Kineto Privacy Notice

Last updated: 16 April 2026

1. Introduction

KINETO LIMITED ("we", "us", "our") provides an AI-powered, no-code platform that enables users to build, deploy, and manage real applications without writing code (the “Service”). We also operate the website www.kineto.dev ↗, kineto.app** and mykineto.app (the “Website”). This Privacy Notice explains how we collect, use, and protect your personal data when you use our Website or Service. We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Data Controller: KINETO LIMITED, a company incorporated and registered in England and Wales with company number 16807588 whose registered address is at Tallis House, 2 Tallis Street, London, England, EC4Y 0AB If you have questions about this Privacy Notice or how your data is handled, please contact us at privacy@kineto.app ↗. We have appointed an EU representative under GDPR: JetBrains N.V., Terrace Tower, Gelrestraat 16, 1079 MZ Amsterdam, The Netherlands, for questions related to EU data processing please contact us at privacy@jetbrains.com ↗.

2. Personal Data We Collect

We collect and process personal data in the following contexts: A. When You Visit the Website

  • Technical data: IP address, browser type, device identifiers, operating system, referral URLs, and page interaction data.
  • Cookies and analytics data: collected through cookies and similar technologies (see Section 9).
  • Contact, demo and waitlist forms: name, company, email, and any additional details you provide.
  • Newsletter sign-ups: name and email address.

B. When You Use the Platform

  • Account data: name, email address, and encrypted password.
  • Project data: content, datasets, app configurations, and other material you upload or create.
  • Usage data: log files, API activity, workflow events, and model interaction statistics.
  • AI interaction data: prompts, completions, and metadata from AI features.
  • Payment and billing data: processed securely by our payment provider (e.g., Stripe).
  • Support data: any messages, attachments, or contextual information shared with our team.

We do not intentionally collect special category data (e.g., health data, political opinions, biometric information, racial or ethnic origin, religious beliefs, trade union membership, genetic data, data concerning sex life or sexual orientation, or criminal records).

3. How We Use Your Data

We process personal data for the following purposes:

PurposeExampleLegal Basis
To provide and maintain the ServiceAccount setup, app hosting, AI processingContract (Art. 6(1)(b))
To personalise and improve our AI featuresProduct optimisation, aggregated analyticsLegitimate interests
To handle billing and account managementPayment collection, invoicingContract / Legal obligation
To provide customer supportResponding to queries or bug reportsLegitimate interests
To send product updates and marketingNewsletters, event invitationsConsent (Art. 6(1)(a))
To secure and monitor the ServicePreventing abuse, detecting fraud or misuseLegitimate interests
To comply with legal obligationsTax, audit, or regulatory requestsLegal obligation (Art. 6(1)(c))

Where we rely on legitimate interests as our legal basis, we have conducted balancing tests to ensure our interests do not override your fundamental rights and freedoms. These assessments consider:

  • The nature of our legitimate interest
  • The impact on you
  • Any safeguards we can implement
  • Your reasonable expectations
  • The broader context of our relationship

4. Website Privacy

When you visit our Website:

  • Cookies and Analytics: We use cookies and analytics tools (e.g., Google Analytics, Plausible) to understand visitor behaviour and improve site performance. You can control cookie preferences through our Cookie Banner or your browser.
  • Contact Forms: Data submitted via contact or demo forms is used to respond to your request and may be stored in our CRM (e.g., HubSpot).
  • Marketing Tools: With your consent, we use marketing automation tools (e.g., Mailchimp, HubSpot) to send you relevant updates.
  • External Links: Our Website may link to third-party sites (e.g., GitHub, LinkedIn). We are not responsible for their privacy practices.

5. AI Features and Data Processing

Our platform includes AI-assisted features such as text generation, code suggestions, and automation design.

  • Prompt and response data are processed solely to deliver the AI functionality requested by you.
  • We do not use customer data to retrain public AI models.
  • We may use anonymised, aggregated statistics to improve the quality, fairness, and safety of our AI models.
  • You retain full ownership of the content, data, and applications you create.

6. Sharing Your Data

We share your data only with trusted third parties that help us operate our Website and Service, including:

  • Hosting providers (e.g., AWS, Google Cloud)
  • Payment processors (e.g., Stripe)
  • Analytics and marketing services
  • AI model providers (e.g., OpenAI, Anthropic, or similar, when applicable)

All third parties are subject to strict data processing agreements that ensure security and compliance. A full list of our subprocessors — including their roles and locations — is available in our Subprocessors List ↗, which we update regularly. We may also share data with regulatory or legal authorities, when required by law.

7. International Data Transfers

If we transfer data outside the UK (e.g., to cloud or AI providers based abroad), we use lawful transfer mechanisms such as:

  • Adequacy regulations, or
  • International Data Transfer Agreements (IDTAs) and UK Addenda to EU Standard Contractual Clauses (SCCs).

Copies of applicable safeguards are available upon request.

8. Data Retention

We keep personal data only as long as necessary for the purposes described in this Privacy Notice, or as required by law. Specific retention periods:

  • Account and billing data: up to 6 years after closure.
  • AI and project data: deleted or anonymised within 90 days after deletion by the user.
  • Website analytics data: retained for up to 12 months, then anonymised.
  • Marketing data: retained until consent is withdrawn.

