Privacy Policy

RESPONDO.AI

Policy describing how KeepFlow L.L.C-FZ collects, uses, stores, shares, and protects personal data in connection with respondo.ai.

Operator: KeepFlow L.L.C-FZ · Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.
Licence / Formation No. 2646796.01 / 2646796 · Effective date: 19 March 2026
Website: https://respondo.ai
Primary contact: [email protected]

Prepared as an English-language working draft for publication on respondo.ai.

This Privacy Policy explains how KeepFlow L.L.C-FZ (“KeepFlow”, “we”, “our”, or “us”) processes personal data in connection with the respondo.ai website, platform, integrations, support operations, marketing activities, and related services. It also explains the rights available to individuals under applicable data protection laws.

1. Scope and roles

This Privacy Policy applies to personal data collected through the Website, demo requests, account registration flows, billing and contracting activities, support interactions, and operation of the Services. It also applies when you communicate with us, subscribe to updates, attend events or webinars we organise, or otherwise interact with us in a business context.

Depending on the context, we may process personal data as an independent controller or as a processor/service provider acting on behalf of our business customers. When a business customer uses the Services to process support conversations, tickets, knowledge-base materials, end-user communications, or similar operational content, that customer typically decides why and how that personal data is processed. In those cases, the customer is the primary controller and we process the data on its instructions, subject to our contracts with that customer.

If you are an End User interacting with a business that uses the Services, you should generally direct privacy requests relating to the content of your support conversation to that business first. We may still assist our customer in responding to such requests where appropriate.

2. Personal data we collect

Identity and contact data, such as your name, employer, job title, email address, telephone number, postal address, and similar business contact details.

Account and profile data, such as username, login identifiers, authentication metadata, role, permissions, organisation details, and preferences.

Billing and transaction data, such as billing address, subscription details, invoices, payment status, tax details, and limited payment-related information received from payment processors.

Technical and device data, such as IP address, browser type, device identifiers, operating system, session identifiers, timestamps, approximate location based on IP, and diagnostic logs.

Usage and analytics data, such as pages viewed, feature interactions, clicks, navigation paths, connection settings, usage volumes, event logs, and aggregated service statistics.

Support and communications data, such as messages you send to us, call notes, email correspondence, feedback, survey responses, demo requests, and support tickets.

Customer Content and operational data, such as tickets, conversations, prompts, instructions, knowledge sources, helpdesk metadata, attachments, and other materials submitted to or processed through the Services.

Marketing and preference data, such as your subscription preferences, consent choices, and records of your engagement with our communications.

Cookie and similar technology data, as further described in our Cookie Policy.

3. How we collect personal data

Directly from you, when you create an account, request a demo, subscribe, contact us, attend an event, complete a form, connect an integration, upload content, or otherwise interact with us.

Automatically, through your use of the Website and Services, including through cookies, server logs, APIs, device data, and other telemetry or diagnostic tools.

From our customers and authorised users, including when they add colleagues to an account, connect data sources, invite team members, configure integrations, or submit support requests.

From third parties, such as payment processors, analytics providers, cloud or infrastructure vendors, communication tools, integration partners, resellers, identity providers, or publicly available business sources.

4. Purposes of processing and lawful bases

We process personal data only where we have a valid legal basis under applicable law. Depending on the context, these bases may include performance of a contract, compliance with legal obligations, our legitimate interests in operating and improving our business, your consent, or another lawful ground recognised by applicable law.

  1. to register and administer accounts, authenticate users, provide access controls, and deliver the Services;
  2. to ingest, host, retrieve, analyse, and generate Outputs from Customer Content for the purpose of operating the Services on behalf of our customers;
  3. to process payments, manage subscriptions, issue invoices, maintain books and records, and prevent payment fraud;
  4. to monitor performance, troubleshoot issues, maintain security, detect abuse, audit usage, and improve functionality, quality, and reliability of the Services;
  5. to provide customer and technical support, onboarding, training, and account-management services;
  6. to communicate with you about your account, subscriptions, service updates, legal notices, and policy changes;
  7. to send marketing communications where permitted by law and consistent with your preferences, and to measure the effectiveness of those communications;
  8. to comply with legal obligations, enforce our agreements, establish or defend legal claims, protect our rights, and respond to lawful requests from courts, regulators, or public authorities;
  9. to carry out corporate transactions, internal reporting, due diligence, financing, or similar legitimate business operations where lawful and appropriately safeguarded.

