KriyaOS KriyaOS
Join waitlist
Privacy

Privacy Policy

Last updated April 6, 2026

This Privacy Policy explains how KriyaOS by Nextribes collects, uses, shares, and protects information across our website, platform, workspaces, and AI agent experiences.

Introduction

This Privacy Policy explains how KriyaOS, a product offered by Nextribes, collects, uses, discloses, stores, and protects information when users or site visitors visit our website, create or access a workspace, use our products and services, collaborate as team members, or interact with agents built and deployed through KriyaOS.

This policy applies to users, workspace owners, team members, users interacting with agents, and site visitors. Depending on the context, Nextribes may act as the controller of information we use for platform operations, account administration, security, support, analytics, and legal compliance. When users configure agents to process information on their behalf, Nextribes may also act as a processor or service provider, handling data according to the instructions of the relevant workspace.

Information We Collect

We collect information needed to provide and operate KriyaOS, support workspaces, secure the service, and improve the product.

Information provided by users and workspaces

  • Account and workspace information, such as names, business details, email addresses, billing contacts, role assignments, and workspace preferences.
  • Agent configuration data, including prompts, instructions, workflows, routing rules, tool selections, automation settings, and deployment preferences.
  • Knowledge sources and uploaded content, such as documents, FAQs, website content, notes, files, and other materials that users choose to connect or upload.
  • Credentials and secrets that users provide to enable integrations, authentication flows, or connected services.
  • Communications with us, including onboarding details, support requests, product feedback, and other correspondence.

Information generated during use of the service

  • Chat and interaction data, including messages, prompts, responses, conversation context, timestamps, and related metadata generated when users or users interacting with agents use the service.
  • AI and retrieval data, including model inputs and outputs, retrieved knowledge snippets, relevance signals, summaries, classifications, and other information produced as part of agent execution.
  • Operational records, such as job status, activity history, audit-style events, debugging context, error reports, and service performance data.

Automatically collected technical and usage data

  • Device, browser, network, and client-side information such as IP address, approximate location derived from IP, browser type, operating system, language settings, referring pages, and interaction events.
  • Product usage information such as page views, feature access, session patterns, configuration activity, and performance metrics.
  • Local device or browser signals such as cookies, local storage, and similar technologies used for authentication, security, preferences, and analytics where permitted.

Cookies and similar technologies

We use cookies and similar technologies to support essential functionality, such as authentication, security, and saved preferences. Essential cookies are always active because they are required for the core operation of KriyaOS.

We may also use analytics cookies to understand product usage and improve the service, but only where permitted. Analytics cookies are disabled by default and are used only if a user provides consent.

Users can accept, reject, or customize cookie preferences. They can also revisit and update those preferences later from the website footer or from cookie preferences in the KriyaOS settings area. Cookie preferences are respected across sessions unless the user changes them.

Users should avoid providing sensitive information unless it is necessary and lawful for their use case. If a user chooses to process sensitive information through KriyaOS, that user is responsible for ensuring they have a valid legal basis, appropriate notices, and any required consents for that processing.

How We Use Information

We use information for the following purposes:

  • To operate the platform, provide the service, authenticate users, and maintain workspace functionality.
  • To manage workspaces, team access, permissions, onboarding, and account administration.
  • To execute agents, process instructions, generate outputs, and support AI-assisted experiences requested by users.
  • To ingest, organize, index, retrieve, and present knowledge sources and uploaded content within user-configured workflows.
  • To analyze product usage, improve usability, measure adoption, and guide product development.
  • To protect the service, detect abuse, prevent unauthorized access, investigate incidents, and enforce our terms and policies.
  • To debug issues, monitor reliability, maintain operations, and improve service performance.
  • To administer subscriptions, billing, financial records, and related business operations.
  • To communicate with users about onboarding, support, service updates, product announcements, security notices, and administrative matters.

KriyaOS does not use customer data or data from users interacting with agents to train foundation AI models.

Legal bases for processing

Where applicable law requires a legal basis for processing, we generally rely on one or more of the following:

  • Performance of a contract, including providing KriyaOS, managing workspaces, and delivering requested features and support.
  • Legitimate interests, including securing the service, preventing fraud and misuse, improving the product, analyzing service performance, and operating our business responsibly.
  • Compliance with legal obligations, including recordkeeping, lawful disclosures, and responding to valid legal requests.
  • Consent, where consent is required or where a user chooses to provide information in a context that depends on consent.

How We Share Information

We do not sell personal data. We share information only as needed to operate KriyaOS, support authorized workspace activity, comply with the law, or protect our rights and users.

