Privacy Policy
Last updated 7 July 2026
Kretaos is a client-relationship and engagement platform operated by Tamkis (“Kretaos”, “we”, “us”). This policy explains what data we collect, how we use it, who we share it with, and the rights you have. It applies to kretaos.com and the Kretaos application.
1. Information we collect
We collect only what we need to run the service:
- Account data — your name, work email, workspace/organization details, role, and authentication identifiers (via Google sign-in).
- Customer data you provide — the client, contact, company, interaction, task, and note records you create or import to manage your relationships. You control this data; we process it on your behalf.
- Connected mailbox data — if you connect Gmail, we access the email metadata and messages needed to sync correspondence into your client timelines and to send on your behalf. See Google user data.
- Usage & technical data — log data, device/browser information, IP address, and product events used to operate, secure, and improve the service.
- Billing data — subscription plan and billing status. Card and bank details are collected and stored by our payment processors (Stripe, Razorpay); we never see or store full card numbers.
2. How we use information
- To provide, maintain, and secure the service and your workspace.
- To sync, organize, and surface your client relationships and communications.
- To power AI-assisted features you enable (drafting, summarizing, triage). Content sent to our AI subprocessor is used only to generate your result — never to train generalized models.
- To process payments, prevent abuse, and comply with legal obligations.
- To send service and account communications (not marketing, unless you opt in).
3. Legal bases (GDPR)
Where the GDPR applies, we process personal data on the bases of performance of a contract (providing the service), our legitimate interests (securing and improving the service), your consent (e.g. connecting a mailbox), and compliance with legal obligations.
4. Google user data & Limited Use
If you connect a Google account, Kretaos’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We access your Gmail data only to provide the features you turn on — syncing your correspondence into client timelines and sending messages you compose.
- We do not sell Google user data, use it for advertising, or use it to train generalized AI models.
- Humans do not read your Gmail data except where you give explicit consent for support, where required for security or to comply with law, or in aggregated/anonymized form.
- Access tokens are encrypted at rest, and you can disconnect a mailbox at any time from Settings → Connections, which revokes our access and deletes the stored tokens.
5. How we share data
We do not sell your data. We share it only with service providers (subprocessors) that help us run Kretaos, under contract and appropriate safeguards:
- Google Cloud — hosting, database, and infrastructure.
- Anthropic — AI processing for the features you enable.
- Stripe / Razorpay — payment processing.
- Google — mailbox connection (only if you connect Gmail).
We may also disclose data to comply with law, enforce our terms, or protect rights and safety.
6. Data retention
We retain your data for as long as your workspace is active. On account closure we delete or anonymize personal data within a reasonable period, except where retention is required by law (e.g. tax and accounting records). You can request deletion at any time.
7. Security
We protect data in transit (HTTPS/TLS) and at rest, encrypt sensitive credentials such as mailbox tokens, enforce workspace-level access controls, and keep an append-only audit trail of consent and communication events. No system is perfectly secure, but we work hard to safeguard your data.
8. International transfers & residency
Kretaos runs on regional cloud infrastructure. Where data is transferred across borders, we rely on appropriate safeguards (such as Standard Contractual Clauses). Contact us for details on data residency for your region.
9. Your rights
Depending on your location (including under the EU GDPR and India’s DPDP Act), you may have the right to access, correct, delete, export, or restrict processing of your personal data, and to withdraw consent. To exercise these rights, email contact@tamkis.com. If you manage client data in Kretaos, you are the controller of that data and responsible for honoring your own contacts’ rights; we act as your processor.
10. Cookies
We use only essential cookies required to keep you signed in and to secure the service. We do not use advertising or third-party tracking cookies.
11. Children
Kretaos is a business tool and is not directed to anyone under 18. We do not knowingly collect data from children.
12. Changes to this policy
We may update this policy as the service evolves. Material changes will be posted here with a new “last updated” date.
13. Contact
Questions or requests? Email contact@tamkis.com.