Privacy Policy - Restor AI

Introduction

We at Restor AI (operated by Karma Staff, together with our affiliates, "Restor AI", "we", "our" or "us") respect your privacy and are strongly committed to keeping secure any information we obtain from you or about you. This Privacy Policy describes our practices with respect to Personal Data that we collect from or about you when you use our website, applications, and services (collectively, "Services").

This Privacy Policy does not apply to content that we process on behalf of customers of our business offerings, such as enterprise accounts. Our use of that data is governed by our customer agreements covering access to and use of those offerings.

                    Key Points:
                    We collect information you provide when creating an account and using our Services
We use your data to provide, improve, and secure our Services
We implement industry-standard security measures to protect your financial data
You have rights to access, correct, and delete your personal information
We do not sell your personal data to third parties

                

1. Personal Data We Collect

We collect personal data relating to you ("Personal Data") as follows:

Personal Data You Provide

We collect Personal Data if you create an account to use our Services or communicate with us:

Account Information: When you create an account with us, we collect:

Your name (first and last name)
Email address
Username
Company or business name
Phone number (optional)
Password (stored in encrypted form)
Payment information and billing address (for paid accounts)
Transaction history

User Content: We collect Personal Data that you provide in the input to our Services ("Content"), including:

Financial data files you upload (QuickBooks reports, Excel spreadsheets, CSV files, PDFs)
Questions and prompts you provide to our AI assistant
Dashboard names and customizations
Any other content you upload, create, or provide through our Services

Communication Information: If you communicate with us, we may collect:

Your name and contact information
The contents of messages you send to us via email, support tickets, or social media
Any attachments or files you include in your communications

Other Information You Provide: We collect other information that you may provide to us, such as:

Information when you participate in our surveys, events, or promotions
Information provided to verify your identity or age
Feedback, reviews, or testimonials

Personal Data We Receive from Your Use of the Services

When you visit, use, or interact with the Services, we automatically collect certain information ("Technical Information"):

Log Data: We collect information that your browser or device automatically sends, including:

Internet Protocol (IP) address
Browser type and version
Browser settings and language preferences
The date and time of your request
How you interact with our Services (pages visited, features used, etc.)
Referring website or page

Usage Data: We collect information about how you use our Services, such as:

Types of content you view or engage with
Features you use and actions you take
Dashboard activities and file uploads
AI conversations and queries
Time zone and country
Dates and times of access
User agent and version

Device Information: We collect information about the device you use to access our Services:

Device name and model
Operating system and version
Device identifiers (such as device ID or advertising ID)
Screen resolution and display settings
Mobile network information

Location Information: We may determine your general location based on:

IP address (for security purposes and to provide better service)
Precise location information from your device's GPS (only if you explicitly grant permission)

Cookies and Similar Technologies: We use cookies, web beacons, and similar technologies to:

Maintain your session and keep you logged in
Remember your preferences
Understand how you use our Services
Improve your experience
Protect against fraud and security threats

For more details, please see our Cookies and Tracking section below.

Information We Receive from Other Sources

We may receive information from:

Security partners: To protect against fraud, abuse, and other security threats to our Services
Payment processors: Information about your payment transactions
Marketing vendors: Information about potential customers of our business services
Third-party integrations: If you connect your account with third-party services (like QuickBooks)
Publicly available sources: Information that is publicly available on the internet for research and development purposes

2. How We Use Personal Data

We may use Personal Data for the following purposes:

To Provide and Maintain Our Services

Create and manage your account
Process and analyze your financial data
Generate AI-powered insights and recommendations
Respond to your questions and requests
Process payments and manage subscriptions
Provide customer support
Enable dashboard creation and management

To Improve and Develop Our Services

Conduct research and development
Train and improve our AI models to provide better financial insights
Develop new features and functionality
Understand how users interact with our Services
Analyze usage patterns and trends
Test and optimize our Services

To Communicate with You

Send you information about our Services
Notify you about changes to our Services or policies
Provide customer service and support
Send security alerts and important notices
Respond to your inquiries and requests
Send you marketing communications (with your consent where required)

To Ensure Security and Compliance

Prevent fraud, illegal activity, or misuses of our Services
Protect the security and integrity of our systems and Services
Detect and prevent security incidents
Comply with legal obligations
Enforce our Terms of Use and other policies
Protect the rights, privacy, safety, or property of our users, Restor AI, or third parties

Aggregated and De-identified Data

We may aggregate or de-identify Personal Data so that it no longer identifies you and use this information for:

Analyzing how our Services are being used
Improving and adding features to our Services
Conducting research
Industry benchmarking and insights

We will maintain and use de-identified information in de-identified form and not attempt to reidentify the information, unless required by law.

