Privacy Policy

Last Updated: January 15, 2026

This Privacy Policy explains how KYTH LLC ("Kyth," "we," "us," or "our") collects, uses, and shares personal information when you visit our websites, use our platform and mobile applications, or otherwise interact with us (together, the "Services").

This Privacy Policy is incorporated by reference into our Kyth Customer Agreement.

1. Who We Are and Contact Details

KYTH LLC
1201 Peachtree Street, N.E., Suite 100
Atlanta, GA 30361, USA
Email: privacy@kyth.ai

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, Kyth is the "controller" of your personal data when we decide how and why it is processed in connection with our Services (subject to any DPA where we act as processor on behalf of a Customer).

2. Information We Collect

We collect the following categories of information:

Account & Contact Information

Name, email address, organization, role, and password. Billing contact information and subscription details.

Customer Data / Inputs

Content you upload or provide to the Services (e.g., client lists, candidate lists, spreadsheets, notes, and any other Customer Data you or your organization submit to Kyth Chat or other tools).

Usage & Log Data

IP address, device and browser characteristics, operating system, pages viewed, time spent, links clicked, and other usage metrics; Log data about interactions with Kyth Chat (e.g., timestamps, token counts, tools called).

Cookies & Similar Technologies

Cookies, pixels, and similar technologies used for authentication, preferences, analytics, and security.

Public / Third‑Party Data

Publicly available and licensed data about attorneys, firms, jobs, and related market information, collected from third‑party sources and integrated into the Kyth platform.

Information from Public Sources and Third Parties

We may collect personal information from public sources and third parties. These sources may include professional profiles, law firm or employer websites, court filings, legallications, news sources, conference materials, and other publicly available information. We may combine this information with information collected through the Services to provide and improve the Services, including to power search, enrichment, and recommendations.

Accuracy and Updates

Public and third-party information may be incomplete, outdated, or inaccurate. We take reasonable steps to keep information current when feasible, but we do not guarantee the accuracy of information obtained from public sources or third parties.

Requests to Correct Information

Individuals may request that we correct, update, or remove personal information that is inaccurate or outdated by contacting us using the Contact Us section below. We may request information to verify the request. We may deny or limit requests where we cannot verify identity, where we must retain information for legal or security reasons, or where the request is not required by applicable law. Where information is obtained from public sources or third parties, we may update our records but may not be able to correct the information at its source.

Support & Communications

Information you provide when contacting support, responding to surveys, or participating in beta programs.

Temporary Chat

Temporary Chat means a Kyth Chat mode in which the conversation transcript is not saved to chat history or memory. Limited Usage and Log Data may still be collected and retained for security, reliability, and compliance purposes.

If you use Kyth Chat in Temporary Chat, the conversation transcript will not be saved to your chat history and will not be used to build or update memory or personalization features.

What we still may collect

Even in Temporary Chat, we may collect and retain limited Usage & Log Data and security-related information (such as timestamps, device/browser information, token counts, error logs, and abuse prevention signals) to operate, secure, and improve the Services.

Retention for Temporary Chat

We retain Temporary Chat-related logs for a limited period consistent with our retention practices for security, fraud prevention, compliance, and system integrity. We do not retain Temporary Chat transcripts in chat history, but some data may persist temporarily in systems such as backups or incident logs.

Kyth Prompts means the text, instructions, or other content submitted to Kyth Chat (including prompts) and any outputs generated in response.

3. How We Use Personal Information

We use personal information for the following purposes:

  • Providing the Services: To create and manage accounts, authenticate users, provide Kyth data and Kyth Chat features, and maintain the platform.
  • Personalization & Product Improvement: To understand usage patterns and improve search relevance, user experience, workflows, and AI performance (using Usage Data as aggregated / de‑identified analytics).
  • Billing & Administration: To process payments, send invoices, and manage subscriptions.
  • Security & Abuse Prevention: To detect, prevent, and respond to security incidents, fraud, a misuse.
  • Legal & Compliance: To comply with applicable laws, respond to lawful requests, and enforce our agreements.
  • Marketing & Communications: To send information about new features, updates, and events, where permitted by law. You can opt out of marketing communications at any time.
  • AI Training & Model Improvement: We do not use Customer Data / Inputs submitted to Kyth Chat (including chat prompts and outputs) to train or fine-tune AI models. We may use Usage & Log Data to understand product usage, improve workflows, and enhance AI performance (e.g., reliability, latency, and feature quality).
  • AI Model Providers: When we use third-party AI model providers as service providers/sub-processors, we require them by contract to process Customer Data only to provide the Services to us and not to use Customer Data / Inputs to train or improve their own models.

