Legal

Privacy Policy

Last updated: February 13, 2026

1. Who we are

Klaviffy, Inc ("Klaviffy", "we", "us", "our") is located at 5707 Southwest Pkwy, Austin, TX 78735, United States. For privacy requests, contact privacy@klaviffy.com.

Company number: Not provided. Data Protection Officer (DPO): Not designated. EU/UK Representative: Not designated (this policy will be updated if required).

2. Scope of this policy

This policy applies to both our public website and our SaaS platform. Our services are offered globally. We do not intentionally offer services to minors.

3. Our GDPR role: controller vs processor

For website activities (for example contact form submissions), Klaviffy acts as a data controller. For customer platform data (including learner profiles and training completion data), Klaviffy generally acts as a processor/subprocessor on behalf of customer organizations that are the controllers.

If your data is processed through your employer or customer organization account, that organization is primarily responsible for your privacy rights, and we support them under our contractual instructions.

4. Personal data we process

  • Contact form data: name, surname, email address, and message content.
  • Account/profile data: name, surname, email address, and training progress (completed and uncompleted training information).
  • Technical and usage data: IP address, device/browser details, logs, cookies, and analytics events.

5. Purposes and lawful bases

  • Responding to inquiries and sales requests: consent (Article 6(1)(a)).
  • Providing and operating the platform for customers: contract performance (Article 6(1)(b)) and, where applicable, acting under controller instructions as processor.
  • Security, fraud prevention, and compliance obligations: legal obligations (Article 6(1)(c)) and legitimate interests (Article 6(1)(f)) where applicable.
  • Analytics and product improvement: consent where required by local law and legitimate interests where permitted.

6. Cookies and analytics

We use cookies and similar technologies for platform functionality, security, and analytics. We use Google for analytics. Where required by law, we request consent before setting non-essential cookies. You can change cookie preferences via your browser controls and any cookie tools we provide.

7. Recipients and subprocessors

We share personal data only with service providers that support our operations and are bound by appropriate contractual safeguards. Current providers include:

  • Microsoft Azure (hosting infrastructure)
  • Microsoft (email and productivity services)
  • SAP (CRM)
  • Google (analytics)
  • Calendly (scheduling)
  • Asana (internal operations)

8. International data transfers

For EU/EEA and UK customer data, we aim to keep data in EU-based infrastructure. If cross-border transfers are required in the future, we will implement valid transfer safeguards (for example Standard Contractual Clauses) before transfer.

9. Data retention

  • Customer platform data: retained according to customer contracts and documented controller instructions.
  • Contact inquiries: retained for as long as needed to address the request and for reasonable follow-up/business record purposes.
  • Analytics and technical logs: retained according to security and operational requirements, then deleted or anonymized where feasible.

Where law requires longer retention, we retain data for that statutory period.

10. Security measures

We maintain technical and organizational security controls aligned with ISO 27001 and ISO 27002 principles, including access controls, encryption in transit and at rest, monitoring, and backup/recovery measures.

11. Your GDPR rights

Subject to legal conditions, you may request access, rectification, erasure, restriction, objection, data portability, and withdrawal of consent (where processing is based on consent).

To exercise rights, contact privacy@klaviffy.com. We may request identity verification before fulfilling requests. We aim to respond within one month, subject to lawful extensions.

12. Complaints

You may lodge a complaint with your local data protection authority in the EEA/UK. Lead supervisory authority: not designated.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material updates will be posted on this page with a revised "Last updated" date.

Contact Legal Team