify you by email, dashboard notice, website notice, or another reasonable method.

Your continued use of Kshaf after the updated Privacy Policy becomes effective means you acknowledge the updated policy.

If you have questions, concerns, complaints, or requests about this Privacy Policy or your personal data, contact us at:

Reactor Technology OÜ

Harju maakond, Tallinn

Kesklinna linnaosa, Narva mnt 5

10117 Estonia

Website: kshaf.ai

Email: info@kshaf.ai

Privacy contact: info@kshaf.ai