Privacy Policy

Last updated: January 2026

1. Introduction

At KiteMind, operated by KiteHouse, we respect your privacy and are committed to protecting the personal data you entrust to us. This Privacy Policy explains how we collect, use, store, and protect information when you use our WhatsApp automation platform with artificial intelligence.

This policy applies to:

  • Businesses that use KiteMind (our direct customers)
  • End customers who interact with the AI assistant through WhatsApp
  • Visitors to our website

2. Data Controller

The data controller responsible for your personal data is:

  • Company: KiteHouse
  • Contact email: privacy@kitemind.io
  • Website: kitemind.io

3. Data We Collect

3.1 Business Data (Direct Customers)

When you register and use KiteMind, we collect:

  • Account information: name, email, phone, password (encrypted)
  • Business information: trade name, industry, address, operating hours
  • Service information: service catalog, prices, duration
  • Usage data: dashboard access, configurations made, usage metrics

3.2 End Customer Data

When your business's customers interact with the AI assistant, we process:

  • WhatsApp phone number
  • Name (if provided)
  • Message content from the conversation
  • Preferences and requests expressed during conversations
  • Appointment and reservation history

3.3 Technical Data

We automatically collect:

  • IP address
  • Browser type and device
  • Operating system
  • Pages visited and browsing time
  • Cookies and similar technologies (see section 12)

4. How We Use Your Data

We use the collected information to:

4.1 Service Provision

  • Process and respond to WhatsApp messages through the AI assistant
  • Manage appointments and reservations
  • Customize assistant responses according to your business
  • Provide access to the dashboard and its features

4.2 Service Improvement

  • Analyze usage patterns to improve the platform
  • Train and improve our AI models (using anonymized data)
  • Identify and fix technical errors

4.3 Communication

  • Send important notifications about the service
  • Respond to your support inquiries
  • Inform you about updates and new features

4.4 Legal Compliance

  • Comply with applicable legal obligations
  • Protect our legal rights
  • Prevent fraud and service misuse

5. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract performance: To provide the service you contracted
  • Consent: For marketing communications (you can withdraw it at any time)
  • Legitimate interest: To improve our services and prevent fraud
  • Legal obligation: To comply with applicable legal requirements

6. Data Sharing with Third Parties

We share data only with third parties necessary to provide the service:

6.1 Service Providers

  • Artificial intelligence providers: For natural language processing of the assistant
  • Messaging services: For sending and receiving WhatsApp messages
  • Authentication services: For secure account and access management
  • Cloud hosting services: For secure data storage
  • Analytics services: To understand platform usage

AI Provider Processing: Messages processed by the assistant may be sent to external artificial intelligence providers for analysis and response generation. These providers may operate outside of Mexico and process data on servers located in the United States or other countries. We ensure that such providers comply with appropriate data protection standards and that they do not use the information to train their models without our explicit consent.

6.2 Third-Party Commitments

All our providers are contractually obligated to:

  • Protect data confidentiality
  • Use data only for specified purposes
  • Implement adequate security measures
  • Notify us of any security breach

6.3 We Do Not Sell Your Data

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

7. International Transfers

Some of our service providers may be located outside of Mexico. In these cases:

  • We ensure adequate safeguards exist to protect your data
  • We verify that providers meet equivalent protection standards
  • We implement standard contractual clauses when necessary

8. Data Security

We implement technical and organizational measures to protect your data:

8.1 Technical Measures

  • Encryption of data in transit (TLS/SSL) and at rest
  • Multi-tenant architecture with data isolation per customer
  • Role-based access controls
  • Continuous security monitoring
  • Automatic encrypted backups

8.2 Organizational Measures

  • Access limited to authorized personnel
  • Data protection training
  • Internal information security policies
  • Periodic risk assessments

8.3 Incident Response

In the event of a security breach affecting your personal data, we will notify you within 72 hours of becoming aware of the incident, in accordance with applicable law.

8.4 Security Note

While we implement reasonable security measures aligned with the current size and maturity of the platform, no system is completely infallible. We continuously evaluate and improve our security practices as KiteMind evolves.

9. Data Retention

We retain your data for as long as necessary to fulfill the purposes described:

  • Account data: While you maintain an active account, plus 90 days after cancellation
  • Conversations and appointments: While you maintain an active account, plus 90 days
  • Billing data: 5 years for tax obligations
  • Security logs: 6-12 months
  • Anonymized data: May be retained indefinitely

10. Your Rights

In accordance with the Mexican Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and international standards like GDPR, you have the right to:

10.1 ARCO Rights (Mexico) / GDPR Rights (EU)

  • Access: Know what personal data we have about you
  • Rectification: Correct inaccurate or incomplete data
  • Cancellation/Erasure: Request deletion of your data
  • Opposition/Restriction: Object to data processing for specific purposes

10.2 How to Exercise Your Rights

To exercise any of these rights, send a request to privacy@kitemind.io including:

  • Your full name
  • Email address associated with your account
  • Clear description of the right you wish to exercise
  • Documents proving your identity

10.3 Response Timeframes

We will respond to your request within 20 business days of receipt. This period may be extended by an additional 20 business days in complex cases, with prior notification.

11. Shared Responsibility

11.1 Your Responsibility as a Business

By using KiteMind, you are the data controller for your end customers' data. This means you must:

  • Inform your customers that you use an AI assistant
  • Obtain necessary consents according to your jurisdiction
  • Handle rights requests from your end customers
  • Comply with data protection laws applicable to your business

11.2 Our Responsibility

KiteMind acts as a data processor for your end customers' data. We commit to:

  • Process data only according to your instructions
  • Implement adequate security measures
  • Notify you of any rights requests we receive directly
  • Assist you in complying with your legal obligations

12. Cookies and Similar Technologies

Our website and dashboard use cookies for:

  • Essential cookies: Necessary for service operation
  • Performance cookies: To analyze usage and improve experience
  • Functionality cookies: To remember your preferences

You can manage your cookie preferences from your browser settings. Note that disabling certain cookies may affect service functionality.

13. Children

KiteMind is not directed at children under 13 years of age, and we do not knowingly collect information from minors. If you are a parent or guardian and believe your child has provided us with personal data, please contact us so we can delete that information.

14. Changes to this Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via the email address registered to your account or through a prominent notice on our website. The "last updated" date at the beginning of the document indicates when the most recent changes were made.

15. Contact

If you have questions, comments, or concerns about this Privacy Policy or how we handle your personal data, you can contact us at:

  • Email: privacy@kitemind.io
  • Website: kitemind.io
  • Company: KiteHouse

16. Applicable Legislation

This Privacy Policy is governed by the Mexican Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP) and its Regulations. For users outside Mexico, we also consider the principles of the European Union's General Data Protection Regulation (GDPR).