← Back

Privacy Notice

Last updated: June 29, 2026

1. Who we are

Keru Ai ("Keru", "we") operates the Keru AI service. We are the data controller of personal data processed through the Service. Contact: privacy@keru.ai.

2. Data we collect

  • Account data: name, email, password hash, profile image.
  • Content: messages, image uploads, generated outputs, memories you let Keru save.
  • Usage & device: pages visited, feature usage, IP address, browser/OS, timestamps.
  • Support: messages you send to us.
  • Payment data: handled by Paddle (our Merchant of Record). We receive subscription status and billing metadata, not full card details.

3. Why we use it & legal basis

  • Provide the Service (contract): account creation, chat, memory, image generation.
  • Security & fraud prevention (legitimate interests): abuse detection, rate limits, audit logs.
  • Service improvement & analytics (legitimate interests): aggregated usage metrics.
  • Customer support (contract / legitimate interests).
  • Marketing (consent, where required): product updates if you opt in.
  • Legal compliance (legal obligation): tax, accounting, lawful requests.

4. Who we share data with

  • Paddle — Merchant of Record for sales, subscriptions, tax, and invoicing.
  • Hosting & infrastructure providers — to run the Service.
  • AI model providers — to generate responses and images from your prompts.
  • Analytics & support tooling — strictly to operate the product.
  • Professional advisers (legal, accounting) when needed.
  • Authorities where required by law.

We do not sell your personal data.

5. International transfers

Your data may be processed outside your country, including in the US. Where required (UK/EEA), transfers rely on Standard Contractual Clauses or equivalent safeguards.

6. Retention

We keep account and content data while your account is active. After deletion, content is removed within 30 days, except where retention is required for legal, tax, or fraud-prevention purposes. Aggregated/anonymized data may be kept indefinitely.

7. Your rights

Subject to your local law (including GDPR/UK GDPR where applicable), you have the right to access, rectify, erase, restrict, or port your data; to object to processing; to withdraw consent; and to lodge a complaint with your supervisory authority. We aim to respond within 30 days. Contact privacy@keru.ai or use the in-app data export and deletion tools in Settings → Privacy.

8. Security

We use appropriate technical and organisational measures including encryption in transit, access controls, and audit logging. No system is perfectly secure; please use a strong unique password.

9. Cookies

We use essential cookies for authentication and session management. We may use limited analytics cookies to understand product usage. You can manage cookies via your browser settings.

10. Changes

We will post updates to this notice here and, for material changes, notify you in-app or by email.