Legal
Privacy Policy
How Kalevent / InboxIQ collects, uses, and protects your information.
Effective date: 5 March 2026 · Applies to: kalevent.com, inboxiq.app, and all InboxIQ sub-domains
1. Who we are
Kalevent Ltd ("Kalevent", "we", "us") is a company registered in England and Wales (Company Number 15288801), with registered address at Future Space UWE North Gate, Filton Road, Bristol BS34 8RB, United Kingdom.
We operate InboxIQ — an AI-powered email support management platform. Questions about this policy: privacy@kalevent.com
2. What data we collect
| Category | Examples |
|---|---|
| Account data | Name, work email, password hash, role |
| Email content | Subject, body, sender/recipient addresses, timestamps — from connected inboxes only |
| Usage data | Feature interactions, login timestamps, IP address, browser/OS |
| Billing data | Payment method (tokenised — we never store card numbers), invoices |
We do not collect or process sensitive personal data (health, financial, biometric) unless explicitly required by a feature you enable.
3. How we use your data
- To provide and operate the InboxIQ service
- To apply AI-based triage, classification, and draft-reply suggestions to your support emails
- To identify leads and score engagement from email senders
- To send transactional emails (password reset, account alerts) — not marketing without consent
- To detect and prevent fraud, abuse, and security incidents
- To comply with legal obligations
We do not sell your data. We do not use your email content to train AI models.
4. AI processing and sub-processors
InboxIQ uses AI to process email content. By default, email content is sent to OpenAI's API for inference. OpenAI's API terms prohibit training on API inputs. A Data Processing Agreement is in place with OpenAI.
If you configure your own AI endpoint (Settings → AI Provider — "Bring Your Own LLM"), your email content is sent to your chosen provider instead. You are responsible for that provider's compliance.
Sub-processors we use:
- Amazon Web Services (AWS) — infrastructure, database, file storage (us-west-2)
- OpenAI — AI inference (when BYOL is not configured)
5. Data retention
| Data type | Retention | On deletion |
|---|---|---|
| Email content | 2 years from receipt | Hard delete |
| Ticket metadata | 3 years | Hard delete |
| Lead records | 2 years from last activity | Hard delete |
| Billing records | 7 years (legal requirement) | Anonymised only |
6. Your rights (GDPR / UK GDPR)
If you are in the UK or EU, you have the following rights:
- Access — request a copy of your personal data
- Erasure — request deletion of your data (Settings → Security → Delete account, or email us)
- Rectification — request corrections to inaccurate data
- Portability — request an export of your data in a machine-readable format
- Restriction — request we limit processing in certain circumstances
- Objection — object to processing based on legitimate interests
Submit requests to privacy@kalevent.com. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).
7. Security
We protect your data with encryption in transit (TLS 1.2+), encryption at rest (AES-256), logical account isolation, role-based access control, and optional two-factor authentication for all accounts. Our observability stack is self-hosted — traces and logs never leave our infrastructure.
Full details at kalevent.com/security.
8. Cookies
We use session cookies required for authentication. We do not use third-party advertising or tracking cookies. If we add analytics in future, we will update this policy and provide a consent mechanism.
9. Changes to this policy
We will notify you by email and/or in-app notice at least 14 days before any material change takes effect. The effective date at the top of this page will be updated.
10. Contact
Kalevent Ltd · Company Number 15288801
Future Space UWE North Gate, Filton Road, Bristol BS34 8RB, United Kingdom
privacy@kalevent.com