Training Our AI Models

We may use Content you provide us to improve our AI models and Services, for example to train the models that power our financial insights. You can opt out of this use through your account settings. Read our documentation on how to opt out of AI model training.

3. Disclosure of Personal Data

We may disclose your Personal Data in the following circumstances:

Vendors and Service Providers

To assist us in meeting business operations needs and to perform certain services and functions, we may disclose Personal Data to vendors and service providers, including:

Cloud hosting providers (for data storage and processing)
Customer service and support tools
Email communication software
Payment and transaction processors
Web analytics services
Security and fraud prevention services
Content delivery networks
Other information technology providers

Pursuant to our instructions, these parties will access, process, or store Personal Data only in the course of performing their duties to us and under strict confidentiality obligations.

Business Transfers

If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively, a "Transaction"), your Personal Data may be:

Disclosed in the diligence process with counterparties and others assisting with the Transaction
Transferred to a successor or affiliate as part of that Transaction along with other assets

Government Authorities or Other Third Parties

We may share your Personal Data, including information about your interaction with our Services, with government authorities, industry peers, or other third parties:

If required to do so to comply with a legal obligation
In the good faith belief that such action is necessary to comply with a legal obligation
To protect and defend our rights or property
If we determine, in our sole discretion, that there is a violation of our terms, policies, or the law
To detect or prevent fraud or other illegal activity
To protect the safety, security, and integrity of our products, employees, users, or the public
To protect against legal liability

Affiliates

We may disclose Personal Data to our affiliates, meaning an entity that controls, is controlled by, or is under common control with Restor AI or Karma Staff. Our affiliates may use this Personal Data in a manner consistent with this Privacy Policy.

Business Account Administrators

When you join an enterprise or business account, the administrators of that account may:

Access and control your Restor AI account
Access your Content and usage data
Restrict or remove your access to the account

If you create an account using an email address belonging to your employer or another organization, we may share that you have an account and certain account information with your employer or organization to enable you to be added to their business account.

Other Users and Third Parties You Interact With

Certain features allow you to interact or share information with other users or third parties:

Sharing dashboards or reports with team members
Exporting data to third-party applications
Connecting with third-party integrations

Information you share with third parties is governed by their own terms and privacy policies, and you should review those before sharing information with them.

We do not sell your Personal Data to third parties.

4. Data Retention

We'll retain your Personal Data for only as long as we need in order to provide our Services to you, or for other legitimate business purposes such as:

Resolving disputes
Safety and security reasons
Complying with our legal obligations
Enforcing our agreements

How long we retain Personal Data will depend on a number of factors, such as:

Our purpose for processing the data (such as whether we need to retain the data to provide our Services)
The amount, nature, and sensitivity of the information
The potential risk of harm from unauthorized use or disclosure
Any legal requirements that we are subject to

Your Data Controls: You have control over your data retention through your account settings:

You can delete individual dashboards, conversations, or files at any time
You can request deletion of your entire account
Deleted data is typically removed from our active systems within 30 days
Some data may be retained in backup systems for up to 90 days for disaster recovery purposes

Automatic Deletion: Certain content may be automatically deleted after a specified period:

Temporary sessions and cache data
Inactive accounts (after 1 year of inactivity for free accounts)
Log data (typically retained for 12 months)

5. Your Rights

Depending on where you live, you may have certain statutory rights in relation to your Personal Data:

Right to Access

You have the right to access your Personal Data and information relating to how it is processed. You can access most of your Personal Data by logging into your account. For additional information, you can contact us.

Right to Delete

You have the right to request deletion of your Personal Data from our records. You can delete certain data through your account settings, or contact us to request full account deletion.

Right to Correct

You have the right to update or correct your Personal Data. You can update most of your information through your account settings.

Right to Data Portability

You have the right to transfer your Personal Data to a third party. You can export your data through your account settings.

Right to Restrict Processing

You have the right to request that we restrict how we process your Personal Data in certain circumstances.

Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time.

