Kenyt.AI GDPR Policy

Goal of the Data Protection Policy

This policy aims to document Kenyt.AI’s approach to data protection in compliance with the EU General Data Protection Regulation (GDPR). It serves as a unified document to demonstrate our commitment to safeguarding personal data and may be shared with customers, partners, or regulators during audits or compliance reviews.

Preamble

Kenyt.AI is a conversational AI platform enabling businesses to deploy domain-specific AI agents across web, WhatsApp, phone, and other channels. In our role as a data processor and controller, we acknowledge the sensitivity of customer data and are committed to the highest standards of data protection, transparency, and user rights.

Security Policy and Responsibilities

Kenyt.AI embeds data protection as a core element of its platform and operations. Our internal data protection goals include:
– Ensuring the lawful, fair, and transparent processing of personal data.
– Minimizing data collection to what is necessary for the intended purposes.
– Protecting the integrity, confidentiality, and availability of personal data.

Roles and Responsibilities

– Data Protection Officer (DPO): Appointed to oversee GDPR compliance and respond to data subject requests.
– Engineering and Product Teams: Responsible for embedding privacy-by-design and security measures.
– Compliance & Legal: Ensures adherence to applicable data protection laws across jurisdictions.
– All Employees: Trained on GDPR principles and required to follow internal data handling guidelines.

Legal Framework

Kenyt.AI complies with:
– EU General Data Protection Regulation (GDPR)
– Indian IT Act (where applicable)
– Other local regulations, depending on the geographical scope of customer data.

Documentation and Review

Kenyt.AI maintains audit trails and documentation of data processing activities, including:
– Records of processing activities (RoPA)
– Data protection impact assessments (DPIA), where required
– Periodic internal audits and assessments

Data Protection Needs

Data handled by Kenyt.AI is classified and evaluated for confidentiality, integrity, and availability. Measures vary by data type and business function.

Technical and Organisational Measures (TOMs)

We implement appropriate technical and organizational measures in accordance with Article 32 of the GDPR, including:
– Pseudonymisation and Encryption of stored and transmitted data
– Access and Authorization Controls based on least-privilege principles
– Input, Transfer, and Entry Controls through secure API gateways and audit logging
– Availability Controls through redundant systems and disaster recovery plans
– Resilience and Recovery Procedures with regular backups and failover mechanisms
– Regular Reviews and Audits to assess system integrity and identify risks

Data Protection by Design and Default

Kenyt.AI incorporates privacy-by-design principles in all product development cycles. Default configurations are privacy-centric and minimize data exposure.

Incident Response

We maintain an Incident Response Plan to detect promptly, assess, and mitigate data breaches. Data subjects and supervisory authorities will be notified within 72 hours in the event of a breach, as required under GDPR.

Order Control and Sub-Processing

Kenyt.AI enters into Data Processing Agreements (DPAs) with all sub-processors. Sub-processors are vetted for GDPR compliance, and data transfers outside the EU rely on approved mechanisms such as Standard Contractual Clauses (SCCs).

Contact Us

If you have any questions about this summary, our Privacy Policy or our information practices, please email our legal experts at contact@kenyt.ai