  • With service providers that support categories of functions such as cloud infrastructure, authentication, analytics, AI and model processing, search and indexing, communications, billing, and customer support. These providers process information on our behalf for limited business purposes and subject to contractual or technical restrictions.
  • Within a workspace, with workspace owners and authorized team members based on the permissions and collaboration settings established for that workspace.
  • When users interact with agents, with those users as part of the intended service experience, including AI-generated responses and knowledge-derived content configured by the relevant workspace.
  • Internally, with personnel and contractors who require access for operations, support, security, compliance, or debugging and who are subject to confidentiality obligations.
  • To comply with applicable law, regulation, legal process, or enforceable governmental request, or to establish, exercise, or defend legal claims.
  • In connection with a merger, financing, acquisition, reorganization, asset sale, or similar business transfer, subject to appropriate confidentiality and transition safeguards where feasible.
  • Across borders where international processing is necessary to provide KriyaOS, operate our business, or work with service providers, subject to appropriate contractual, organizational, or legal safeguards when required.

We do not share information for unrelated third-party advertising, do not disclose workspace content outside authorized and service-related contexts, and do not make customer data broadly available to other customers.

Data Retention and Security

We retain information only for as long as reasonably necessary for the purposes described in this policy, including providing the service, maintaining security, meeting contractual commitments, resolving disputes, and complying with legal obligations.

  • Session and interaction data may be retained for product functionality, service history, quality review, security analysis, and troubleshooting.
  • Agent and workspace data may be retained while an account remains active and for a reasonable period afterward to support continuity, recovery, compliance, and legitimate business needs.
  • Temporary and expiring data may be stored for shorter periods depending on the purpose, technical design, or operational requirements of the relevant feature.
  • Credentials and secrets are handled with heightened protection and are retained only as long as needed to maintain authorized integrations or related functionality.

We implement technical and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure. These measures include, as appropriate, encryption and secret protection, access controls and authentication safeguards, infrastructure and network security controls, workspace and data isolation measures, logging and monitoring, and controls intended to reduce unnecessary exposure of information.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. Users are responsible for maintaining the security of their credentials, carefully managing permissions, limiting the sensitive information they process, and promptly notifying us of suspected unauthorized access or security concerns.

Your Rights and Controls

KriyaOS provides practical controls that allow users and workspaces to manage information directly, subject to product design and account permissions.

  • Workspace and account controls, including profile details, team access, permissions, and certain administrative settings.
  • Agent and configuration controls, including prompts, workflows, knowledge sources, publishing settings, and connected behaviors chosen by the workspace.
  • Credential and security controls, including updating or revoking integrations, rotating secrets, managing sign-in methods, and limiting access.
  • Session and interaction controls, where available, including managing or removing conversation records, uploaded materials, and related content.
  • Preferences and local controls, such as browser settings, cookie controls, cookie preferences, and device-level privacy options.

Depending on where you live, you may have legal rights regarding personal information, including rights to request access, correction, deletion, portability, restriction, objection, or withdrawal of consent. Residents of the European Economic Area, the United Kingdom, and similar jurisdictions may have rights under data protection laws such as the GDPR. California residents may have rights under California privacy laws, including rights to know, access, delete, and correct certain personal information, subject to statutory exceptions.

These rights are not absolute and may be limited where we need to protect other users, preserve security, maintain legal records, complete transactions, or comply with applicable law. Where Nextribes processes information on behalf of a workspace through user-configured agents, the relevant workspace is generally responsible for handling requests relating to that data. We may direct a request to the appropriate workspace where necessary.

To exercise rights or request assistance, contact services@nextribes.com . If you believe your privacy concerns have not been addressed, you may also have the right to lodge a complaint with the data protection or consumer protection authority in your jurisdiction.

AI and Automated Processing

KriyaOS uses AI systems and automated processing to help users build, configure, operate, and improve agent-driven experiences. This may include interpreting prompts, generating text or other outputs, retrieving knowledge, classifying content, summarizing information, and supporting workflow decisions configured by users.

AI-generated outputs are probabilistic and may be inaccurate, incomplete, misleading, or unsuitable for a given purpose. Information used in AI processing may include user instructions, uploaded materials, knowledge sources, conversation history, and relevant interaction context needed to produce the requested output. KriyaOS does not use customer data or data from users interacting with agents to train foundation AI models.

Users are responsible for deciding how to use AI features, reviewing outputs before relying on them, assessing whether human oversight is necessary, and ensuring their use of AI complies with applicable law, contractual commitments, and internal policies. Third-party AI providers may process limited information as needed to generate outputs or support related functions, subject to service-provider controls and the operating requirements of the relevant feature.

Children’s Privacy

KriyaOS is not intended for children under 13, and we do not knowingly collect personal information directly from children under 13 for our own purposes. If we become aware that such information has been collected without appropriate authorization, we will take reasonable steps to delete it.

Individuals under 18 should use KriyaOS only with appropriate supervision and only where such use is permitted by applicable law and any relevant organizational policies.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, security practices, or business operations. When we do, we will post the revised version on this page and update the last updated date shown with the policy.

Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our privacy practices, contact us at services@nextribes.com .