Right to Object

You have the right to object to how we process your Personal Data in certain circumstances, including for marketing purposes.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

How to Exercise Your Rights

You can exercise these rights through:

Your account settings for most data management tasks
Emailing us at contact@karmastaff.com with specific requests
Using our data subject request form (if available)

Verification: To protect your privacy, we may need to verify your identity before fulfilling your request. We may ask you to provide additional information for verification purposes.

A Note About AI Accuracy: Services like our AI assistant generate responses by predicting words most likely to appear next. In some cases, these predictions may not be factually accurate. For this reason, you should not rely on the factual accuracy of output from our AI models. If you notice that AI output contains factually inaccurate information about you and you would like to request a correction or removal, please contact us at contact@karmastaff.com, and we will consider your request based on applicable law and the technical capabilities of our models.

6. Children

Our Services are not directed to, or intended for, children under 18. We do not knowingly collect Personal Data from children under 18.

If you have reason to believe that a child under 18 has provided Personal Data to Restor AI through the Services, please email us at contact@karmastaff.com. We will investigate any notification and, if appropriate, delete the Personal Data from our systems.

Users under 18 must have permission from their parent or guardian to use our Services.

7. Security

We implement commercially reasonable technical, administrative, and organizational measures designed to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.

Our Security Measures Include:

Encryption: We encrypt data in transit using TLS/SSL and at rest using industry-standard encryption
Access Controls: Strict access controls limit who can access your Personal Data
Authentication: Secure password requirements and optional two-factor authentication
Monitoring: Continuous monitoring for security threats and suspicious activity
Regular Security Assessments: Periodic security audits and vulnerability testing
Employee Training: Security awareness training for all personnel
Incident Response: Established procedures for responding to security incidents

Your Role in Security

While we implement strong security measures, you also play an important role in protecting your account:

Use a strong, unique password
Enable two-factor authentication when available
Keep your login credentials confidential
Log out when using shared devices
Report suspicious activity immediately
Keep your contact information up to date

Limitations

However, no Internet or email transmission is ever fully secure or error free. Therefore, you should take special care in deciding what information you send to us via the Services or email. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Services, or third-party websites.

Security Incidents: If we discover a security incident that affects your Personal Data, we will notify you as required by applicable law and take appropriate remedial measures.

8. Additional U.S. State Disclosures

Some U.S. state privacy laws require specific disclosures. The following information applies to residents of California, Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws.

Categories of Personal Data

The following table provides information about the categories of Personal Data we collect and how we use and disclose that information:

Category of Personal Data	Use of Personal Data	Disclosure of Personal Data
Identifiers Name, email, IP address, device identifiers, username	Provide, analyze, and maintain Services Improve and develop Services Communicate with you Prevent fraud and ensure security	Service providers and vendors Government authorities (when required) Business account administrators Parties involved in business transactions
Commercial Information Transaction history, payment information, subscription details	Process payments Manage subscriptions Provide customer support	Payment processors Service providers Government authorities (when required)
Internet/Network Activity Content you upload, interactions with Services, usage data	Provide Services and generate insights Improve AI models Analyze usage patterns	Service providers Business account administrators Analytics providers
Geolocation Data General location from IP address, precise location (if granted)	Security purposes Improve Services Comply with legal requirements	Service providers Security partners
Professional Information Company name, business information	Provide business-specific features Customer support Account management	Service providers Business account administrators

Your Privacy Rights

Depending on where you live and subject to applicable exceptions, you may have the following privacy rights:

Right to Know: Information about our processing of your Personal Data, including the right to access your Personal Data
Right to Delete: Request deletion of your Personal Data
Right to Correct: Request correction of inaccurate Personal Data
Right to Non-Discrimination: Be free from discrimination relating to the exercise of any of your privacy rights
Right to Opt-Out: Opt out of certain processing activities (see below)

Important Disclosures

We do not sell Personal Data
We do not share Personal Data for cross-contextual behavioral advertising
We do not process Personal Data for "targeted advertising" purposes (as defined under state privacy laws)
We do not process sensitive Personal Data for the purposes of inferring characteristics about a consumer

Exercising Your Rights

You can exercise privacy rights by:

Submitting a request through your account settings
Emailing us at contact@karmastaff.com
Using our data subject request form (if available)

Verification: To protect your Personal Data from unauthorized access, we may require you to verify your credentials before fulfilling a request. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Data for verification.

