Privacy Policy
Overview
Kairo is built on a privacy-first architecture. This Privacy Policy explains what data Kairo collects, what data stays on your device, and what — if anything — leaves your machine.
The short version:
- Your audio is never transmitted to Kairo's servers. It is processed locally on your Mac.
- Your transcripts are stored only on your device.
- When you choose a cloud AI provider, your transcript data goes to that provider directly — not to us.
- Kairo does not sell your data. Ever.
1. Who This Policy Applies To
This Privacy Policy applies to users of the Kairo macOS application ("App") distributed by Entity Name ("Kairo," "we," "our," or "us"). By using the App, you agree to the practices described in this Policy.
2. Data That Never Leaves Your Device
The following data is processed and stored exclusively on your local machine. Kairo does not have servers that receive, store, or access this data:
Audio Processing: All audio captured by the App — whether from your microphone or system audio — is processed locally using Apple's on-device Speech framework. Audio is never transmitted to Kairo or any third party by the App itself.
Audio Recordings: In Call or Memo mode, the App records your meeting audio locally as CAF files in your designated vault folder solely to enable timestamped audio playback alongside your transcript. These recordings never leave your device and are permanently deleted when you delete the meeting from your vault.
Transcripts: All meeting transcripts are stored locally in your Kairo vault folder on your Mac. Kairo does not upload, sync, or back up transcripts to any external server.
Meeting summaries and AI suggestions: Content generated by AI is produced by the AI provider you have configured (see Section 4). The output is displayed in the App and stored locally. It is not sent to Kairo.
API keys: Your AI provider API keys are stored exclusively in your macOS Keychain. They are never transmitted to Kairo.
Meeting metadata: Meeting titles, dates, templates, and settings are stored locally in the App's local storage on your device.
3. Data Kairo Collects
Kairo collects minimal data as described below.
a. Crash Reports (Opt-In Only)
If you have opted in to crash reporting, the App may transmit anonymized crash diagnostic information when the App encounters an error. This may include:
- App version and macOS version
- A technical stack trace describing what the App was doing at the time of the crash
- Device hardware class (e.g., Apple Silicon Mac)
Crash reports do not include audio recordings, transcripts, meeting content, or personally identifying information. You can enable or disable crash reporting at any time in the App's Settings.
b. Website Analytics (Website Only)
Our marketing website may use standard web analytics tools to collect anonymized usage data, including page views and referral sources. This data does not identify individual users and is not linked to your use of the App.
c. Contact and Support Communications
If you contact us for support or by email, we retain your contact information and the contents of your message in order to respond to you.
Kairo supports integration with multiple AI providers. When you configure the App to use a cloud-based AI provider, your transcript data is transmitted directly from your device to that provider's servers using your own API credentials.
Kairo is not a party to that data transmission. Kairo does not receive, process, or store the data sent to AI providers. The following providers may receive transcript data if you choose to enable them:
| Provider | Privacy Policy |
|---|---|
| Anthropic (Claude Opus, Sonnet, Haiku) | https://www.anthropic.com/privacy |
| Anthropic via Claude CLI (Max subscription) | https://www.anthropic.com/privacy |
| OpenAI (GPT-4o, o3-mini) | https://openai.com/policies/privacy-policy |
| Google (Gemini) | https://policies.google.com/privacy |
| xAI (Grok) | https://x.ai/legal/privacy-policy |
If you require that no transcript data leave your device for AI processing, you should use Ollama (local model) as your AI provider. Ollama runs entirely on your device and no data is transmitted externally.
You are responsible for reviewing and complying with the terms of service and privacy policies of any AI provider you choose to use.
The App includes an optional Live AI Chat feature that allows you to ask questions to your AI provider during a live meeting. This feature is off by default and requires a one-time affirmative acknowledgment to enable.
When Live Chat is active, the following data is transmitted to your configured AI provider each time you send a message:
- Your typed question or prompt
- The current meeting transcript up to that point in the session (for context-aware answers)
This data flow is governed by the same provider policies listed in the table above. The specific behavior by provider type is:
| Provider Type | Examples | Data Leaves Device? |
|---|---|---|
| Cloud API | Anthropic, OpenAI, Google, xAI, OpenRouter | Yes — to that provider’s servers |
| Claude CLI | Anthropic Max subscription | Yes — subject to Anthropic’s policy |
| Local | Ollama | No — all processing on-device |
Kairo does not store, log, or process your Live Chat messages or questions. They are sent directly from your device to your AI provider. Kairo has no visibility into the content of Live Chat sessions.
