This Privacy Policy describes how Kitbees Inc., a Delaware C Corporation ("Kitbees," "we," "us," or "our"), collects, uses, discloses, and otherwise processes Personal Data in connection with our websites, applications, and related services (collectively, the "Services"), including creator discovery, creator analytics, campaign management, affiliate and tracking tools, outreach tools, AI-assisted analysis, and reporting.

"Personal Data" means any information that identifies, relates to, describes, or can reasonably be linked to an identified or identifiable natural person.

Kitbees is a business-to-business platform. Depending on the context, Kitbees may act either:

as a controller (or "business" under applicable U.S. law) for account administration, billing, security, product analytics, creator intelligence, and our own operations; or
as a processor (or "service provider") when we process customer-submitted outreach data, campaign data, outbound message content, or similar organization data solely on a customer's behalf.

If you are a creator, outreach recipient, or campaign contact whose data is processed in connection with a Kitbees customer's workflow, the relevant customer may also be a controller of your Personal Data.

1. Personal Data We Collect

1.1 Account and Organization Data

When users create or use a Kitbees account, we may collect names, work email addresses, organization names, role information, authentication identifiers, organization settings, and preferences.

1.2 Billing and Transaction Data

When a customer purchases a subscription or credits, we may collect billing contact information, billing addresses, plan details, invoice records, subscription status, and payment-processor identifiers. Payment card information is processed by our payment processor and is not stored directly by Kitbees.

1.3 Connected Google and Gmail Data

If you connect Gmail or another Google account to the Services, we may collect your Google account email address, basic profile information, OAuth grant information, access tokens, refresh tokens, granted scopes, sender identity information, outbound Gmail send metadata, Gmail message identifiers returned for messages sent through the Services, and outbound message content only as needed to send the messages you request.

We use Google user data only to provide and maintain Google-enabled Service features, such as account connection, sender verification, email sending, template workflows, abuse prevention, security, troubleshooting, and customer support. Kitbees uses Gmail access for outbound sending only. We do not request Gmail inbox-read scopes, read your Gmail inbox or existing messages, monitor replies, receive inbound responses from your Gmail account, or access attachments stored in your Gmail account. We do not use Google user data for advertising, retargeting, generalized data brokerage, or training general-purpose AI models.

Google access and refresh tokens are encrypted at rest and used to maintain the connection until you disconnect the integration, revoke access through Google, close the relevant account, or request deletion subject to lawful retention needs. You can revoke Kitbees' Google access through your Google account permissions or through the Services where available. After disconnection, we stop using the Google connection for new workflows and retain only limited logs, security records, suppression records, or historical organization records as described in this Policy.

We do not allow personnel to read outbound Google message content except where necessary for security, abuse prevention, debugging, support requested by the relevant customer or user, legal compliance, or internal operations needed to provide the outbound sending workflow. Kitbees's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

1.4 Outreach and Communications Data

If the Services are used for outreach, we may process sender and recipient details, subject lines, outbound message content, delivery status, send logs, and related metadata. We may also process support or feedback communications you send to us.

1.5 Creator, Audience, and Public-Source Data

Kitbees may collect or receive creator-related information from publicly available sources, licensed sources, customer inputs, and third-party platforms, including names, handles, profile URLs, biographies, location information, public contact details, profile images, posts, captions, hashtags, comments, engagement metrics, audience attributes, and collaboration history.

We may also generate inferred or modeled data such as creator summaries, audience estimates, content classifications, brand-safety indicators, quality signals, similarity scores, and ranking outputs using automated and AI-assisted tools. These tools are used to improve search, recommendations, and creator discovery — not to make decisions that produce legal or similarly significant effects on individuals. Data processed through these tools is not used to train general-purpose AI models.

1.6 Campaign, Tracking, and Workflow Data

If customers use campaign, affiliate, creative, or workflow features, we may process campaign details, creator selections, notes, labels, stages, deliverables, tracking links, destination URLs, UTM parameters, click data, conversion data, revenue data, attribution context, discount codes, exports, reports, moodboard images (uploaded or linked), AI prompts, generated images, and other generated creative assets.

1.7 Newsletter and Event Signups

If you sign up for our newsletters, webinars, events, or marketing communications, we may collect your name, email address, company information, and communication preferences.

1.8 Usage, Device, and Technical Data

We automatically collect certain technical information when the Services are used, such as IP address, approximate location derived from IP, device and browser information, request logs, timestamps, feature usage events, error logs, session identifiers, and similar telemetry.

