Privacy Policy for Kleap

Last updated: February 19, 2026

This Privacy Policy explains how Kleap Technologies SA collects, uses, and protects your personal information. We comply with the Swiss Federal Act on Data Protection (FADP), the revised Swiss Data Protection Act (revDPA), and the General Data Protection Regulation (GDPR) where applicable.

1. Data Controller

2. Information We Collect

2.1 Account Information

• Name and email address
• Company name (optional)
• Profile information

2.2 Payment Data

Payment processing is handled by Stripe. We do not store credit card numbers on our servers. We retain transaction records for accounting purposes.

2.3 Website Content

• Website files, pages, and configurations you create
• Custom domain information
• Uploaded images and media
• Database content (if using Supabase integration)

2.4 AI Interaction Data

• Prompts and messages sent to our AI assistant
• AI-generated content and code
• Conversation history within your projects

2.5 Technical Data

• IP address and browser information
• Device type and operating system
• Usage patterns and feature interactions
• Error logs and performance data

2.6 Cookies

We use:

• Essential cookies: Required for authentication and core functionality
• Analytics cookies: To understand usage patterns (optional)
• Preference cookies: To remember your settings

3. Legal Basis for Processing

We process your data based on:

• Contract performance: To provide our services
• Legitimate interests: To improve our platform and prevent fraud
• Legal compliance: To meet regulatory requirements
• Consent: For optional features like marketing communications

4. How We Use Your Data

• Providing and maintaining the Kleap platform
• Processing AI requests for website generation
• Deploying and hosting your websites via Vercel
• Managing database resources via Supabase
• Processing payments and subscriptions
• Providing customer support
• Improving our services and developing new features
• Sending transactional emails (account updates, important notices)
• Marketing communications (with your consent)

5. Data Sharing

5.1 Service Providers

We share data with trusted third-party services:

• Stripe: Payment processing
• Supabase: Database and authentication
• Vercel: Website hosting and deployment
• OpenAI / Anthropic / Google: AI processing
• Resend: Email delivery
• Sentry: Error monitoring
• Crisp: Customer support chat

5.2 Legal Disclosure

We may disclose data when required by law, court order, or to protect our rights and prevent fraud.

5.3 No Sale of Data

We do not and will never sell your personal data to third parties.

6. Data Security

We protect your data through:

• TLS/SSL encryption for all data in transit
• AES-256 encryption for data at rest
• Role-based access controls
• Regular security audits
• 24/7 infrastructure monitoring
• Incident response procedures

7. Data Retention

• Account data: Retained during subscription + 30 days after closure
• Website content: Until deletion or 90 days after account closure
• Payment records: 7 years (legal requirement)
• Support communications: 2 years
• Analytics data: 13 months
• Security logs: 6 months

8. Your Rights (GDPR & Swiss Law)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data
• Restriction: Limit how we process your data
• Portability: Receive your data in a portable format
• Objection: Object to certain processing activities
• Withdraw consent: For consent-based processing

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

9. International Data Transfers

Your data is primarily stored in Switzerland and the European Economic Area (EEA). When transfers to other countries are necessary, we use Standard Contractual Clauses or rely on adequacy decisions to ensure appropriate protection.

10. Children's Privacy

Kleap is not intended for users under 16 years of age. We do not knowingly collect data from children. If we discover such data, we will delete it immediately.

11. AI Processing Information

Your prompts and website content are processed by AI language models (OpenAI, Anthropic, Google) to generate websites. Key points:

• AI interactions are associated with your account
• We may use anonymized, aggregated data to improve our AI systems
• You retain ownership of content generated through our AI features
• AI providers have their own privacy policies for data they process

12. Third-Party AI Assistant Integrations

Kleap integrates with third-party AI assistants (ChatGPT, Claude, and others) to enable website creation through conversational interfaces.

12.1 OAuth Connections

When you connect your Kleap account to a third-party AI assistant:

• You authorize the AI assistant to access your Kleap account via OAuth 2.0
• We share your app data, preview URLs, and project information with the connected service
• The AI assistant can create, modify, and deploy websites on your behalf
• You can revoke access at any time from your account settings
• OAuth tokens are securely stored and encrypted

12.2 API Key Access

If you create API keys for programmatic access:

• API keys grant full access to your account and data
• You are responsible for keeping your API keys secure
• We log API usage for security and billing purposes
• API keys can be revoked immediately if compromised
• We recommend rotating API keys every 90 days

12.3 Data Shared with AI Assistants

When using Kleap through third-party AI assistants, we share:

• Your app names, descriptions, and metadata
• Preview and production URLs
• File lists and project structure (not file contents unless explicitly requested)
• Deployment status and logs
• Credit balance and usage information

Third-party AI assistants have their own privacy policies. Please review:

• OpenAI Privacy Policy (for ChatGPT)
• Anthropic Privacy Policy (for Claude)

13. Third-Party Links

Our platform may contain links to external websites. We are not responsible for the privacy practices of these third-party sites.

14. Changes to This Policy

We may update this Privacy Policy periodically. For material changes, we will notify you via email at least 30 days in advance. The updated policy will be posted on this page with a new effective date.

15. Data Protection Officer

For privacy-related inquiries, contact our Data Protection Officer at: [email protected]

16. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

17. Contact Us

For any questions about this Privacy Policy or our data practices: