legal

PRIVACY POLICY

AND CONSENT TO PERSONAL DATA PROCESSING

INCLUDING AI-BASED PROCESSING

Kyte Application

Effective Date: 01.01.2026
Last Updated: 01.01.2026

---

1. General Provisions

This Privacy Policy and Consent to Personal Data Processing (“Policy”) governs the collection, processing, storage, use, and protection of personal data of users of the Kyte application, website, APIs, and related services (the “Service”).

This Policy is developed in accordance with:

• the Law of the Republic of Kazakhstan “On Personal Data and Their Protection”,
• the Civil Code of the Republic of Kazakhstan,
• the Law “On Informatization”, and
• other applicable regulatory acts.

By registering an account, accessing, or using the Service, the user (“User”) provides free, informed, specific, and explicit consent to the processing of personal data under the terms of this Policy.

---

2. Operator of Personal Data

Operator: Kyte
Email: legal@kyte.me
Website: https://kyte.me

Kyte acts as the operator and organizer of personal data processing within the meaning of the legislation of the Republic of Kazakhstan.

---

3. Personal Data Subjects

This Policy applies to:

• Individuals using the Service
• Authorized representatives of legal entities
• Users interacting with Kyte via integrated platforms or APIs

---

4. Categories of Personal Data Processed

Kyte may process the following categories of personal data:

4.1 Data Provided by the User

• Full name or display name
• Email address
• Phone number (if provided)
• Username and profile information

4.2 Data Generated During Use of the Service

• Messages, reminders, tasks, events, and calendar data
• Files and attachments uploaded by the User
• Metadata (timestamps, interaction logs, delivery status)
• AI-generated outputs based on User input

4.3 Technical and Usage Data

• IP address
• Device type, operating system, application version
• Security logs, diagnostic, and error data

Kyte does not intentionally process special categories of personal data unless such data is voluntarily provided by the User.

---

5. Purposes of Personal Data Processing

Personal data is processed exclusively for the following purposes:

• User identification and authentication
• Provision, operation, and maintenance of the Service
• Execution of reminders, notifications, and collaboration functions
• AI-based automation, summaries, translations, and contextual assistance
• Ensuring information security and preventing abuse or fraud
• Providing technical support and user communication
• Compliance with legal obligations of the Operator

Personal data is not processed for purposes incompatible with those listed above.

---

6. Legal Grounds for Processing

Processing of personal data is carried out on the basis of:

• Consent of the personal data subject
• Performance of contractual obligations (Terms of Use)
• Compliance with statutory obligations
• Legitimate interests of Kyte, provided such interests do not override User rights and freedoms

---

7. Consent to Personal Data Processing

By accepting this Policy, the User explicitly consents to:

• Collection, recording, systematization, accumulation, storage, modification, use, transfer, anonymization, and deletion of personal data
• Automated and non-automated processing of personal data
• Processing of personal data within Kyte’s information systems
• Transfer of personal data to authorized service providers involved in Service operation
• Cross-border transfer of personal data where technically required

This consent is valid from the moment of acceptance and remains effective until withdrawn by the User in accordance with Section 14 of this Policy.

---

8. Storage, Security, and Confidentiality

Kyte implements necessary organizational and technical measures to protect personal data, including:

• Encryption of sensitive information and credentials
• Access control and role-based authorization
• Monitoring, logging, and incident response procedures
• Secure infrastructure and regular security updates

Personal data is stored only for the period necessary to achieve the purposes of processing or as required by the legislation of the Republic of Kazakhstan.

---

9. Cross-Border Transfer of Personal Data

Personal data may be transferred outside the Republic of Kazakhstan, including to cloud infrastructure or service providers, provided that such transfer ensures an adequate level of protection.

By accepting this Policy, the User provides explicit consent to such cross-border transfers.

---

10. Disclosure to Third Parties

Kyte may disclose personal data strictly in the following cases:

• To third-party service providers engaged for hosting, communications, analytics, or technical support
• Upon lawful request by authorized state bodies of the Republic of Kazakhstan
• With explicit consent of the User

Kyte does not sell, rent, or commercially distribute personal data.

---

11. AI-Based and Automated Data Processing

Kyte uses automated systems, including artificial intelligence (AI), machine learning models, and algorithmic processing tools, to provide and improve the Service.

AI-based processing may include:

• Automated analysis of messages, tasks, reminders, and files
• Generation of summaries, reminders, translations, notifications, and recommendations
• Classification, structuring, and prioritization of information
• AI-assisted interaction and workflow automation based on User input

AI-based processing is performed solely for Service functionality and improvement purposes.

---

12. Explicit Consent to AI-Based Processing

By accepting this Policy, the User provides separate, explicit, informed, and voluntary consent to the automated processing of personal data using artificial intelligence technologies.

The User acknowledges and agrees that:

• AI-generated outputs are informational and auxiliary in nature
• AI outputs do not constitute legal, medical, financial, or other professional advice
• AI processing does not produce legal consequences for the User without human involvement
• Responsibility for decisions made based on AI outputs remains with the User

The User has the right to withdraw consent to AI-based processing in accordance with Section 14, subject to technical limitations of the Service.

---

13. Rights of the Personal Data Subject

The User has the right to:

• Obtain information about personal data processing
• Access, update, and correct personal data
• Request deletion, anonymization, or restriction of processing
• Withdraw consent to personal data processing
• Protect their rights and lawful interests in accordance with the law

Requests may be submitted to: legal@kyte.me

---

14. Withdrawal of Consent and Data Deletion

The User may withdraw consent to personal data processing at any time by:

• Deleting the account via the Service interface, or
• Submitting a written request to Kyte

Upon withdrawal, personal data will be deleted or anonymized unless retention is required by law. Technical backups may be retained for a limited period.

---

15. Cookies and Tracking Technologies

Kyte may use cookies and similar technologies to:

• Ensure proper functioning of the Service
• Maintain user sessions
• Analyze Service performance

Users may manage cookie settings through their device or browser.

---

16. Children’s Data

The Service is not intended for persons under 18 years of age.
If Kyte becomes aware of processing such data, it will be deleted without delay.

---

17. Amendments to the Policy

Kyte may amend this Policy at any time. Updated versions enter into force upon publication within the Service. Continued use of the Service constitutes acceptance of the revised Policy.

---

18. Governing Law

This Policy is governed by the laws of the Republic of Kazakhstan.

---

19. Contact Information

Kyte
Email: legal@kyte.me
Website: https://kyte.me

---

20. Final Provisions

If any provision of this Policy is declared invalid, the remaining provisions shall remain in full force and effect.