Kairo Notes
  • Copilot
  • Debrief
  • Privacy
  • Compare
  • FAQ
  • Download
Contents
  • Overview
  • 1. Who This Policy Applies To
  • 2. Data Kairo Stores Locally
  • 3. Data Kairo Collects
  • 3a. Accounts, Billing, and Usage
  • 4. Third-Party AI Providers
  • 4a. Live AI Chat
  • 5. Calendar Integration
  • 6. Export Integrations
  • 7. Data Kairo Does Not Collect
  • 8. Children's Privacy
  • 9. Security
  • 10. Your Choices and Controls
  • 11. GDPR and International Users
  • 12. California Privacy Rights
  • 13. Data Breach Notification
  • 14. Changes to This Policy
  • 15. Contact
Overview 1. Who This Policy Applies To 2. Data Kairo Stores Locally 3. Data Kairo Collects 3a. Accounts, Billing, and Usage 4. Third-Party AI Providers 4a. Live AI Chat 5. Calendar Integration 6. Export Integrations 7. Data Kairo Does Not Collect 8. Children's Privacy 9. Security 10. Your Choices and Controls 11. GDPR and International Users 12. California Privacy Rights 13. Data Breach Notification 14. Changes to This Policy 15. Contact

Privacy Policy

Last Updated: July 13, 2026
Effective Date: July 13, 2026

Overview

Kairo is built on a privacy-first architecture. This Privacy Policy explains what data Kairo collects, what data stays on your device, and what — if anything — leaves your machine.

The short version:

  • Your audio is never transmitted to Kairo's servers. It is processed locally on your Mac.
  • Your transcripts are stored locally in Kairo's private app storage or the folder you choose. Kairo does not sync them to Kairo-controlled servers, although feature-specific text can be transmitted for AI processing as described below.
  • When you use your own hosted AI provider, feature-specific prompt text goes directly to that provider. When you choose Kairo Cloud, the text passes through Kairo's inference gateway to the selected upstream AI provider.
  • Kairo accounts, subscriptions, and allowance records use content-free data. They do not contain audio, transcripts, prompts, responses, calendar data, or vault excerpts.
  • Direct Google Calendar access is read-only. OAuth tokens stay in macOS Keychain, and fetched Calendar API responses are not sent to Kairo-controlled servers.
  • Kairo does not sell your data. Ever.

1. Who This Policy Applies To

This Privacy Policy applies to users of the Kairo macOS application and related services (collectively, the "Services") operated by Kairo Notes LLC, an Oklahoma limited liability company doing business as Kairo Notes ("Kairo," "we," "our," or "us"). Kairo Notes LLC is the business responsible for the personal data described in this Policy. By using the Services, you agree to the practices described in this Policy.

2. Data Kairo Stores Locally

The following data is stored locally by the App and is not synced to Kairo-controlled servers. A user-selected AI, Kairo Cloud, sync, or export destination may receive the specific data described in this policy.

Audio Processing: All audio captured by the App — whether from your microphone or system audio — is processed locally using Apple's on-device Speech framework. Audio is never transmitted to Kairo or any third party by the App itself.

Audio Recordings: Audio recording is optional and off by default. When enabled, the App writes CAF files to the audio directory you selected or to a temporary local directory. Call mode may write separate microphone and remote-side files. Deleting a meeting note does not automatically delete these audio files; delete them separately from their storage location.

Transcripts: Until you choose a meetings folder, transcripts are stored in Kairo's private Application Support directory on your Mac. If you later choose a folder, Kairo stages and copies the app-managed files before switching storage and will not overwrite a same-named file. Kairo does not upload or sync transcripts to Kairo-controlled servers. If you select a folder managed by iCloud, Dropbox, or another sync provider, that provider may sync its contents under its own terms.

Commitments and Open Loops: Commitments you explicitly save are stored as a private local document in Kairo's Application Support directory with a local backup for write recovery. Records can include the original detected wording, your edited task, owner, relationship link, source meeting, status, and due date. Open records remain until you complete, dismiss, or delete them. Completed and dismissed records are automatically hard-deleted from the primary and backup after 90 days during normal maintenance. You can export commitments as Markdown or JSON, delete one permanently, or use Delete All Commitments.