4. Legal Bases for Processing (EEA/UK)

Where GDPR or UK GDPR applies, we rely on the following legal bases:

  • Contractual necessity: To provide and operate the Services and fulfill our agreements with you or your organization.
  • Legitimate interests: To improve and secure the Services, understand usage, and market to existing customers, where those interests are not overridden by your rights.
  • Consent: For certain cookies, marketing communications to non‑customers, or optional features where we ask for your consent.
  • Legal obligations: To comply with applicable laws, regulations, or court orders.

5. How We Share Information

We may share personal information with:

  • Service providers / sub‑processors who help us operate the Services (e.g., cloud hosting, analytics, payment processing, and AI model providers).
  • Your organization, if you use a business email or are part of an enterprise subscription (administrators may access usage information and some Customer Data).
  • Professional advisers, such as lawyers, auditors, and insurers, under confidentiality obligations.
  • Government authorities, where required by law or legal process.
  • Business transferees, in connection a merger, acquisition, financing, or sale of all or part of our business.

AI Model Providers (Subprocessors), When we use third-party AI model providers to deliver Kyth Chat or other AI features, those providers act as service providers/subprocessors processing Customer Data/Inputs on our behalf. We contractually restrict AI model providers from using Customer Data/Inputs (including prompts and outputs) to train or improve their models, and we require appropriate confidentiality, security, and limited-retention obligations consistent with providing the Services. A current list of our subprocessors (including AI model providers) and their locations is available in our Trust Center.

We do not sell or share personal information as those terms are defined under the CCPA/CPRA, and we do not disclose Customer Data or Kyth Prompts for cross‑context behavioral advertising.

Corporate Accounts and Administrator Access

If you use the Services through an account created or managed by an organization, your organization may have administrative control over your account. Depending on the organization’s settings and administrator permissions, administrators may access, view, download, export, delete, or restrict access to organization account content and related usage information. This may include content submitted to Kyth Chat, outputs generated by Kyth Chat, files uploaded to the Services, and workspace configuration data.

Your organization is responsible for its internal policies regarding access, monitoring, retention, and deletion of organization account data. If you have questions about how your organization manages your account or data, please contact your organization’s administrator.

6. International Transfers

Kyth is based in the United States and we may process and store personal information in the United States and other locations where we or our service providers operate. These locations may have data protection laws that differ from the laws of your state, province, or country.

Where required by applicablw, we use appropriate safeguards for cross-border transfers of personal information, which may include entering into data protection agreements and standard contractual clauses with recipients of the information.

If you have questions about international transfers or the safeguards we use, please contact us using the Contact Us section below.

7. Data Processing Agreement (DPA)

Where Kyth processes personal data on behalf of a Customer as a processor (or sub-processor), the terms of our Data Processing Agreement ("DPA") apply. This section summarizes key terms; the full DPA is available upon request.

Scope

The DPA applies to Customer Data that constitutes personal data under applicable data protection laws (including GDPR and UK GDPR) and is processed by Kyth on behalf of the Customer in connection with the Services.

Key Terms

Processing Instructions

Kyth processes Customer Data only in accordance with the Customer's documented instructions, which are set out in the Kyth Customer Agreement, the DPA, and through the Customer's use of the Services.

Security

Kyth implements appropriate technical and organizational measures to protect Customer Data against unauthorized access, loss, or destruction. These measures are described in our Security and Compliance section and Trust Center.

Sub-processors

Kyth may engage sub-processors to assist in providing the Services. A current list of sub-processors is available in our Trust Center. Customers may subscribe to notifications of sub-processor changes.

Data Subject Rights

Kyth assists Customers in responding to data subject requests (access, correction, deletion, portability) to the extent reasonably practicable and as required by applicable law.

