Privacy Policy
Last Updated: April 27, 2026
Introduction
Kyth (KYTH LLC, "Kyth," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect personal information when you use our website at kyth.ai (the "Site") and our AI-powered legal recruiting intelligence platform (the "Service" or "Platform").
By accessing or using the Site or Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Site or Service.
Important Note: This Privacy Policy applies to personal information we collect about our customers, individual users, and website visitors. The Kyth platform also contains publicly available attorney profile data and job posting data that we aggregate from law firm websites and other public sources. That data is addressed separately in Section 2 below.
For Customers (Law Firms): Where a customer firm has executed a Service Usage Agreement and a Data Processing Addendum with Kyth, Kyth's processing of that firm's Customer Data is governed by those agreements. This Privacy Policy applies to personal information about individual users (including the firm's Authorized Users) and to information collected through the Site.
1. Information We Collect
We collect the following categories of information:
1.1 Information You Provide Directly
Account Information: When you create an account or subscribe to the Service, we collect your name, email address, company/organization name, job title, phone number, and billing information.
Communications: When you contact us (via email, contact forms, or support requests), we collect the information you provide in those communications, including your name, email address, and the content of your message.
User-Generated Content: If you use features such as Kyth Chat or other note-taking or annotation features, we collect and store the content you create, including queries, prompts, notes, and saved searches.
1.2 Information Collected Automatically
Usage Data: When you use the Service, we automatically collect information about your interactions with the Platform, including pages viewed, searches performed, features used, AI queries submitted, links clicked, and time spent on various sections of the Platform.
Device and Technical Information: We collect information about the devices you use to access the Service, including IP address, browser type and version, operating system, device identifiers, and network information.
Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies on the Site and Service. These include strictly necessary cookies (required for the Service to function), preference cookies, analytics cookies (which help us understand product usage), and, on the Site, marketing cookies. For visitors located in the European Economic Area, the United Kingdom, or other jurisdictions that require prior consent for non-essential cookies, Kyth presents a cookie banner on first visit allowing you to accept or reject non-essential categories. A complete list of cookies, their purposes, providers, and retention periods is available in our Cookie Policy at kyth.ai/cookies. You may also control cookies through your browser settings, though disabling cookies may limit your ability to use certain features of the Service.
1.3 Information from Third-Party Sources
Authentication Providers: If you log in using a third-party service (such as Google SSO), we receive basic profile information from that service in accordance with their privacy policies and your privacy settings on those platforms.
2. Publicly Available Attorney Profile and Job Posting Data
Data Sources: Kyth aggregates publicly available professional information about attorneys from law firm websites and other publicly accessible sources. This data includes attorney names, biographies, practice areas, bar admissions, educational background, professional experience, firm affiliations, office locations, contact information, and other information that law firms publicly publish about their attorneys for marketing and business development purposes. We also collect publicly available job postings from law firm career pages.
Purpose: This data is collected and processed to provide recruiting research and market intelligence services to law firms, legal recruiters, and other customers. The data is used to power search, matching, and analysis features within the Kyth platform.
Legal Basis (GDPR): Where GDPR applies, we process this professional data on the basis of our legitimate interest in providing recruiting intelligence services. Attorneys have published this information publicly for professional and business purposes, and our processing is compatible with those purposes. We have conducted a Legitimate Interest Assessment that balances our processing against the rights and freedoms of data subjects.
Not a Consumer Reporting Agency: Kyth is not a consumer reporting agency as defined by the Fair Credit Reporting Act (FCRA). We aggregate publicly available professional information for recruiting research purposes, not for employment screening or background checks. Customers should use Kyth for candidate sourcing and market research, not as a substitute for proper employment verification or background checks.
Data Subject Rights: If you are an attorney whose profile appears in the Kyth platform and you wish to request access to, correction of, or deletion of your information, or to object to our processing, please contact us at privacy@kyth.ai. We will honor verified requests in accordance with applicable law (including the right to object under Article 21 GDPR and the right to erasure under Article 17 GDPR), except where we can demonstrate compelling legitimate grounds for continued processing that override your interests, rights, and freedoms, or where retention is required by law.
Data Freshness: We refresh attorney profile data daily and job posting data multiple times per day. However, data may be outdated, incomplete, or inaccurate at any given time. We do not warrant the accuracy, completeness, or currency of this data.
3. How We Use Your Information
We use the information we collect for the following purposes:
Providing the Service: To operate and deliver the Kyth platform, including AI-powered search, candidate matching, natural language query interpretation (IntelliSearch), conversational research (Kyth Chat), and other platform features.
Account Management: To create and manage your account, process payments, provide customer support, and communicate with you about your use of the Service.