Crash Recovery: During an active meeting, Kairo stores a local recovery snapshot in app preferences about every 15 seconds. The snapshot can contain the transcript, suggestions, Live Chat questions and answers, meeting metadata, and debrief state. It is not uploaded to Kairo.

Meeting summaries and AI suggestions: Content generated by AI is produced by the AI destination you have configured (see Section 4). The output is displayed in the App and stored locally. When Kairo Cloud is selected, the response passes through the gateway in memory, but Kairo does not maintain a server-side copy after the request completes.

API keys and OAuth tokens: Your AI provider API keys and direct Google Calendar access and refresh tokens are stored in your macOS Keychain. They are not transmitted to Kairo-controlled servers. Kairo Cloud provider credentials remain on the gateway and are never included in the App.

Meeting metadata: Meeting titles, dates, templates, and settings are stored locally in the App's local storage on your device.

3. Data Kairo Collects

Kairo v0.3 sent no product analytics or crash reports to Kairo. Kairo v0.4 can send bounded, content-free account, entitlement, trial, and usage events needed to operate subscriptions and Kairo Cloud. These events never contain meeting titles, transcript text, attendee data, file paths, prompts, responses, vault excerpts, credentials, or calendar data. Local crash recovery is described in Section 2 and is not telemetry.

a. Website Analytics (Website Only)
Our marketing website may use standard web analytics tools to collect anonymized usage data, including page views and referral sources. This data does not identify individual users and is not linked to your use of the App.

b. Update Checks
At most once per day while Kairo is active, the App may request a small version manifest from kaironotes.com to determine whether an update is available. The request does not include meeting content, calendar data, API keys, OAuth tokens, or a Kairo user identifier. As with an ordinary website request, hosting providers may process standard connection metadata such as your IP address, request time, and user agent in server logs. Manual update checks use the same endpoint.

c. Contact and Support Communications
If you contact us for support or by email, we retain your contact information and the contents of your message in order to respond to you.

3a. Accounts, Billing, and Usage

Account and authentication: When you create a Kairo account, we process your email address, an internal account identifier, sign-in and security records, plan and entitlement state, trial start and completion counters, a privacy-preserving installation identifier, and account creation or deletion timestamps. Supabase provides account authentication and the related account database services.

Transactional sign-in email: Resend delivers passwordless sign-in messages. It processes the recipient email address, the authentication message, and delivery metadata such as message identifiers, timestamps, delivery status, bounces, complaints, and security signals. It does not receive meeting audio, transcripts, prompts, responses, vault content, or calendar data. Kairo-controlled authentication and audit records follow the retention and deletion schedule below. Resend may retain delivery or security records under its own privacy policy and legal obligations.

Service hosting: Cloudflare provides the Workers and D1 infrastructure used to authenticate service requests, enforce entitlements and allowances, maintain content-free operational records, and route Kairo Cloud requests. Cloudflare may also process ordinary connection and security metadata needed to deliver and protect the service.

Payments: Stripe processes checkout, recurring billing, automatic tax calculations in supported markets, payment methods, invoices, refunds, disputes, and the customer billing portal. Kairo receives Stripe customer and subscription identifiers, product and price identifiers, payment and subscription status, billing period dates, and transaction outcomes. Kairo does not receive or store your full card number or card security code.

Content-free usage: To enforce trial and Kairo Cloud limits, Kairo records completed-meeting counts, allowance reservations, token or cost units, model catalog identifiers, request status, timestamps, idempotency keys, and aggregate remaining allowance. These records do not include meeting content or AI output.

Retention and deletion: Content-free operational events are retained for 30 days. Detailed usage and allowance-reservation records are retained for 90 days. Webhook deduplication records and subscription snapshots are retained for 13 months. Account, authentication, and device records remain while the account is active. A confirmed account deletion immediately cancels every Stripe subscription and future renewal, immediately ends Kairo service and paid-feature access, and deletes or de-identifies Kairo-controlled identity, entitlement, device, authentication, and usage records within 30 days, subject to provider backups that can take up to 30 days to age out. Deletion does not create an automatic refund or prorated credit for unused paid time except where applicable law requires one. Resend may retain sign-in email delivery or security records under its own privacy policy and legal obligations. Stripe or other financial processors may retain statutory tax, accounting, transaction, refund, and dispute records for up to seven years when required by law. You may request account deletion from within the App or by emailing [email protected]. Deleting your Kairo account never deletes meeting files, recordings, exports, or other local data stored on your Mac, and deleting local meeting files does not cancel or delete your Kairo account.