1.9 Cookies and Similar Technologies

We and our service providers may use cookies, local storage, pixels, and similar technologies to operate and secure the Services, remember settings, understand usage, and improve the product. For more information, please refer to our [Cookie Policy].

1.10 Information from Third Parties

We may receive Personal Data from third parties such as social media platforms, public web sources, licensed data providers, Google, payment processors, email providers, e-commerce integrations, and customers using the Services.

2. How We Use Personal Data

We may use Personal Data for the following purposes:

Purpose	Description
Providing the Services	Operating, maintaining, and securing the platform; managing accounts, organizations, subscriptions, billing, and credits
Creator intelligence	Analyzing public or licensed creator content using automated and AI-assisted tools to improve search, recommendations, ranking, quality signals, and discovery features
Outreach and communications	Preparing, sending, queuing, and logging outbound outreach messages at the customer's direction
Campaign and tracking	Creating and maintaining campaign, affiliate, tracking, and reporting features, including click and conversion attribution
Integrations	Connecting and maintaining third-party integrations such as Gmail, payment providers, and e-commerce platforms
Support	Providing technical support and resolving issues
Security and fraud prevention	Detecting, preventing, and investigating fraud, abuse, security incidents, and Terms violations
Analytics and improvement	Monitoring usage, diagnosing errors, improving reliability, developing new features, and measuring performance
Communications	Communicating with users about the Services, updates, security notices, and requesting feedback
Marketing	Sending product updates, newsletters, webinar invitations, and educational content where permitted by law
Legal and compliance	Complying with legal obligations, enforcing agreements, protecting rights, and resolving disputes
Suppression management	Maintaining suppression lists and honoring deletion or objection requests

3. Legal Bases for Processing

Where data protection law requires a legal basis, Kitbees generally relies on:

Contract performance — to provide the Services you or your organization request;
Legitimate interests — such as operating and improving the Services, building creator intelligence features, securing the platform, and conducting ordinary business operations;
Consent — where required by law, such as for certain cookies or marketing communications;
Legal obligations — to comply with applicable laws and regulations.

For U.S. residents, processing is conducted for business purposes as defined under applicable state privacy law, including providing the Services, maintaining security, performing analytics, and fulfilling contractual obligations.

For customer-submitted outreach data, campaign data, and outbound message content processed solely on behalf of a customer, we process that data pursuant to the customer's instructions and the applicable customer agreement.

4.1 Service Providers

We may share Personal Data with vendors and service providers that help us operate the Services, including providers of hosting, databases, authentication, billing, email delivery, analytics, monitoring, support tools, and AI-enabled processing.

4.2 Customers and Authorized Users

Creator profiles, outbound outreach records, tracking results, campaign data, and related information may be visible to the customer account using those features within their organization.

4.3 Third-Party Integrations

Where a customer enables an integration (e.g., e-commerce platforms, email providers), we may exchange relevant Personal Data with the applicable third party to provide the requested functionality.

4.4 Legal and Security Disclosures

We may disclose Personal Data where we believe in good faith that doing so is necessary to: comply with applicable law or legal process; enforce our agreements; protect the rights, property, or safety of Kitbees, our customers, or others; or detect and prevent fraud or unlawful conduct.

4.5 Corporate Transactions

We may disclose or transfer Personal Data as part of a merger, acquisition, financing, bankruptcy, sale of assets, or similar corporate transaction.

4.6 With Consent or at Your Direction

We may disclose Personal Data where you or the relevant customer directs us to do so.

5. Data Retention

We retain Personal Data for as long as reasonably necessary for the purposes described in this Policy, including to provide the Services, maintain business records, comply with legal obligations, resolve disputes, protect security, prevent fraud and abuse, and honor privacy requests. Retention periods vary depending on the type of data, the context in which it was collected, legal requirements, and operational needs.

For example, account and organization data may be retained while the customer relationship is active and afterward as needed for account administration, support, security, legal, and compliance purposes. Billing and tax records are retained as needed for accounting, tax, dispute, fraud-prevention, and legal compliance purposes. Creator and public-source data may be retained while relevant to the Services, subject to updates, refreshes, and valid suppression requests. Outreach, campaign, tracking, Gmail connection, usage, technical, backup, suppression, and opt-out records are retained as needed to provide the relevant workflows, maintain security and reliability, troubleshoot issues, preserve business continuity, comply with legal obligations, and honor applicable requests.

When data is no longer needed, we delete it or retain it in de-identified form.

