Privacy Policy

Last Updated: November 27, 2025

Introduction

Welcome to Platoona. This Privacy Policy explains how Kulp Labs Private Limited ("Platoona", "we", "us", or "our") collects, uses, discloses, and protects your personal information when you use our AI-powered workspace platform and related services (collectively, the "Services").

By accessing or using Platoona, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

Contact Information:

Kulp Labs Private Limited

804, Runwal Gardens

Bhadra Nagar, Kalyan-Shil Road

Kalyan, Maharashtra 421204, India

Email: support@platoona.com

Table of Contents

  1. 1. Information We Collect
  2. 2. How We Use Your Information
  3. 3. AI Processing and Third-Party Services
  4. 4. Information Sharing and Disclosure
  5. 5. Data Storage and Security
  6. 6. Cookies and Tracking Technologies
  7. 7. Your Rights and Choices
  8. 8. Data Retention
  9. 9. International Data Transfers
  10. 10. Children's Privacy
  11. 11. Changes to This Policy
  12. 12. Contact Us

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide to us when using our Services:

  • Account Information: Email address, full name, organization name, job role, use case (personal or work), and profile avatar.
  • Authentication Data: One-time password (OTP) codes for email verification, Google account information (if using Google OAuth sign-in including Google ID, email, and profile name).
  • Workspace Information: Workspace names, descriptions, member roles, and invitation details.
  • AI Agent Data: Custom agent configurations including names, descriptions, objectives, tone preferences, system prompts, tool selections, and avatar images.
  • Conversation Data: Messages, chat content, conversation titles, group settings, and file attachments shared in conversations with AI agents or other users.
  • Task Information: Task titles, descriptions (rich text content), status, priority levels, due dates, assignees, tags, subtasks, and related metadata.
  • Document Content: Knowledge base documents, folder structures, document titles, content (rich text), and document links.
  • Integration Credentials: OAuth tokens, API keys, and connection information for third-party services you authorize (Gmail, Google Calendar, Slack, GitHub, etc.).
  • File Uploads: Files you upload including images, documents, videos, audio files, and other media with associated metadata (filename, size, type).
  • Workflow Automation: Flow configurations, trigger settings (schedules, webhooks), automation logic, and execution history.
  • Payment Information: Billing details processed through Stripe (we do not directly store credit card numbers, but receive transaction information and billing addresses).
  • Communications: Feedback, support requests, and other communications with our team.

1.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain information:

  • Usage Information: Pages visited, features used, actions taken, time spent on pages, and interaction patterns with the Services.
  • Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers.
  • Connection Data: IP address, location data (derived from IP), WebSocket connection logs, and session information.
  • Log Data: Server logs, error reports, API request logs, and diagnostic information.
  • Performance Data: Service performance metrics, load times, and system availability.

1.3 Information from Third-Party Sources

  • OAuth Providers: Profile information from Google when you use social sign-in.
  • Connected Integrations: Data accessed from services you connect (emails, calendar events, files, etc.) as needed to perform requested actions.
  • Payment Processors: Transaction and payment status information from Stripe.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

  • Provide, maintain, and improve our AI workspace platform
  • Process AI agent requests and generate responses
  • Execute workflow automations and integrations
  • Manage tasks, documents, and knowledge bases
  • Facilitate real-time chat and collaboration
  • Store and manage file uploads
  • Enable multi-user workspaces and team collaboration

2.2 Account and Authentication

  • Create and manage user accounts
  • Verify email addresses and authenticate users
  • Send one-time passwords and login links
  • Process workspace invitations
  • Manage access permissions and roles

2.3 Billing and Payments

  • Process subscription payments and manage billing
  • Handle refund requests and payment disputes
  • Send invoices and payment confirmations
  • Prevent fraud and unauthorized transactions

2.4 Communications

  • Send transactional emails (OTP codes, invitations, notifications)
  • Respond to support requests and inquiries
  • Send service-related announcements
  • Provide customer support

2.5 Service Improvement and Analytics

  • Analyze usage patterns and service performance
  • Develop new features and improve existing functionality
  • Monitor system health and troubleshoot issues
  • Conduct internal research and development

2.6 Security and Compliance

  • Detect and prevent fraud, abuse, and unauthorized access
  • Enforce our Terms of Service
  • Comply with legal obligations and regulatory requirements
  • Protect the rights, property, and safety of Platoona, our users, and the public
  • Respond to legal requests and prevent illegal activities

3. AI Processing and Third-Party Services

⚠️ Important: AI Data Processing

When you use AI agents in Platoona, your messages, prompts, uploaded files, and workspace context are sent to third-party AI service providers to generate responses. This data processing is essential for the Services to function.