5. How we share personal data

We do not sell personal data in the ordinary meaning of that term. We may disclose personal data to the following categories of recipients, strictly as needed for the purposes described in this Privacy Policy and subject to appropriate contractual and organisational safeguards:

  • our affiliates and group companies where relevant to service delivery, corporate administration, compliance, finance, or support;
  • service providers and subprocessors that support hosting, infrastructure, analytics, security, communications, customer support, payment processing, identity management, model inference, or other operational functions;
  • integration providers and third-party services that you choose to connect, at your direction;
  • professional advisers such as lawyers, accountants, insurers, auditors, or financing counterparties, subject to confidentiality obligations;
  • governmental, regulatory, law-enforcement, tax, or public authorities where disclosure is required or permitted by law;
  • actual or prospective buyers, investors, merger parties, or other counterparties in connection with a corporate transaction, subject to appropriate confidentiality measures.

6. International transfers

We may store or process personal data in the United Arab Emirates and in other countries where we or our service providers operate. As a result, personal data may be transferred internationally to jurisdictions whose laws differ from those in your country of residence.

Where required by applicable law, we will implement appropriate transfer safeguards, which may include contractual protections, adequacy mechanisms, or other lawful transfer tools. By using the Services and providing personal data to us, you acknowledge that cross-border processing may occur as described in this Privacy Policy.

7. Security measures

We maintain reasonable administrative, technical, and organisational measures designed to protect personal data against unauthorised or unlawful access, loss, misuse, alteration, or disclosure. These measures may include access controls, role-based permissions, logging, encryption in transit and at rest where appropriate, supplier due diligence, incident-response processes, and internal confidentiality measures.

No method of transmission over the internet and no electronic storage system is completely secure. We therefore cannot guarantee absolute security. You are responsible for using strong credentials, limiting unnecessary access, configuring permissions appropriately, and maintaining your own security controls when using the Services.

If we become aware of a personal data breach affecting personal data for which we are responsible, we will take steps consistent with applicable law and our contractual obligations, including providing notifications where legally required.

8. Retention

We retain personal data for as long as reasonably necessary for the purposes for which it was collected, including to provide the Services, maintain business records, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, and protect our rights and those of others.

Retention periods vary based on the nature of the data, the applicable plan, technical and operational requirements, and legal or contractual obligations. When personal data is no longer needed, we will delete it, anonymise it, or securely archive it in accordance with applicable law and our retention practices.

9. Your privacy rights

Subject to applicable law and the context in which we process your personal data, you may have the right to request access to your personal data, correction of inaccurate or incomplete data, deletion, restriction of processing, portability, objection to certain processing, and withdrawal of consent where consent is the basis for processing. You may also have the right to complain to a competent supervisory authority.

To exercise your rights, please contact us at [email protected] or via the contact methods published on the Website. We may request information necessary to verify your identity and to understand the scope of your request. Where we act only as a processor on behalf of a customer, we may redirect your request to that customer or assist them in handling your request in line with our contractual obligations.

We will not discriminate against you for exercising privacy rights available under applicable law. However, some rights are not absolute and may be subject to legal exceptions, technical limitations, or obligations requiring us to retain certain information.

10. Marketing communications

Where permitted by law, we may send you product news, service announcements, event invitations, offers, and similar communications. You can opt out of non-essential marketing communications at any time by using the unsubscribe link in the message or by contacting us.

Even if you opt out of marketing, we may still send non-promotional messages necessary to administer your account, provide the Services, respond to support requests, or comply with legal obligations.

11. Cookies and similar technologies

We and our third-party partners may use cookies, local storage, pixels, SDKs, and similar technologies to operate the Website and Services, remember preferences, perform analytics, improve functionality, and, where applicable, support marketing activities. More detail is available in our Cookie Policy, including information about the types of cookies we may use and how you can manage them.

12. Third-party services and links

The Website and Services may contain links to third-party websites, documentation repositories, helpdesks, communication channels, file-storage providers, or other tools. We are not responsible for the privacy, security, or content practices of third parties. We encourage you to review the privacy notices of those third parties before interacting with them or enabling an integration.

13. Children

The Services are intended for business users and are not directed to children. We do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided personal data to us unlawfully, please contact us so that we can take appropriate action.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect legal, technical, or business developments. When we make material changes, we will publish the updated version on the Website and may provide additional notice through the Services or by email where appropriate. The “effective date” at the start of this policy indicates when the current version became effective.

15. Contact us

If you have questions about this Privacy Policy or our privacy practices, you may contact KeepFlow L.L.C-FZ at [email protected] or by writing to Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.