1. Data controller
Keter Labs Ltd. is the controller of your personal data. For privacy questions, contact us at privacy@keterlabs.ai.
2. Data we collect
- Account data: email, name, avatar, language, authentication identifiers.
- Content: prompts, uploaded files, generated outputs, projects.
- Billing: plan, credit balance, invoices (payment card data is held by our payment processor, not by us).
- Usage and technical data: IP address, browser, device, log events, feature usage.
- Cookies: essential, preference, and analytics cookies as described in our Cookie Policy.
3. How we use data
- Provide and operate the Service, including AI generation.
- Bill you, prevent fraud, and enforce our Terms.
- Improve product quality, performance, and safety.
- Send service and, with consent, marketing communications.
- Comply with legal obligations.
4. Lawful basis (GDPR)
We rely on: (a) performance of contract, to run the Service; (b) legitimate interests, to secure and improve it; (c) consent, for marketing and non-essential cookies; and (d) legal obligation, for tax and compliance.
5. Sub-processors and AI providers
We rely on carefully vetted providers to deliver the Service, including cloud hosting (Cloudflare, Supabase), payment processing, email delivery, and AI model providers (OpenAI, Google, Anthropic, ElevenLabs, fal.ai, Replicate). A current list is maintained in the DPA. We do not sell personal data.
6. Retention
We keep account and content data while your account is active and for up to 30 days after deletion, unless a longer period is required by law (e.g. invoices — 7 years). Log data is retained up to 90 days.
7. International transfers
Personal data may be processed outside your country. For transfers from the EEA / UK to third countries, we rely on Standard Contractual Clauses and equivalent safeguards.
8. Your rights
Subject to applicable law you have the right to access, rectify, erase, restrict, port your data, and object to processing. You can exercise most rights from account settings, or by writing to privacy@keterlabs.ai. You may also lodge a complaint with your supervisory authority.
9. Security
We apply industry-standard controls: encryption in transit and at rest, role-based access, audit logging, and least-privilege service credentials. No system is 100% secure — please report vulnerabilities to security@keterlabs.ai.
10. Children
The Service is not directed to children under 16 and we do not knowingly collect their data.
11. Changes
We will notify you of material changes at least 14 days before they take effect.
Questions about this document? Reach out at legal@keterlabs.ai.