Legal
Privacy Policy
How Kalevent / InboxIQ collects, uses, and protects your information.
Effective date: 5 March 2026 ยท Applies to: kalevent.com, inboxiq.app, and all InboxIQ sub-domains
1. Who we are
Kalevent Ltd ("Kalevent", "we", "us") is a company registered in England and Wales (Company Number 15288801), with registered address at Future Space UWE North Gate, Filton Road, Bristol BS34 8RB, United Kingdom.
We operate InboxIQ โ an AI-powered email support management platform. Questions about this policy: privacy@kalevent.com
2. What data we collect
| Category | Examples |
|---|---|
| Account data | Name, work email, password hash, role |
| Email content | Subject, body, sender/recipient addresses, timestamps โ from connected inboxes only |
| Usage data | Feature interactions, login timestamps, IP address, browser/OS |
| Billing data | Payment method (tokenised โ we never store card numbers), invoices |
We do not collect or process sensitive personal data (health, financial, biometric) unless explicitly required by a feature you enable.
3. How we use your data
- To provide and operate the InboxIQ service
- To apply AI-based triage, classification, and draft-reply suggestions to your support emails
- To identify leads and score engagement from email senders
- To send transactional emails (password reset, account alerts) โ not marketing without consent
- To detect and prevent fraud, abuse, and security incidents
- To comply with legal obligations
We do not sell your data. We do not use your email content to train AI models.
4. AI processing and sub-processors
InboxIQ uses AI to process email content. By default, email content is sent to OpenAI's API for inference. OpenAI's API terms prohibit training on API inputs. A Data Processing Agreement is in place with OpenAI.
If you configure your own AI endpoint (Settings โ AI Provider โ "Bring Your Own LLM"), your email content is sent to your chosen provider instead. You are responsible for that provider's compliance.
Sub-processors we use:
- Amazon Web Services (AWS) โ infrastructure, database, file storage (us-west-2)
- OpenAI โ AI inference (when BYOL is not configured)
5. Data retention
| Data type | Retention | On deletion |
|---|---|---|
| Email content | 2 years from receipt | Hard delete |
| Ticket metadata | 3 years | Hard delete |
| Lead records | 2 years from last activity | Hard delete |
| Billing records | 7 years (legal requirement) | Anonymised only |
6. Your rights (GDPR / UK GDPR)
If you are in the UK or EU, you have the following rights:
- Access โ request a copy of your personal data
- Erasure โ request deletion of your data (Settings โ Security โ Delete account, or email us)
- Rectification โ request corrections to inaccurate data
- Portability โ request an export of your data in a machine-readable format
- Restriction โ request we limit processing in certain circumstances
- Objection โ object to processing based on legitimate interests
Submit requests to privacy@kalevent.com. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).
7. Security
We protect your data with encryption in transit (TLS 1.2+), encryption at rest (AES-256), logical account isolation, role-based access control, and optional two-factor authentication for all accounts. Our observability stack is self-hosted โ traces and logs never leave our infrastructure.
Full details at kalevent.com/security.
8. Cookies
We use session cookies required for authentication. We do not use third-party advertising or tracking cookies. If we add analytics in future, we will update this policy and provide a consent mechanism.
9. Changes to this policy
We will notify you by email and/or in-app notice at least 14 days before any material change takes effect. The effective date at the top of this page will be updated.
10. Contact
Kalevent Ltd ยท Company Number 15288801
Future Space UWE North Gate, Filton Road, Bristol BS34 8RB, United Kingdom
privacy@kalevent.com