6. Your Rights and Choices

Depending on where you reside, you may have rights to:

Access and portability — request copies of your Personal Data, including in a machine-readable format;
Correction — request updates to inaccurate Personal Data;
Deletion — request deletion or anonymization of your Personal Data;
Restriction and objection — request restrictions on or object to certain processing;
Consent withdrawal — withdraw consent at any time where processing is based on consent (without affecting prior lawfulness);
Complaint — lodge a complaint with a competent data protection authority.

You may also unsubscribe from marketing emails using the link in any message or by contacting us.

To submit a privacy request, use the contact details in Section 12 and include enough information for us to reasonably verify the request, such as your email address, organization or company affiliation where applicable, creator profile URL or handle where applicable, and the right you want to exercise. We may request additional information needed to verify identity, authority, residency, or the scope of the request. Authorized agents must provide proof of authorization, and we may require direct confirmation from the individual where permitted by law.

We will respond within the time required by applicable law. We may decline, limit, or delay requests that are unverifiable, fraudulent, abusive, excessive, technically infeasible, legally restricted, or would adversely affect the rights and freedoms of others. Where we deny a request and applicable law provides an appeal right, we will provide instructions for appeal or reconsideration.

For creators and outreach recipients: If your data appears in the Services and you wish to exercise access, correction, deletion, or objection rights, please contact us using the details in Section 12. If you received outreach from a Kitbees customer, that customer is generally the controller for their outreach content and recipient lists, and we may direct certain requests to them. Kitbees may retain limited suppression metadata to ensure your request is honored.

7. U.S. State Privacy Disclosures

To the extent applicable U.S. state privacy law applies (including the California Consumer Privacy Act as amended by the CPRA, the Colorado Privacy Act, the Virginia Consumer Data Protection Act, the Connecticut Data Privacy Act, and similar laws):

Kitbees may collect the categories of Personal Data described in Section 1, from the sources described in Sections 1 and 4, and use or disclose them for the purposes described in Sections 2 and 4.
Kitbees does not intentionally collect or use sensitive Personal Data, as defined by applicable state privacy law, to infer characteristics about individuals. Customers must not submit sensitive Personal Data to the Services unless Kitbees has expressly approved that processing in writing.
Kitbees does not sell or share connected Gmail data, customer-submitted outreach content, or organization account data for cross-context behavioral advertising.
Kitbees does not knowingly sell or share the Personal Data of minors.
Kitbees does not currently offer financial incentives tied to the collection, retention, sale, or sharing of Personal Data.

Your rights under state law may include:

Confirming whether we process your Personal Data and accessing it;
Correcting inaccuracies;
Deleting your Personal Data;
Opting out of targeted advertising, sale, sharing, or certain profiling;
Appealing a denial of a privacy request.

Authorized agents may submit requests where permitted by law, subject to the verification and authorization requirements in Section 6. Where applicable law requires recognition of browser-based opt-out signals such as Global Privacy Control (GPC), Kitbees will honor valid signals for covered processing.

To exercise your rights, contact us using the details in Section 12. The request, verification, denial, and appeal process described in Section 6 applies to state privacy requests.

8. Cross-Border Data Transfers

Kitbees is based in the United States, and Personal Data may be transferred to and processed in the United States and other countries where Kitbees or its service providers operate. Where required by applicable law, we use appropriate safeguards for such transfers, such as Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms.

9. Security

Kitbees uses reasonable technical, administrative, and organizational safeguards designed to protect Personal Data from unauthorized access, disclosure, alteration, loss, or destruction. These measures include access controls, encryption in transit and at rest, authentication controls, logging, and security monitoring.

No method of transmission over the Internet or method of electronic storage is completely secure. Accordingly, we cannot guarantee absolute security.

10. Children's Privacy

The Services are business-to-business tools and are not directed to children under 13 or intended for use by minors. Account users must be at least 18 years old, or the age of majority in their jurisdiction, whichever is older, and must be authorized to use the Services on behalf of their organization. Kitbees does not knowingly collect Personal Data directly from children under 13 through account registration or user-directed use of the Services. If Kitbees learns that a child under 13 has created an account or submitted Personal Data directly to Kitbees, Kitbees will take reasonable steps to delete that information and disable the account, unless retention is required by law.

Because Kitbees processes public-source creator information, public content relating to minors may appear in the Services when made public by the relevant platform or account owner. If you believe Kitbees is processing a minor's Personal Data unlawfully, please contact us at privacy@kitbees.com so we can review and address the request.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice as required by applicable law and update the "Last Updated" date above.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise privacy rights, or want to contact us about our data practices:

Kitbees Inc., Delaware C Corporation
131 Continental Dr Suite 305
Newark, DE 19713
United States
Email: privacy@kitbees.com

Privacy Policy