Authorized Agents: You may submit a rights request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity with us.

Appeals: Depending on where you live, you may have the right to appeal a decision we make relating to requests to exercise your rights. To appeal a decision, please email us at contact@karmastaff.com with "Privacy Rights Appeal" in the subject line.

Response Timeline: We will respond to your request within the timeframe required by applicable law, typically within 45 days.

9. International Data Transfers

Restor AI processes your Personal Data on servers located in various jurisdictions, including the United States. While data protection laws vary by country, we apply the protections described in this Privacy Policy to your Personal Data regardless of where it is processed.

Legal Bases for International Transfers

When we transfer Personal Data from the European Economic Area (EEA), United Kingdom, or Switzerland to other countries, we do so using legally valid transfer mechanisms, including:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions by the European Commission
Your explicit consent
Other transfer mechanisms permitted by applicable law

Data Protection Standards

Regardless of where your data is processed, we:

Apply the same privacy and security standards globally
Ensure service providers comply with appropriate data protection obligations
Implement technical and organizational measures to protect your data
Honor your privacy rights as described in this Privacy Policy

If you have questions about international data transfers, please contact us at contact@karmastaff.com.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to provide, protect, and improve our Services.

What Are Cookies?

Cookies are small text files that are stored on your device when you visit a website. They help websites remember information about your visit, making it easier to use and more useful to you.

Types of Cookies We Use

Essential Cookies (Strictly Necessary)

Purpose: Enable core functionality like account login, session management, and security
Can you opt out? No, these are required for the Services to function
Examples: Authentication cookies, security cookies, load balancing cookies

Functional Cookies

Purpose: Remember your preferences and settings
Can you opt out? Yes, but some features may not work as expected
Examples: Language preferences, dashboard settings, display preferences

Analytics Cookies

Purpose: Help us understand how you use our Services
Can you opt out? Yes, through your account settings or browser settings
Examples: Usage statistics, feature engagement, error tracking

Marketing Cookies

Purpose: Track your visits across websites to show you relevant ads
Can you opt out? Yes, through your account settings or browser settings
Examples: Advertising cookies, social media cookies

Other Tracking Technologies

In addition to cookies, we may use:

Web Beacons (Pixels): Small graphics embedded in web pages or emails to track user activity
Local Storage: Browser storage that allows websites to store data locally on your device
SDKs: Software development kits in mobile applications for analytics and functionality

Managing Cookies

You can control cookies through:

Your Account Settings: Manage cookie preferences through your Restor AI account
Browser Settings: Most browsers allow you to refuse or delete cookies
Opt-Out Tools: Use industry opt-out tools like the Network Advertising Initiative (NAI) opt-out page

Note: Disabling certain cookies may impact your ability to use some features of our Services.

Do Not Track Signals

Some browsers have a "Do Not Track" feature that signals to websites that you do not want to be tracked. We do not currently respond to Do Not Track signals, but we respect your privacy choices and provide other ways to control tracking through your account settings.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make changes to this Privacy Policy:

We will update the "Effective Date" at the top of this page
We will publish the updated Privacy Policy on this page
For material changes that significantly affect your rights, we will notify you via:
- Email to the address associated with your account
- Prominent notice in our Services
- Other appropriate communication channels

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Your continued use of our Services after any changes to this Privacy Policy indicates your acceptance of the updated Privacy Policy. If you do not agree with any changes, you should stop using our Services and contact us to close your account.

Previous Versions

You can request access to previous versions of this Privacy Policy by contacting us at contact@karmastaff.com.

12. How to Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us:

General Inquiries

Email: contact@karmastaff.com
Subject Line: "Privacy Inquiry" for faster routing

Data Subject Requests

To exercise your privacy rights (access, deletion, correction, etc.):

Email: contact@karmastaff.com
Subject Line: "Privacy Rights Request"
Include: Your name, email address, and specific request

Data Protection Officer

For privacy-specific inquiries, you can contact our data protection team:

Email: contact@karmastaff.com
Subject Line: "Attn: Data Protection Officer"

Mailing Address

Karma Staff / Restor AI
[Your Business Address]
[City, State, ZIP Code]
United States

Response Time

We aim to respond to all inquiries within 10 business days. For data subject requests, we will respond within the timeframe required by applicable law (typically 30-45 days).

Complaints to Regulators

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority or supervisory authority.