Privacy Policy

Last updated: April 16, 2026

This Privacy Policy explains how Individual Entrepreneur Mikhail Makarov, Tbilisi, Georgia ("Kairoo", "we", "us") collects, uses, and protects personal data when you use the website at https://kairoo.pro and the application at https://app.kairoo.pro (the "Service").

This Policy is written with the EU/EEA General Data Protection Regulation (GDPR) and the UK GDPR in mind, and applies globally to all users of the Service.

1. Data Controller

For personal data of professionals (account holders) and visitors to our website, the data controller is Individual Entrepreneur Mikhail Makarov, Tbilisi, Georgia. For data about clients added to the Service by a professional, the professional is the data controller and Kairoo acts as a data processor on their behalf.

Contact: kairoo.project@gmail.com.

2. What Data We Collect

2.1 Account data

  • Name, email address, password (hashed by our authentication provider)
  • Profile information you provide: photo, business or practice name, biography, country, timezone, language, currency

2.2 Service data

  • Information about your services, sessions, packages, calendar availability, and notifications preferences
  • Information about your clients that you choose to upload (name, email, phone, timezone, notes, balance and session history)

2.3 Payment data

Payments are processed by Paddle (Paddle.com Market Limited) as Merchant of Record. We do not store full card numbers. We receive from Paddle the information needed to recognise your subscription status, such as your subscription ID, billing country, last four digits of the card, and invoice references.

2.4 Technical data

  • IP address, user-agent, device and browser information
  • Log data: pages visited, requests made, timestamps, error reports
  • Strictly necessary cookies and similar technologies used for authentication, session management, and security

3. How We Use Personal Data

We process personal data for the following purposes and on the following legal bases:

  • Providing the Service — to create and maintain your account, deliver the features you request, and keep your data available to you. Legal basis: performance of a contract with you.
  • Billing and accounting — to manage your subscription, issue receipts (via Paddle), and meet our tax and accounting obligations. Legal basis: performance of a contract and compliance with a legal obligation.
  • Communications — to send transactional emails and in-app notifications, respond to support requests, and notify you of important changes. Legal basis: performance of a contract or our legitimate interest in operating the Service.
  • Security and abuse prevention — to detect, investigate, and prevent fraud, abuse, and security incidents. Legal basis: our legitimate interest in protecting the Service.
  • Service improvement — aggregated analytics on how the Service is used. Legal basis: our legitimate interest in improving the product.
  • Legal compliance — to comply with applicable law and respond to lawful requests from authorities. Legal basis: compliance with a legal obligation.

We do not sell personal data, and we do not use your data or your clients' data to train machine-learning models.

4. Sub-Processors and Recipients

We share personal data only with service providers that help us operate the Service. Each provider is bound by a data-processing agreement and may only use your data on our instructions. Current sub-processors include:

  • Clerk Inc. — authentication, user identity (United States)
  • Paddle.com Market Limited — payments, invoicing, tax compliance (United Kingdom / European Union)
  • Novu Inc. — notification orchestration (United States)
  • DigitalOcean LLC — cloud hosting and managed databases (United States)
  • Cloudflare, Inc. — DNS, CDN, and edge security (United States)
  • Email-delivery provider — transactional email delivery

We may update this list as our infrastructure evolves; the current version is always available on this page.

5. International Transfers

We are based in Georgia (the country), and our sub-processors operate from the United States, the European Union, the United Kingdom, and other regions. Where we transfer personal data outside your country of residence, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or equivalent mechanisms.

6. Data Retention

We keep account data and Service data for as long as your account is active. If you cancel your subscription, your data is retained on the Free plan unless you delete your account. After account deletion, we delete or anonymise your personal data within 90 days, except where we are required to retain certain records (for example, billing records for tax purposes, typically up to 7 years).

7. Your Rights

Depending on your location you may have the following rights in relation to your personal data:

  • access to your personal data and a copy of it;
  • rectification of inaccurate or incomplete data;
  • erasure (the "right to be forgotten") in certain circumstances;
  • restriction of, or objection to, certain processing;
  • data portability;
  • withdrawal of consent where processing is based on consent;
  • the right to lodge a complaint with your local data-protection authority.

To exercise any of these rights, email kairoo.project@gmail.com. We will respond within the time period required by applicable law (typically 30 days under the GDPR).

8. Security

We use industry-standard technical and organisational measures to protect personal data, including encryption in transit (TLS), encryption at rest for our database backups, access controls, audit logging, and regular reviews of our infrastructure and dependencies. No system is perfectly secure; if you believe your account has been compromised, contact us at kairoo.project@gmail.com immediately.

9. Cookies

Our marketing site uses only strictly necessary cookies. The application uses cookies and similar storage to keep you signed in, to remember your preferences, and to protect your session against attacks (CSRF, session fixation). We do not use third-party advertising cookies.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us at kairoo.project@gmail.com and we will delete it.

11. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top of this page indicates when the Policy was last revised. Material changes will be announced through the Service or by email before they take effect.

12. Contact

For privacy-related requests: kairoo.project@gmail.com. General contact: kairoo.project@gmail.com.