⚠︎

4. Third-Party AI Providers — Important Notice

Most Important Section — Read Carefully

Kairo supports multiple AI destinations. When you configure your own hosted provider, feature-specific prompt text is transmitted directly from your device to that provider using your own API credentials. When you choose Kairo Cloud, the same category of feature-specific text passes through Kairo's inference gateway to the selected upstream AI provider. Depending on the feature, that text can include transcript excerpts or the full transcript, Live Chat questions, user-entered persona or focus text, meeting goals, previously shown suggestions, summaries and debrief results, and matching titles or excerpts from the vault you selected. Audio is not included.

For Kairo Cloud, the gateway authorizes the request, reserves allowance, forwards only the content required for the feature, returns the result, and reconciles content-free usage. Prompt and response bodies are held in memory only for the request and are discarded when it completes. Gateway, proxy, application monitoring, and tracing are configured not to log those bodies. Kairo Cloud currently routes inference through OpenRouter, which forwards the request to the selected upstream model provider. OpenRouter and that upstream provider may process or retain content under their own terms and privacy controls.

The following hosted providers may receive feature-specific text if you choose them directly or if Kairo Cloud identifies one as the selected upstream provider:

Provider Privacy Policy
Anthropic https://www.anthropic.com/privacy
OpenAI https://openai.com/policies/privacy-policy
Google (Gemini) https://policies.google.com/privacy
xAI (Grok) https://x.ai/legal/privacy-policy
OpenRouter https://openrouter.ai/privacy

If you require local AI processing, use Ollama with its Base URL pointing to a service on your local Mac. A remote Ollama Base URL transmits prompts to that remote endpoint.

You are responsible for reviewing and complying with the terms of service and privacy policies of any AI provider you choose to use.

⚠︎

4a. Live AI Chat — Additional Data Flow Disclosure

The App includes an optional Live AI Chat feature that allows you to ask questions to your AI provider during a live meeting. This feature is off by default and requires an affirmative acknowledgment for the configured AI destination. Changing the hosted provider or local or remote Ollama destination requires a new acknowledgment before another request can be sent.

When Live Chat is active, the following data is transmitted to your configured AI provider each time you send a message:

  • Your typed question or prompt
  • The current meeting transcript up to that point in the session (for context-aware answers)

This data flow is governed by the same destination disclosures above. The specific behavior by provider type is:

Provider Type Examples Data Leaves Device?
Cloud API Anthropic, OpenAI, Google, xAI, OpenRouter Yes — to that provider’s servers
Kairo Cloud Kairo gateway and selected upstream AI provider Yes, through Kairo's gateway to the selected provider
Local endpoint Ollama on this Mac No — all processing on-device
Remote endpoint Ollama with a remote Base URL Yes — to that configured endpoint

Live Chat questions and answers remain in the local meeting session. They can enter local crash recovery and are included in Markdown or plain-text exports you explicitly create. When Kairo Cloud is the destination, the gateway processes them transiently as described in Section 4 but does not keep a server-side copy after the request completes.

The in-app Copilot panel identifies hosted providers, local Ollama endpoints, and remote Ollama endpoints.

5. Calendar Integration

Current public-release availability: Direct Google Calendar connection is temporarily unavailable in the public release while Google verification is pending. The public release does not use stored direct Google credentials or make direct Google Calendar API requests. Calendars already available through macOS Calendar remain available through EventKit, including Google accounts added in System Settings. The direct Google disclosures below apply when that connection is available in a future release or a development test build.

Calendar integration is optional. Kairo supports two independent sources: a direct read-only Google Calendar connection and calendars already available through Apple's EventKit framework. You choose which sources and calendars to enable. EventKit can include Google, iCloud, Exchange, or other accounts you have added to macOS Calendar. Direct Google access does not require adding the account to macOS Calendar.

