Privacy Policy

Last updated: January 2026

1. Introduction

Kairo ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application and website.

Kairo is operated by Vladimir Bogicevic, Sterijina 13, 11271 Ledine, Belgrade, Serbia.

Contact: support@trykairo.io

2. Information We Collect

Information from Shopify

When you install Kairo, we access certain information from your Shopify store via Shopify's APIs. This includes:

  • Store Information: Store name, URL, owner name, email address, and currency settings
  • Product Information: Product titles, descriptions, prices, images, variants, and inventory levels
  • Order Information: Order IDs, totals, line items, and timestamps (used to process and track upsells)
  • Customer Information: Customer name, email, and shipping address associated with orders where upsells are displayed (used solely to fulfill upsell transactions)

Shopify API Scopes: Our app requests access to Shopify API scopes necessary to provide the Service, including read products, read orders, read customers, read locales (to support multiple store languages), and write orders (for processing accepted upsells). The specific scopes requested are shown to you by Shopify during installation. We access only the minimum data necessary to provide the Service.

Information You Provide

  • Account information when you contact support
  • Configuration settings for your upsell offers
  • Any information you provide through our contact forms or Discord (optional)

Automatically Collected Information

  • Usage data and analytics within the app (pages viewed, features used)
  • Performance metrics and error logs
  • Device and browser information

This information is used for security, troubleshooting, and improving the Service.

3. How We Use Your Information

We use store and customer data solely to provide and improve the upsell service. Specifically, we use collected information to:

  • Provide and maintain the Kairo service
  • Process and display upsell offers to your customers after checkout
  • Process accepted upsell orders
  • Calculate usage fees based on upsell revenue generated
  • Provide customer support
  • Improve and optimize our application
  • Communicate with you about service updates, new features, or important changes
  • Comply with legal obligations

We do not sell personal information or use it for unrelated purposes.

4. Data Sharing

We never sell or share your data with third parties for their marketing purposes. We may share information only with:

  • Service Providers: Third-party services that help us operate, including cloud hosting providers and error monitoring services. These providers are bound by privacy obligations and only access data necessary to perform their services. Examples of service providers we use may include: Railway (hosting), PostgreSQL database hosting, and error monitoring/logging providers.
  • Shopify: As required for app functionality, billing, and compliance with Shopify's platform requirements
  • Legal Requirements: When required by law, legal process, or to protect our rights, safety, or property

5. Data Processor Role

In providing our service, we act as a data processor on behalf of you (the merchant, who is the data controller) for any personal information of your customers that we handle. For merchant account and billing data, Kairo acts as an independent data controller. We only process customer data to fulfill the upsell services per your instructions and Shopify's platform configuration.

As a merchant, you are responsible for ensuring you have appropriate legal basis (such as customer consent or legitimate interest) for processing your customers' data through upsell offers. You should inform your customers about the use of post-purchase offers in your own privacy policy.

6. International Data Transfers

Kairo is operated from Serbia. If you are located outside Serbia, please be aware that your information may be transferred to, stored, and processed in Serbia or other countries where our servers or service providers are located (including the United States).

Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms to ensure your personal data remains protected in accordance with applicable data protection laws.

7. Data Security

We implement appropriate technical and organizational measures to protect your information, including encryption in transit (HTTPS), secure server infrastructure, and access controls. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security. If we become aware of a data breach affecting your personal data, we will notify you as required by applicable law.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide services. When you uninstall Kairo, we delete your store data and any associated customer data within 30 days, except where we are required to retain limited records for legal, tax, billing, or dispute resolution purposes. This may include invoices, billing records, and audit logs.

9. Your Rights

Depending on your location, you may have rights regarding your personal information:

For All Users

  • Access to your personal information
  • Correction of inaccurate data
  • Deletion of your data
  • Data portability (receive your data in a structured format)

For European Economic Area (EEA) Residents

Under GDPR, you have additional rights including:

  • Right to object to processing based on legitimate interests
  • Right to restrict processing
  • Right to withdraw consent (where processing is based on consent)
  • Right to lodge a complaint with a supervisory authority

Legal Basis for Processing (GDPR): We process personal data based on: (1) contract necessity to provide the service you requested; (2) legitimate interests in security, fraud prevention, and product improvement; and (3) legal obligations such as billing and tax requirements.

For California Residents

Under CCPA/CPRA, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Request deletion of your personal information
  • Opt out of the "sale" or "sharing" of personal information
  • Non-discrimination for exercising your privacy rights

We do not sell personal information. We will not discriminate against you for exercising any CCPA rights.

To exercise any of these rights, contact us at support@trykairo.io. We will respond to requests within the timeframe required by applicable law.

10. Cookies and Tracking

Our marketing website uses essential cookies to function properly. We may use analytics cookies to understand how visitors interact with our site. These analytics are anonymized and used solely to improve our website. You can control cookies through your browser settings.

The Kairo app itself operates within Shopify's checkout environment and does not set additional cookies on your customers' browsers.

11. Children's Privacy

Kairo is a business service intended for use by Shopify merchants. It is not directed to individuals under 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page, updating the "Last updated" date, and if appropriate, notifying you via email or in-app notification. Your continued use of Kairo after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: support@trykairo.io