The in-app Copilot panel displays a persistent indicator when Live Chat is active: cloud providers show “Chat via [Provider Name]” and local providers show “Chat (local)” so you always know whether data is being transmitted externally.
5. Calendar Integration
Google Calendar: Kairo uses Google OAuth 2.0 with PKCE to read your Google Calendar. Kairo requests only the minimum calendar scopes necessary to display upcoming events on the home screen and pre-populate meeting titles and context. Specifically, Kairo reads event titles, start/end times, and descriptions of upcoming events within a 24-hour window. This data is used locally within the App and is not transmitted to Kairo servers. Your calendar data is governed by Google's Privacy Policy.
Apple Calendar (EventKit): Kairo accesses Apple Calendar data locally on your device via Apple's EventKit framework. This data is used only within the App and is not transmitted off your device.
6. Export Integrations
If you use the App's export features, the following applies:
Notion: If you export meeting notes to Notion, content is transmitted to Notion's API using your Notion account credentials. This transmission is subject to Notion's Privacy Policy.
Linear: If you export action items to Linear, content is transmitted to Linear's API using your Linear account credentials. This transmission is subject to Linear's Privacy Policy.
Kairo does not retain copies of exported content beyond your local transcript storage.
Audio Export: Any export of raw audio recordings is performed at your explicit direction. Exported audio files are subject to the policies of the destination service or application you choose to use.
7. Data Kairo Does Not Collect
To be explicit, Kairo does not:
- Transmit your audio recordings or transcripts to any Kairo-controlled servers (all audio is recorded and stored exclusively on your local device)
- Store your transcripts outside your local device
- Sell, rent, or broker your personal data to any third party
- Use your meeting content to train AI models
- Track your behavior within the App for advertising purposes
- Collect your location data
- Access your contacts, photos, or files beyond the vault folder you designate
8. Children's Privacy
The App is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us information, please contact us and we will delete it.
9. Security
Kairo implements the following security measures:
- Keychain storage for all API keys and sensitive credentials
- Hardened Runtime enabled to resist code injection and unauthorized access
- Security-scoped bookmarks for vault folder access
- Notarization by Apple's notary service
Because transcripts and meeting content are stored locally on your device, your device's own security practices — including disk encryption (FileVault), lock screen, and access controls — are your primary protection for meeting content.
10. Your Choices and Controls
Crash reporting: Enable or disable at any time in Settings → Privacy.
AI provider: You control which AI provider receives your transcript data. Switch to Ollama at any time to keep all data fully local.
Vault location: You control where your transcript vault is stored on your Mac.
Export: Exports to third-party services are always initiated explicitly by you. Nothing is exported automatically.
Data deletion: To delete your data, remove your vault folder from your Mac and uninstall the App. Because Kairo does not store your data on any server, there is no server-side deletion required.
11. GDPR and International Users
If you are located in the European Economic Area, United Kingdom, or Switzerland, the following applies:
The legal basis for processing any personal data (such as crash report data or support communications) is our legitimate interest in improving the App and providing customer support.
You have the following rights with respect to any personal data we hold:
- Right to access the personal data we hold about you
- Right to rectification of inaccurate personal data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
To exercise these rights, contact us at [email protected]. Note that because the App stores your meeting data locally on your device, most of your data is within your own control and can be deleted directly without contacting us.
12. California Privacy Rights (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used
- Request deletion of personal information we hold about you
- Opt out of the sale of personal information (Kairo does not sell personal information)
- Non-discrimination for exercising your privacy rights
To make a request, contact us at [email protected].
13. Data Breach Notification
In the unlikely event of a security breach affecting the limited personal data Kairo holds — specifically opt-in crash report data or support communications — we will:
- Assess the scope and nature of the breach promptly
- Notify affected users and relevant regulatory authorities as required by applicable law, including within 72 hours of becoming aware of a qualifying breach under GDPR
- Take reasonable steps to mitigate harm and prevent recurrence
Because your meeting transcripts, audio recordings, and AI-generated content are stored exclusively on your local device and never transmitted to Kairo, a breach of Kairo's systems would not expose that content. Your device's own security remains the primary protection for your meeting data.
14. Changes to This Policy
Kairo may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or within the App. The "Last Updated" date at the top of this Policy reflects the most recent revision. Continued use of the App after changes become effective constitutes your acceptance of the revised Policy.
15. Contact
For privacy-related questions or requests:
Entity Name
Email: [email protected]
Website: yourdomain.com/privacy
Kairo Notes is an independent software product. It is not affiliated with, endorsed by, or sponsored by Apple Inc., Anthropic, OpenAI, Google, xAI, Notion, or Linear.