Direct Google authorization: When you choose Connect Google Calendar, Kairo opens Google's consent page in your system browser and requests only calendar.calendarlist.readonly and calendar.events.readonly. Kairo uses Google's Desktop OAuth flow with PKCE. This Kairo Desktop client requires its generated credential during token exchange; like other installed-app credentials, it is included in the distributed app and is not treated as confidential. Google access and refresh tokens are stored in macOS Keychain. Kairo uses them only to perform read-only Calendar API requests from your Mac.

Google data accessed: For calendar selection, Kairo requests calendar identifiers, titles or title overrides, display colors, primary status, and time zones. For upcoming events, Kairo requests titles, status, transparency, event type, start and end dates or times and time zones, and attendee display names, self status, and response status. It does not request event descriptions, locations, conference details, attendee email addresses, or attachments. Kairo uses status and response fields to exclude cancelled, transparent, unsupported, invalid, self, and declined entries. It reduces each usable event to its title, start, end, and attendee display names for display and meeting setup.

Use and local retention: Kairo uses calendar data to list calendars, display upcoming meetings, pre-fill a local meeting title and attendee labels, schedule reminders, and show the scheduled end time. When calendar integration is enabled, Kairo may automatically match the next upcoming event for those meeting-setup features without requiring a separate per-event confirmation. Fetched Google response payloads remain in memory and are not saved as raw responses. Selected Google calendar identifiers can remain in app preferences so your selection persists. A matched event's title, time, and attendee labels can be retained in local meeting metadata, active crash recovery, and the meeting notes you save.

Revocation and deletion: Disconnecting Google Calendar asks Google to revoke the grant when the network is available and removes Kairo's local token even if remote revocation fails. You can also revoke Kairo from your Google Account's connected-app settings. Clearing calendar selections and deleting local meeting or recovery data removes the other local calendar-derived records described above.

AI-provider flow: Kairo does not send a raw Google Calendar API response to Kairo-controlled servers or directly to an AI provider. When calendar integration is enabled, an automatically matched upcoming event's title, time, or attendee labels can become local meeting context or transcript speaker labels. When you then choose a hosted AI feature, those derived values can be included in prompt or transcript text sent from your Mac to the selected AI destination, solely to provide that visible feature. A customer-funded provider receives it directly. Kairo Cloud receives and forwards it as described in Section 4.

Kairo's use of information received from Google Workspace APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Kairo does not sell Google Calendar data; use it for advertising, retargeting, credit-worthiness, or lending decisions; or use it to create, train, or improve a generalized machine-learning or AI model.

6. Export Integrations

If you use the App's export features, the following applies:

Notion: If you export meeting notes to Notion, content is transmitted to Notion's API using your Notion account credentials. This transmission is subject to Notion's Privacy Policy.

Linear: If you export action items to Linear, content is transmitted to Linear's API using your Linear account credentials. This transmission is subject to Linear's Privacy Policy.

Kairo does not retain copies of exported content beyond your local transcript storage.

Audio Export: Any export of raw audio recordings is performed at your explicit direction. Exported audio files are subject to the policies of the destination service or application you choose to use.

7. Data Kairo Does Not Collect

To be explicit, Kairo does not:

  • Upload audio to Kairo-controlled servers. Optional audio is written to its configured or temporary storage location; a sync or export service you choose may receive it.
  • Store your transcripts on Kairo-controlled servers
  • Store Kairo Cloud prompt or response bodies after a request completes
  • Sell, rent, or broker your personal data to any third party
  • Use your meeting content to train AI models
  • Sell Google Calendar data, use it to serve advertising or make lending decisions, or use it to train or improve a generalized machine-learning or AI model
  • Track your behavior within the App for advertising purposes
  • Collect your location data
  • Access Contacts or Photos. File access is limited to Kairo's app data, temporary audio, and files or folders you explicitly select.

8. Children's Privacy

The App is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, please contact us and we will delete it.