Service Improvement: To analyze usage patterns, understand how customers interact with the Platform, improve our algorithms and AI models (using only our own aggregated, anonymized usage data — never identifiable customer content), develop new features, and enhance overall Service quality.
Security and Fraud Prevention: To protect the security and integrity of the Service, detect and prevent fraud, abuse, or unauthorized access, and comply with our legal and contractual obligations.
Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
Marketing and Communications: To send you product updates, newsletters, promotional materials, and other communications about Kyth. For users located in the European Economic Area, the United Kingdom, or other jurisdictions requiring opt-in consent for marketing communications, we send marketing emails only where you have explicitly consented; for users in other jurisdictions, we send marketing communications on an opt-out basis. You may opt out of marketing communications at any time by following the unsubscribe instructions in those messages or contacting us at hello@kyth.ai.
4. AI and Machine Learning Processing
Use of AI Technology: Kyth uses artificial intelligence and machine learning technologies throughout the platform, including for semantic search, candidate matching, natural language query interpretation, data extraction and normalization, and conversational AI features (Kyth Chat).
Third-Party AI Providers: We use third-party AI model providers to deliver certain AI-powered features, including Anthropic (Claude models), OpenAI (GPT models), and Google (Gemini and other models). When you use AI-powered features, your queries and inputs may be processed by these third-party providers in accordance with their own privacy policies and terms of service. A current list of AI subprocessors is maintained at trust.kyth.ai.
No Training on Customer Data: Kyth does not use Customer Data, user queries, or platform inputs to train or improve any generalized AI or machine-learning models. Our agreements with third-party AI model providers contractually prohibit those providers from training on Customer inputs. Your data is processed solely to provide the Service to you and is not used to train external AI systems.
Internal AI Improvement: We may use aggregated, anonymized usage telemetry (such as feature-usage frequency, latency, and error rates) to operate, monitor, secure, and improve our own systems. This telemetry does not include identifiable customer data, queries, or platform inputs.
5. How We Share Your Information
We do not sell your personal information. We share information only in the following circumstances:
Service Providers and Subprocessors: We share information with trusted third-party service providers who assist us in operating the Service, including hosting and infrastructure providers, AI model providers, analytics providers, and payment processors. A current and complete list of subprocessors is maintained in our Trust Center at trust.kyth.ai. These service providers are contractually required to protect your information and use it only for the purposes we specify. Where required by Applicable Data Protection Law, our customer-facing Data Processing Addendum provides for advance notice of new subprocessors and a customer right to object on reasonable data-protection grounds.
Legal Requirements: We may disclose information if required to do so by law or in response to valid legal process, such as a subpoena, court order, or government request. We may also disclose information when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with law enforcement requests.
Business Transfers: If Kyth is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred to the acquiring entity or successor organization. We will notify you of any such change in ownership or control of your personal information.
With Your Consent: We may share information with third parties when you have given us your explicit consent to do so.
6. Data Retention
Active Accounts: We retain your personal information for as long as your account is active or as needed to provide you with the Service.
Inactive Accounts: Accounts that have not been accessed for twenty-four (24) consecutive months may be flagged for deletion following written notice to the account holder.
Account Deletion (Individual / Consumer Accounts): If you close your account or request deletion of your data, we will delete your personal information from active production systems within thirty (30) to sixty (60) days of your request. Deleted data may remain in backup systems for up to ninety (90) days before being permanently purged, except as required by law.
Customer Accounts (Service Usage Agreement): For customer accounts governed by a Service Usage Agreement, the export and deletion timing set forth in that Agreement controls (currently a sixty (60) day post-termination export window followed by deletion within thirty (30) days, with backups subject to ordinary-course retention schedules).
Specific Retention Periods: We retain (a) billing and tax records for seven (7) years to comply with U.S. tax-record-keeping requirements; (b) customer support tickets and security logs for three (3) years for audit and dispute resolution; (c) marketing-consent and unsubscribe records for as long as required by applicable marketing law; and (d) information required to comply with legal holds, regulatory obligations, or active litigation for the duration of the relevant obligation.
7. Data Security
Kyth takes data security seriously and implements technical, administrative, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, or destruction.
Security Measures: Our security controls include encryption of data in transit (TLS) and at rest (AES-256), role-based access controls, multi-factor authentication for privileged access, logging and monitoring, regular security assessments, and incident response procedures.
Compliance and Certifications: Kyth is SOC 2 Type II certified by an independent third-party auditor. Our current SOC 2 Type II report is available upon request through the Kyth Trust Center at trust.kyth.ai. Kyth maintains GDPR-aligned privacy and data-protection practices as described in this Privacy Policy and our Data Processing Addendum.
No Guarantee: While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk. If you become aware of any security breach or unauthorized access, please contact us immediately at security@kyth.ai.
8. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information:
8.1 Rights for European Economic Area (EEA) and UK Users (GDPR)
If you are located in the EEA or UK, you have the following rights under the General Data Protection Regulation (GDPR):
- Right to Access: You have the right to request access to the personal information we hold about you.
- Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information.
- Right to Erasure: You have the right to request deletion of your personal information in certain circumstances.
- Right to Restriction: You have the right to request that we restrict processing of your personal information in certain circumstances.
- Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format.
- Right to Object: You have the right to object to processing of your personal information based on legitimate interests.
- Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your jurisdiction.
Legal Basis for Processing: We process personal information on the following legal bases under Article 6 GDPR: (a) performance of a contract (to provide the Service to you); and (b) legitimate interests (to improve our Service, ensure security, conduct business operations, and process publicly available professional information about attorneys for recruiting intelligence purposes, as described in Section 2). Where we rely on consent (for example, for non-essential cookies or marketing communications in jurisdictions that require opt-in), processing is conducted only on the basis of that consent.
8.2 Rights for California Users (CCPA / CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
- Right to Correct: You have the right to request correction of inaccurate personal information.
- Right to Opt-Out of Sale / Sharing: Kyth does not sell or share personal information as defined by the CCPA / CPRA.
- Right to Non-Discrimination: You have the right not to be discriminated against for exercising your privacy rights.
Categories of personal information collected, sources, and disclosures (CCPA / CPRA § 1798.100(b) disclosure):
| Category | Examples | Sources | Business / Commercial Purposes & Recipients |
|---|---|---|---|
| Identifiers | Name, email address, account ID, IP address, device identifiers | Directly from you; third-party SSO providers; automatically from device | Provide and operate the Service; account management; security and fraud prevention. Disclosed to: hosting and infrastructure subprocessors, AI model providers, analytics providers, payment processors |
| Customer records information (Cal. Civ. Code § 1798.80(e)) | Name, mailing address, phone number, billing information | Directly from you | Billing, account management, customer support. Disclosed to: payment processors, billing subprocessors |
| Commercial information | Subscription plan, transaction history, products / services purchased | From your use of the Service | Account management; billing; analytics. Disclosed to: payment processors, analytics subprocessors |
| Internet or other electronic network activity | Pages viewed, searches and queries submitted, features used, links clicked, time spent in the platform, AI prompts | Automatically from your interactions with the Service | Provide and improve the Service; security; product analytics. Disclosed to: hosting subprocessors, analytics providers |
| Geolocation (general) | IP-address-derived approximate location (city / region level) | Automatically from device | Security and fraud prevention; service localization. Disclosed to: hosting and security subprocessors |
| Professional or employment-related information | Job title, employer / firm, professional role | Directly from you; third-party SSO providers | Account management; service personalization; product marketing. Not disclosed to third parties for their own commercial use |
| Inferences | Match scores, search relevance signals, candidate fit indicators derived from queries and inputs | Derived by Kyth from your use of the Service | Provide and improve the Service. Not disclosed to third parties. |
No Sale or Sharing: Kyth does not "sell" or "share" personal information as those terms are defined under the CCPA / CPRA. We have not sold or shared personal information in the preceding twelve (12) months.
Sensitive Personal Information: Kyth does not collect or process categories of sensitive personal information requiring heightened CCPA / CPRA protections (such as Social Security numbers, precise geolocation, biometric identifiers, or content of communications) other than account-credential information collected for authentication purposes.
Retention Periods: See Section 6 for retention periods applicable to each category of personal information.
8.3 Exercising Your Rights
To exercise any of these rights, please contact us at privacy@kyth.ai or hello@kyth.ai. We will respond to your request within the timeframe required by applicable law (typically 30 days for GDPR requests and 45 days for CCPA requests). We may need to verify your identity before processing your request.
9. International Data Transfers
Kyth is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States and other countries. Where required by law (such as for transfers from the EEA or UK), we implement appropriate safeguards including the European Commission's Standard Contractual Clauses (Module Two: Controller-to-Processor) and the UK International Data Transfer Addendum.
10. Children's Privacy
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information. If you believe we have collected information from a child under 18, please contact us at privacy@kyth.ai.
11. Third-Party Websites and Services
The Service may contain links to third-party websites, services, or resources that are not operated by Kyth. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. If we make material changes, we will notify you by email (to the address associated with your account) or by posting a notice on our website prior to the change becoming effective. We will also update the "Last Updated" date at the top of this Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@kyth.ai
Address: KYTH LLC, 1201 Peachtree Street, N.E., Suite 100, Atlanta, GA 30361, USA
Privacy Inquiries: For general privacy inquiries, GDPR data subject requests, or CCPA / CPRA consumer requests, please contact privacy@kyth.ai. We will respond within the timeframes required by applicable law.