3.1 AI Service Providers

We use the following AI providers to power our agent functionality:

  • OpenAI: We use OpenAI's language models (including GPT-4 and GPT-3.5) to generate AI responses, create embeddings for semantic search, and generate images (DALL-E). Your prompts, messages, and context are sent to OpenAI's servers for processing.
  • OpenRouter: We use OpenRouter to access multiple AI model providers. Your prompts and messages may be processed by various AI models through OpenRouter's platform.

3.2 Data Sent to AI Providers

When you interact with AI agents, we may send the following information to AI providers:

  • Your messages and prompts
  • Conversation history and context
  • File attachments (images, documents) when referenced in conversations
  • Agent system prompts and instructions
  • Workspace context (user names, task information, document content) when needed for agent responses
  • Tool call results and integration data when agents use tools

3.3 AI Provider Privacy Policies

AI providers have their own privacy policies and data handling practices. We recommend reviewing:

3.4 Other Third-Party Services

We use additional third-party services that may process your data:

  • Exa API: Web search functionality (search queries submitted by agents)
  • ScreenshotOne: Website screenshot capture (URLs submitted by agents)
  • AWS S3: File storage and retrieval (uploaded files, avatars, attachments)
  • Google OAuth: Authentication and sign-in services
  • SMTP Email Provider: Transactional email delivery (OTP codes, invitations)
  • Stripe: Payment processing and subscription management

4. Information Sharing and Disclosure

We share your information in the following circumstances:

4.1 With Your Consent

We share information when you explicitly authorize us to do so, such as:

  • Connecting third-party integrations (Gmail, Slack, etc.) via OAuth
  • Sharing workspace content with other workspace members
  • Publishing agents or content to the marketplace
  • Executing integration actions through connected services

4.2 With Workspace Members

Information shared within a workspace (conversations, tasks, documents, agents) is visible to all workspace members according to their role permissions.

4.3 Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Cloud hosting providers (AWS)
  • AI and machine learning providers (OpenAI, OpenRouter)
  • Payment processors (Stripe)
  • Email delivery services (SMTP providers)
  • Search and web services (Exa, ScreenshotOne)
  • Authentication providers (Google)

These service providers are contractually obligated to use your information only to provide services to us and are prohibited from using it for their own purposes.

4.4 User-Connected Integrations

When you connect third-party services (Gmail, Slack, GitHub, etc.), you authorize us to access and share data with those services according to the scopes you approve. These integrations operate under their own privacy policies.

4.5 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Legal processes, subpoenas, or court orders
  • Government or regulatory requests
  • Investigations of potential violations of our Terms of Service
  • Detection, prevention, or addressing of fraud, security, or technical issues
  • Protection of the rights, property, or safety of Platoona, our users, or the public

4.6 Business Transfers

If Platoona is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Services of any change in ownership or use of your personal information.

4.7 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you for research, analytics, marketing, or other purposes.

5. Data Storage and Security

5.1 Data Storage Location

Your data is stored on AWS servers located in the Asia-Pacific region (ap-south-1, Mumbai, India). Files uploaded to Platoona are stored in AWS S3.

5.2 Security Measures

We implement industry-standard security measures to protect your information, including:

  • Encryption: Data is encrypted in transit using TLS/HTTPS and at rest using AES-256 encryption
  • Authentication: JWT-based authentication with access and refresh token mechanisms
  • Access Controls: Role-based access control (RBAC) and workspace-level permissions
  • Credential Protection: Integration credentials and OAuth tokens are encrypted in our database
  • Infrastructure Security: Database segregation, firewall protection, and automated security updates
  • Monitoring: Logging and monitoring of security events and unauthorized access attempts
  • Rate Limiting: Protection against brute force attacks and abuse

5.3 File Security

Files uploaded to Platoona are stored in AWS S3 with public bucket access but non-enumerable, obscure URLs. While the URLs are difficult to guess, anyone with the URL can access the file. We recommend not uploading highly sensitive or confidential files to the platform.

5.4 Security Limitations

While we implement robust security measures, no system is completely secure. We cannot guarantee the absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials and for any activity under your account.

5.5 Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities in accordance with applicable law, including within 72 hours as required by GDPR for European users.

6. Cookies and Tracking Technologies

6.1 Cookies We Use

We use cookies and similar tracking technologies to provide and improve our Services:

  • Authentication Cookie: The auth_session cookie stores your session information and JWT tokens to keep you logged in. This cookie expires after 7 days and is essential for the Services to function.

6.2 Local Storage

We use browser local storage to store the following information on your device:

  • Authentication data: JWT access and refresh tokens, user profile information
  • Application state: Selected workspace, theme preferences, UI settings
  • Feature state: Flow execution status, task filters, message cache

6.3 Managing Cookies and Storage

You can control cookies through your browser settings. However, disabling cookies or clearing local storage will log you out and may prevent certain features from working properly. Most browsers accept cookies automatically, but you can modify your browser settings to decline cookies if you prefer.