9. Security

Kairo implements the following security measures:

  • Keychain storage for all API keys, direct Google access tokens, and direct Google refresh tokens
  • Hardened Runtime enabled to resist code injection and unauthorized access
  • Security-scoped bookmarks for user-selected folder access
  • Notarization by Apple's notary service
  • Fail-closed authorization so hosted AI requests require current entitlement, destination consent, and, for Kairo Cloud, an allowance reservation before content is transmitted

Because transcripts and meeting content are stored locally on your device, your device's own security practices — including disk encryption (FileVault), lock screen, and access controls — are your primary protection for meeting content.

10. Your Choices and Controls

AI provider: You control which AI endpoint receives prompt text. Use Ollama with a local Base URL to keep AI processing on this Mac. If you select Kairo Cloud, the App identifies that destination before sending and the gateway routes the text to the selected upstream provider.

Account and subscription: You can review your plan and allowance in the App, manage payment details or cancel renewal through Stripe's customer portal, and request account deletion. Portal cancellation stops future renewal at the end of the current paid period but does not delete your account or local data. Account deletion is a separate confirmed action that immediately cancels every Stripe subscription and future renewal, immediately ends Kairo service and paid access, and deletes hosted account data under Section 3a. It does not automatically refund unused paid time except where law requires and never deletes local meeting files.

Calendar: You control whether Kairo uses direct Google Calendar, macOS Calendar through EventKit, both sources, or neither. You can select individual calendars and disconnect direct Google access at any time.

Vault location: You control where your transcript vault is stored on your Mac.

Export: Exports to third-party services are always initiated explicitly by you. Nothing is exported automatically.

Data deletion: Delete meeting Markdown from your selected vault, delete separately stored audio from its configured or temporary directory, remove any remaining local recovery state and preferences, disconnect Google Calendar to revoke and delete its local OAuth token, and delete other saved credentials from Keychain as needed. Uninstalling the App alone does not automatically remove these items or cancel a subscription. Kairo has no persistent server-side copy of meeting content to delete.

11. GDPR and International Users

If you are located in the European Economic Area, United Kingdom, or Switzerland, the following applies:

The legal basis for processing personal data you send through support communications is our legitimate interest in providing support and improving the App.

You have the following rights with respect to any personal data we hold:

  • Right to access the personal data we hold about you
  • Right to rectification of inaccurate personal data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

To exercise these rights, contact us at [email protected]. Note that because the App stores your meeting data locally on your device, most of your data is within your own control and can be deleted directly without contacting us.

12. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of personal information we hold about you
  • Opt out of the sale of personal information (Kairo does not sell personal information)
  • Non-discrimination for exercising your privacy rights

To make a request, contact us at [email protected].

13. Data Breach Notification

In the unlikely event of a security breach affecting the limited personal data Kairo holds, such as support communications, we will:

  • Assess the scope and nature of the breach promptly
  • Notify affected users and relevant regulatory authorities as required by applicable law, including within 72 hours of becoming aware of a qualifying breach under GDPR
  • Take reasonable steps to mitigate harm and prevent recurrence

Kairo does not keep persistent server-side copies of your audio, transcripts, prompts, responses, or AI-generated meeting content. A Kairo Cloud request does process feature-specific text in memory while the request is active, so an incident during that processing could affect the in-flight content. Kairo's systems also hold the content-free account, billing, entitlement, and usage records described above. Your device's own security remains the primary protection for meeting data stored locally.

14. Changes to This Policy

Kairo may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or within the App. The "Last Updated" date at the top of this Policy reflects the most recent revision. Continued use of the App after changes become effective constitutes your acceptance of the revised Policy.

15. Contact

For privacy-related questions or requests:

Kairo Notes LLC
13824 S 21st St E
Bixby, OK 74008
Email: [email protected]
Website: kaironotes.com/privacy

Kairo Notes is an independent software product. It is not affiliated with, endorsed by, or sponsored by Apple Inc., Anthropic, OpenAI, Google, xAI, Notion, or Linear.

Kairo Notes
macOS 14.4+ Privacy Policy Terms of Service Recording Laws
© 2026 Kairo Notes LLC. Kairo Notes is not affiliated with Apple Inc., Anthropic, OpenAI, Google, or xAI.