Privacy Policy

Last updated: May 12, 2026

KRIBA & Co is committed to protecting your personal information. This policy explains what data we collect, why we collect it, how we use it, and your rights over it. We follow a global privacy standard aligned with GDPR to protect all users, regardless of location.

1. Who We Are

KRIBA & Co ("we," "us," "our") is a business technology consulting agency based in Orange County, California, USA. We operate at kriba.co.

Data Controller: Kia Zokaei, KRIBA & Co
Contact: kia@kriba.co

2. What Data We Collect

We collect the following categories of personal data, and only when you actively provide it or when it is automatically generated by your interaction with our site:

Category	Examples	How Collected
Identity Data	Full name, company name, job title	Contact forms, Calendly, email
Contact Data	Email address, phone number	Contact forms, Calendly, email
Business Data	Industry, team size, current tools, project goals	Discovery calls, intake forms
Financial Data	Billing details for invoicing purposes	Payment processor (we do not store card numbers)
Technical Data	IP address, browser type, device type, pages visited	Google Analytics 4 (with consent)
Usage Data	How you navigate and interact with kriba.co	Google Analytics 4 (with consent)
Communication Data	Email correspondence, notes from calls	Direct communication with you

We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or financial account numbers.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your data on the following legal bases:

Contract performance: Processing necessary to deliver the services you've engaged us for.
Legitimate interests: Analytics and website improvement (where consent is not required), fraud prevention, and business record-keeping — provided these interests are not overridden by your rights.
Legal obligation: Tax records, invoicing, and regulatory compliance.
Consent: For analytics cookies, marketing communications, and any processing not covered above. You can withdraw consent at any time.

4. How We Use Your Data

We use personal data for the following purposes:

To respond to your inquiries and schedule discovery calls via Calendly.
To deliver consulting services, build custom tools, and fulfill our contractual obligations.
To send project updates, invoices, and service-related communications.
To analyze website traffic and user behavior to improve our site (with your consent).
To comply with tax, legal, and regulatory obligations.
To protect against fraud, unauthorized access, and abuse.

We do not sell your personal data. We do not use your data for automated decision-making or profiling that produces significant legal effects.

5. AI Tools and Data Processing

KRIBA & Co uses AI tools as part of our service delivery. Here is how your data interacts with these systems:

In the course of project work, business context you share with us (e.g., company name, goals, workflow details) may be submitted as prompts to AI platforms including OpenAI (ChatGPT), Anthropic (Claude), and Google (Gemini).
We use available privacy and data protection settings on these platforms — including data processing agreements and opt-outs from model training — to protect your information where possible.
We do not use your personal data to train proprietary AI models.
We do not submit your personally identifiable information (name, email, contact details) to AI tools unless it is strictly necessary for the service and you have been informed.
You can request that we avoid submitting your business information to AI tools. Please contact us at kia@kriba.co to discuss alternatives.

6. Third-Party Services and Data Sharing

We share data with the following trusted service providers who process it on our behalf:

Provider	Purpose	Privacy Policy
Google LLC (Google Analytics 4)	Website analytics and usage data (only with consent)	policies.google.com/privacy
Calendly, LLC	Scheduling and calendar management	calendly.com/privacy
OpenAI	AI-assisted content generation (project work)	openai.com/privacy
Anthropic	AI-assisted work (project work)	anthropic.com/privacy
Make / Zapier	Workflow automation (for client projects)	Make: make.com/privacy
Payment Processor	Billing and payment processing	See your invoice for details

We do not share your data with any other third parties except as required by law (e.g., in response to a valid legal request or court order).

7. International Data Transfers

KRIBA & Co is based in the United States. If you are accessing our services from the European Union, United Kingdom, or Canada, your personal data will be transferred to and processed in the United States.

We use the following safeguards to ensure your data receives adequate protection:

Standard Contractual Clauses (SCCs) with EU-based data processors.
Transfers to service providers that participate in recognized adequacy frameworks or maintain equivalent privacy protections.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. General retention timelines:

Client project data: 5 years after project completion (for tax and legal compliance).
Contact/inquiry data: 2 years if no engagement is initiated.
Analytics data: 14 months (Google Analytics 4 default retention setting).
Financial records: 7 years (California tax law requirement).

When data is no longer required, we securely delete or anonymize it.

9. Your Rights

Depending on your location, you have the following rights over your personal data. We will respond to all valid requests within 30 days.

Right to Access Request a copy of the personal data we hold about you.

Right to Rectification Ask us to correct inaccurate or incomplete data.

Right to Erasure Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.

Right to Restrict Processing Ask us to limit how we use your data in certain circumstances.

Right to Data Portability Receive your data in a structured, machine-readable format.

Right to Object Object to processing based on legitimate interests, including direct marketing.

Right to Opt-Out (CCPA) California residents may opt out of the "sale" or "sharing" of personal information for advertising purposes. We do not sell your data.

Right to Withdraw Consent Withdraw consent at any time for consent-based processing (e.g., analytics cookies) without affecting past lawful processing.

To exercise any of these rights, contact us at kia@kriba.co. We may need to verify your identity before processing your request. If you are dissatisfied with our response, you have the right to lodge a complaint with your local supervisory authority (e.g., your national Data Protection Authority in the EU/UK, or the California Privacy Protection Agency).

10. Cookies

We use cookies and similar tracking technologies on kriba.co. For full details, including how to manage your preferences, see our Cookie Policy.

11. Children's Privacy

Our services are not directed at or intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately at kia@kriba.co and we will promptly delete it.

12. Security

We implement reasonable technical and organizational measures to protect your personal data against unauthorized access, accidental loss, destruction, or disclosure. These include access controls, encrypted communications (HTTPS), and limited data sharing on a need-to-know basis. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website or services after changes constitutes your acceptance of the updated policy.

14. Contact Us

For any privacy-related questions, requests, or concerns, please contact:

KRIBA & Co
Attn: Privacy
Email: kia@kriba.co
Website: kriba.co