We may keep your information for longer periods if:

  • You make a complaint that we need to investigate or respond to
  • We reasonably believe legal action involving our relationship with you might occur
  • The law requires us to keep it for specific timeframes

When determining how long to keep your information, we consider:

  • How much information we have and how sensitive it is
  • The risk of harm if the information was accessed without permission
  • Whether we can achieve our purpose in other ways
  • What legal, regulatory, tax or accounting rules require
  • The nature of our relationship with you and the services we provide

Once we no longer need your personal data, we will securely delete or destroy it in accordance with our data retention policies and legal requirements.

You can request information about retention periods for your data and ask for early deletion where legally possible.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Enable secure and functional operation of the Website and Service.
  • Analyse usage and performance.
  • Personalise content and marketing (only with your consent).

You can manage cookies through our Cookie Settings or your browser preferences. For detailed information, please review our Cookie Policy. ↗

10. Security

We maintain appropriate technical and organisational measures to protect personal data, including:

  • Encryption in transit and at rest.
  • Role-based access control.
  • Secure data hosting with redundancy.
  • Regular security reviews and audits.

Despite these measures, no online system can be completely secure. We recommend you use strong passwords and enable additional security features where available.

11. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the Information Commissioner's Office without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

  • If we become aware of a data breach, we will:
  • Take immediate steps to contain the breach
  • Assess the nature and severity of the breach
  • Report the breach to the Information Commissioner's Office (ICO) without undue delay
  • Notify affected individuals if the breach is likely to result in a high risk to your rights and freedoms

If you believe your account or data has been compromised, please contact us immediately at privacy@kineto.app ↗ so we can investigate and take appropriate action.

12. Automated Decision Making and Profiling

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Currently, we do not make decisions based solely on automated processing that produce legal effects or similarly significantly affect you. We may use automated processing for website analytics, personalising your experience, and detecting fraud or security threats, but these do not produce legal effects or similarly significantly affect you.

Where we use automated decision-making that significantly affects you, we will:

  • Inform you of the logic involved
  • Explain the significance and envisaged consequences
  • Provide you with the right to human intervention
  • Allow you to express your point of view
  • Enable you to contest the decision

If this changes, we will update this Privacy Notice and notify you accordingly.

13. Children’s Privacy

Our Website and Service are not directed at children under the age of 13. We do not knowingly collect personal data from children under the age of 13, without appropriate parental or guardian consent. If you are under 13, please do not provide personal data to us without first asking your parent or guardian for permission. If we become aware that personal data from a child under 13 has been collected, we will take steps to delete that information as quickly as possible. If you believe a child has provided us with personal information, please contact us immediately at privacy@kineto.app ↗.

Parents and guardians have the right to:

  • Review any personal data we hold about their child
  • Request correction or deletion of their child's personal data
  • Refuse or withdraw consent for further collection or use of their child's data
  • Contact us with any concerns about their child's privacy

If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at privacy@kineto.app ↗.

14. Your Data Protection Rights

Under the UK GDPR, you have the right to:

  • Access your personal data.
  • Rectify incorrect or incomplete information.
  • Erase data (“right to be forgotten”).
  • Restrict or object to processing.
  • Port your data to another service.
  • Withdraw consent (where applicable).

To exercise your rights, email privacy@kineto.app ↗. You also have the right to file a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk ↗.

15. Limitations on your rights

While we respect all your data protection rights, there are some circumstances where we may not be able to comply with your request, including:

  • Where we have a legal obligation to retain or process your data
  • Where processing is necessary for the establishment, exercise, or defence of legal claims
  • Where we need to process your data to comply with regulatory requirements
  • Where your request would adversely affect the rights and freedoms of others
  • Where the request is manifestly unfounded or excessive

If we cannot comply with your request, we will explain why and inform you of your right to complain to the ICO.

To protect your privacy and security, we may need to verify your identity before responding to your request. We may ask for proof of identity and will respond within one month (extendable to three months for complex requests).

We will not charge a fee for processing your request unless your request is manifestly unfounded or excessive, or you request further copies of information we have already provided to you.

These rights are available under data protection law, though some may not apply in every situation. We'll let you know if any limitations apply when you make a request.

16. Making a complaint

If you're unhappy with how we've used your personal data, please get in touch with us first using the contact details below. When you contact us:

  • Give us full details about your complaint
  • We'll investigate your concerns promptly
  • We'll respond to you in writing explaining what we found and what we'll do to address your complaint

You can also make a complaint directly to the Information Commissioner's Office (ICO), the UK's data protection regulator, at any time.

The ICO's address: Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Helpline number: 0303 123 1113 Website: https://www.ico.org.uk/make-a-complaint ↗

You don't have to contact us first before going to the ICO, but we'd appreciate the opportunity to try to resolve your concerns directly with you.

17. Updates to This Privacy Notice

We may update this Privacy Notice from time to time. When we make material changes, we will notify you through the Website, the platform, or by email privacy@kineto.app ↗. The latest version is always available at https://kineto.dev/legal/privacy-notice ↗.