6.4 Do Not Track

Our Services do not currently respond to "Do Not Track" signals from browsers because we do not use third-party tracking or analytics services.

7. Your Rights and Choices

7.1 General Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Update or correct inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Data Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to certain processing of your personal information
  • Restriction: Request restriction of processing in certain circumstances
  • Withdraw Consent: Withdraw consent for processing based on consent

7.2 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under GDPR:

  • Right to lodge a complaint with your local data protection authority
  • Right to object to processing based on legitimate interests
  • Right to data portability in commonly used formats
  • Right to be informed about automated decision-making (we do not use automated decision-making that produces legal effects)

7.3 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information we have collected
  • Right to Opt-Out: Opt-out of the "sale" of personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

7.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at support@platoona.com. We will respond to your request within 30 days (or as required by applicable law).

7.5 Account Management

You can directly manage certain information through your account settings:

  • Update your profile information (name, organization, job role, avatar)
  • Change workspace settings and member roles
  • Delete messages, tasks, documents, and agents
  • Disconnect third-party integrations and revoke OAuth tokens
  • Leave or delete workspaces

7.6 Account Deletion

You may request account deletion by contacting us at support@platoona.com. When you delete your account, we will deactivate it and mark your data for deletion. However, please note that we use soft deletion, which means your data may remain in our systems for backup, legal, or operational purposes unless you specifically request hard deletion and it is legally permissible.

8. Data Retention

8.1 General Retention Policy

We retain your personal information for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.2 Active Accounts

For active accounts, we retain your information indefinitely until you request deletion or close your account.

8.3 Deleted Accounts

When you delete your account or request data deletion, we implement soft deletion by default. This means:

  • Your account is deactivated and you can no longer access the Services
  • Your data is marked as deleted but may remain in our systems
  • Your data is excluded from active Services but retained for backup and recovery purposes
  • We may retain certain information as required by law or for legitimate business purposes (e.g., preventing fraud, resolving disputes, enforcing agreements)

8.4 Hard Deletion Requests

You may request hard deletion of your data by emailing support@platoona.com. We will permanently delete your data where legally permissible, except for:

  • Information required to be retained by law or regulation
  • Information necessary for legal claims or disputes
  • Aggregated or anonymized data that cannot identify you
  • Backup copies that will be deleted in the normal course of business (typically within 90 days)

8.5 Specific Retention Periods

  • OTP Codes: Deleted after expiration (10 minutes) or after successful use
  • Workspace Invitations: Deleted after expiration (7 days) or after acceptance
  • Log Data: Retained for up to 90 days for security and troubleshooting purposes
  • Payment Records: Retained as required by tax and accounting laws (typically 7 years)

9. International Data Transfers

9.1 Data Storage Location

Platoona is operated by Kulp Labs Private Limited, a company based in India. Your data is primarily stored on AWS servers in the Asia-Pacific region (Mumbai, India).

9.2 Cross-Border Transfers

Your personal information may be transferred to, stored, or processed in countries outside your country of residence, including:

  • United States: OpenAI and other AI providers process data in the US
  • European Union: Some service providers may have servers in the EU
  • Other Countries: Third-party services may process data globally

9.3 Safeguards for International Transfers

When we transfer data internationally, we implement appropriate safeguards, including:

  • Data Processing Agreements with third-party processors
  • Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to countries without adequacy decisions
  • Technical and organizational security measures
  • Encryption of data in transit and at rest

9.4 European Users

For users in the European Economic Area (EEA) and United Kingdom, we ensure that appropriate safeguards are in place when your data is transferred outside these regions, in accordance with GDPR requirements.

10. Children's Privacy

Platoona is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

If you are under 18, please do not use the Services or provide any personal information to us. If we learn that we have collected personal information from a child under 18, we will delete that information as quickly as possible.

If you believe we have collected information from a child under 18, please contact us at support@platoona.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this Privacy Policy.

If we make material changes to this Privacy Policy, we may provide additional notice such as posting a notice on our website or sending you an email notification (if you have provided your email address).

Your continued use of the Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated Privacy Policy, you must stop using the Services.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Mailing Address:

Kulp Labs Private Limited

804, Runwal Gardens

Bhadra Nagar, Kalyan-Shil Road

Kalyan, Maharashtra 421204

India

General Support:

support@kulp.ai

Business Hours:

Monday - Friday

10 AM - 6 PM IST (Indian Standard Time)

We will respond to your inquiry within a reasonable timeframe, typically within 30 days as required by applicable privacy laws.

This Privacy Policy was last updated on November 27, 2025. By using Platoona, you acknowledge that you have read and understood this Privacy Policy.