Privacy Policy

1. Data Controller

KLO Intel, registered in Ireland. Contact: hello@klo.ie

2. Data We Collect

We collect personal data in two contexts:

Website visitors: Basic analytics (page views, referrer) via privacy-respecting analytics. No cookies are used for tracking.

Assessment clients: Name, email, phone, location, and any additional PII provided for the purpose of conducting an exposure assessment. This data is provided with explicit consent.

3. How We Use Your Data

• To conduct requested exposure assessments
• To deliver snapshot reports and intelligence briefings
• To monitor data brokers for your information (ongoing clients)
• To submit data removal requests on your behalf
• To communicate assessment findings and recommendations

4. Legal Basis

We process personal data under GDPR Article 6(1)(a) — explicit consent, and Article 6(1)(b) — performance of a contract. For ongoing monitoring, we rely on legitimate interest (Article 6(1)(f)) with the client's prior agreement.

5. Data Sharing & Third-Party Processing

As part of our exposure assessment service, your personal data (name, email, and other provided PII) is necessarily processed through third-party intelligence sources. This is a core part of the service you have consented to.

Assessment-specific processing includes:

• Data broker queries: Your name, email, and location are submitted to 437+ data broker APIs and opt-out systems to identify and remove your listings
• Breach database lookups: Your email address is checked against breach databases (e.g., Have I Been Pwned) to identify compromised credentials
• Username enumeration: Usernames associated with your identity are checked across 339+ platforms to map your digital footprint
• Public records: Your name and location may be used to query publicly accessible records and search engines
• AI-assisted analysis: Assessment data may be processed through AI services (OpenAI) for report generation, with PII minimised in prompts

We do not:

• Sell your personal data to any third party
• Share your data for marketing purposes
• Retain data beyond the agreed assessment period
• Use your data for any purpose other than the requested service

6. Data Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access is restricted to authorised personnel only. Our infrastructure is hosted on AWS with SOC 2 compliant security controls.

7. Data Retention

Assessment data is retained only for the duration of the active engagement plus 30 days. Upon termination, all data is permanently deleted in accordance with our Data Purge Policy. Free snapshot data is retained for 90 days, then automatically purged.

8. Your Rights

Under GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time

To exercise any of these rights, contact hello@klo.ie. We respond to all requests within 30 days.

9. Supervisory Authority

You have the right to lodge a complaint with the Data Protection Commission (DPC) of Ireland: www.dataprotection.ie