Breach Notification

Kyth will notify the Customer without undue delay upon becoming aware of a personal data breach affecting Customer Data, and will provide information reasonably necessary to enable the Customer to meet its breach notification obligations.

Standard Contractual Clauses (SCCs)

For transfers of personal data from the EEA, UK, or Switzerland to countries not recognized as providing adequate protection, Kyth relies on the EU Standard Contractual Clauses (and UK Addendum where applicable) as a lawful transfer mechanism.

Requesting a DPA

Customers who require a signed DPA may request one by contacting us at privacy@kyth.ai.

8. Security and Compliance

We use administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These safeguards may include access controls, logging and monitoring, encryption in transit, and security reviews of our systems and vendors.

No method of transmission over the internet or method of electronic storage is completely secure. While we work to protect personal information, we cannot guarantee absolute security.

Security Incident Response

If we become aware of a security incident that affects personal information, we will investigate and take steps to mitigate the incident. Where required by applicable law or contract, we will provide notice to affected customers or individuals.

Compliance and Assessments

We may maintain security policies and undergo assessments of our security practices. Any descriptions of our security measures or assessments are provided for informational purposes and do not create a guarantee or warranty.

Additional details about our security practices may be available in our Trust Center.

GDPR Monitored by Delve

9. Data Retention

We retain personal information:

  • For as long as you have an active account;
  • For a reasonable period thereafter for backup, audit, and legal purposes; and
  • As required by law.

When a Customer terminates its subscription, we typically retain Customer Data in backups for up to 90 days, and may retain certain records longer for legal or accounting reasons, as set out in the Kyth Customer Agreement.

Additional Retention Details

To help users understand how retention works across different systems, we distinguish between:

  • (a) Customer Data and Inputs, including content submitted to Kyth Chat
  • (b) Usage and Log Data, including security and operational logs
  • (c) Account and transactional records, including billing, invoices, subscription and audit records

Deletion Requests

When you request deletion of personal information, we will delete or de-identify the relevant information from our active systems, subject to certain exceptions such as where we must retain information for legal compliance, security, fraud prevention, dispute resolution, or enforcing our agreements.

Backups

Deleted information may persist in backups for a limited period. When a Customer terminates its subscription, we typically retain Customer Data in backups for up to 90 days and may retain certain records longer for legal or accounting reasons, as set out in the Kyth Customer Agreement.

Temporary Chat

For Temporary Chat, we do not retain the conversation transcript in chat history or memory. However, limited Usage and Log Data may still be retained for security, reliability, and compliance purposes.

10. Your Rights

Depending on where you live and the nature of our relationship with you, you may have certain rights regarding your personal information. These rights may include the ability to request access to, correction of, deletion of, or a copy of your personal information, and to opt out of certain processing.

How to Submit a Request

You can submit a request by contacting us using the Contact Us section below. We may ask you for information to help verify your identity and your request. We may deny requests where we cannot verify identity, where an exception applies, or where the request is not required by applicable law.

Response Timing

We respond to verified requests within the time required by applicable law. If we need more time, we will notify you and explain the reason for the extension where required.

Opt-Out Rights

Where applicable, you may have the right to opt out of certain processing, such as targeted advertising, the sale or sharing of personal information, or profiling in furtherance of decisions that produce legal or similarly significant effects. Kyth does not sell or share personal information for cross-context behavioral advertising. If this changes, we will update this Policy and provide any required opt-out mechanisms.

Authorized Agents

If permitted by applicable law, you may designate an authorized agent to submit requests on your behalf. We may require proof that the agent is authorized to act for you and may also require you to verify your identity directly with us.

Appeals

If we deny your request, you may appeal our decision by contacting us using the Contact Us section below and stating that you are appealing a privacy request decision. We will review and respond to the appeal in accordance with applicable law.

11. Cookies and Tracking

We use cookies and similar technologies for authentication, preferences, analytics, and security. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

12. Age Eligibility

Our Services are intended for users 18 years of age and older. We do not knowingly collect personal information from individuals under 18.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or in‑product notice. Continued use of the Services after changes become effective constitutes your acceptance of the revised Policy.

For questions about this Pvacy Policy, please contact us at privacy@kyth.ai.