Skip to main content
Back to Home

Privacy Policy

Effective: April 11, 2026·Kyrospect Technologies·privacy@kyrospect.com
Plain-language summary: We collect only what is necessary to operate the Kyrospect platform. Workspace data is protected with layered safeguards, access controls, and configurable retention. You and your employees retain rights over personal data at all times.

1. Who We Are

Kyrospect Technologies("Kyrospect", "we", "us", or "our") operates the Kyrospect workforce intelligence platform, accessible at kyrospect.com and via our desktop agent software. Our registered office is at Ahmedabad, Gujarat, India.

For the purposes of applicable data protection law (including GDPR and the Information Technology Act 2000), Kyrospect acts as a data controller for account and usage data, and a data processor for employee activity data processed on behalf of our business customers.

2. Data We Collect

2.1 Account and Business Data

  • Workspace owner: Name, business email, company name, billing details.
  • Manager accounts: Name, work email, role within the workspace.
  • Payment information: Processed by our PCI-DSS-compliant payment processor. We do not store raw card numbers.
  • Communications: Emails and support tickets you send to us.

2.2 Employee Activity Data (Processed as Processor)

When an employer deploys the Kyrospect desktop agent, the agent may capture the following — subject to workspace administrator policies:

  • Active application names and window titles
  • Website domains visited during tracked sessions
  • Keyboard activity (aggregate counts — not verbatim keystrokes)
  • Mouse activity metrics (movement and click aggregates)
  • Screenshots at configurable intervals, with Smart Privacy Blur applied on-device
  • Session start/end timestamps and idle periods

Smart Privacy Blur: When enabled, the desktop agent automatically redacts sensitive content (password fields, private messaging interfaces) at the point of capture on the employee device. Redacted content is never transmitted or stored.

2.3 Technical and Usage Data

  • IP addresses, browser type, operating system (web dashboard only)
  • Feature usage patterns and interaction events (for product improvement)
  • Error logs and crash reports (anonymised before processing)

2.4 Data We Do Not Collect

  • Verbatim keystrokes or typed content
  • Personal communications content (emails, messages)
  • Data from applications outside the monitored session window
  • Biometric data of any kind
  • Data from employee devices outside active tracking sessions

3. Legal Basis for Processing

  • Contract performance: Processing necessary to deliver the subscribed services.
  • Legitimate interests: Product improvement, fraud prevention, and platform security.
  • Legal obligation: Compliance with applicable laws, regulatory requests, or court orders.
  • Consent: Where relied upon (e.g. marketing), you may withdraw at any time.

For employee activity data, the employer is the data controller and is responsible for its own legal basis and employee notification. Kyrospect acts as processor under a Data Processing Agreement available upon request.

4. How We Store and Protect Your Data

4.1 Security Safeguards

  • Storage: Workspace data is protected with layered safeguards and access controls.
  • Transmission: Connections use secure transport protections appropriate for business software.
  • Capture: Privacy controls can reduce sensitive screen exposure before screenshots become review records.

4.2 Workspace Isolation

Each customer workspace is logically separated. Kyrospect staff access is restricted in normal operations. Support access requires explicit customer authorisation and is logged in full.

4.3 Infrastructure

We use industry-standard infrastructure with physical security controls, redundant storage, and regular security review. Deeper infrastructure details are available to qualified customers during procurement.

5. Data Retention

  • Activity data: Retained per administrator configuration (default: 90 days). Permanently deleted within 30 days of workspace closure or on request.
  • Account data: Retained for the subscription term plus 90 days, then deleted unless legally required.
  • Billing records: Retained 7 years as required by financial regulations.
  • Backups: Encrypted backups purged within the same retention window as primary data.

6. Data Sharing and Disclosure

We do not sell personal data. We do not share data for advertising purposes. Limited sharing occurs with:

  • Service providers: Infrastructure, payments, and analytics vendors operating under data processing agreements. Sub-processor list available on request.
  • Legal authorities: Where required by valid legal process. We notify affected customers where legally permitted.
  • Business transfers: In a merger or acquisition, subject to the acquirer maintaining equivalent data protections.

7. Your Rights

Depending on your jurisdiction, you (or employees whose data is processed) have the right to:

  • Access: Obtain a copy of your personal data.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of personal data (fulfilled within 30 days).
  • Restriction: Limit how we process your data.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: At any time, where processing is consent-based.

Kyrospect employees can view their own activity data at any time through the employee dashboard — transparency is built into the product, not just this policy.

8. International Data Transfers

Kyrospect is headquartered in India. Where data is transferred to other jurisdictions, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) for EEA transfers and equivalent mechanisms elsewhere. Customers requiring data residency in specific regions should contact us.

9. Cookies

  • Strictly necessary: Authentication sessions and security tokens. Cannot be disabled.
  • Analytics: Google Analytics 4 with IP anonymisation. You may opt out via browser settings.

The desktop agent does not use cookies.

10. Children's Privacy

Kyrospect is intended for adults in professional environments. We do not knowingly collect data from individuals under 16. If you believe a minor's data has been processed, contact privacy@kyrospect.com immediately.

11. Policy Changes

We will notify workspace administrators by email at least 30 days before material changes take effect. The current version is always at kyrospect.com/privacy.

12. Contact

Privacy Officer — privacy@kyrospect.com
Kyrospect Technologies, Ahmedabad, Gujarat, India
We respond within 72 hours and resolve within 30 days.
EU/EEA residents may also lodge a complaint with their local Data Protection Authority.

Terms of Service·Contact Us·Trust Center