Privacy Policy

Privacy Policy

By continuing to use our platform, you agree to our privacy practices and data protection measures.

Effective Date: April 28, 2026
Last Updated: April 28, 2026

Iquester Solutions LLP
B-01/485, Kalyani, Nadia,
West Bengal, India, 741235

1. Introduction

Iquester Solutions LLP (“Company,” “we,” “us”) operates the KnoRai platform. This Privacy Policy explains how we collect, use, store, share, and protect information in connection with the Service. It applies to all users worldwide.

Data Controller: Iquester Solutions LLP, B-01/485, Kalyani, Nadia,
West Bengal, India, 741235Kolkata, West Bengal, India — 700156. Contact: legal@knorai.com

This Policy should be read together with our Terms and Conditions. Defined terms not explained here have the meanings given in the Terms.

2. Information We Collect

2.1 Information You Provide
  • Account details: name, email, phone number, business name, address
  • Platform connection credentials: store URLs, API keys, authentication tokens
  • Team information: names, emails, assigned roles
  • Payment information: processed by third-party payment processors; we do not store full card details
  • Communications: emails, messages, and support interactions with our team
2.2 Information Processed Through the Service
  • Business data synced from your connected platforms (product listings, orders, customer records, pricing, inventory)
  • Conversation data exchanged between the AI and your customers via connected messaging channels
  • Operational commands and queries you send to the Service
  • Data about your customers that they provide through interactions with the Service
2.3 Automatically Collected Information
  • Device and technical data: IP address, browser type, operating system, device identifiers
  • Usage data: features used, session duration, interaction patterns
  • Performance data: response times, error logs
  • Cookies and similar technologies (see Section 8)
2.4 Information from Third-Party Platforms

When you connect third-party platforms to the Service, we receive data from those platforms as authorized by your integration settings. The scope and type of data depends on the platform and the permissions you grant.

3. How We Use Information

3.1 Service Delivery and Operations
  • Providing, maintaining, and operating the Service and its features
  • Processing your commands and queries
  • Facilitating interactions between the Service and your customers
  • Generating reports and analytics based on your data
3.2 Improvement and Development
  • Analysing usage patterns to improve the Service
  • Improving AI accuracy and quality using anonymised and aggregated data
  • Developing new features and capabilities
  • Identifying and resolving technical issues
3.3 Communications
  • Service-related notices, security alerts, and updates
  • Responding to your support requests
  • Onboarding and training assistance
3.4 Legal and Safety
  • Complying with legal obligations and lawful requests
  • Enforcing our Terms and Conditions
  • Detecting, preventing, and addressing fraud, abuse, and security incidents
3.5 Legal Basis (GDPR/UK GDPR)

For users in the European Economic Area (EEA) and United Kingdom (UK):

  • Contractual Necessity (Art. 6(1)(b)): Processing necessary to perform the Service you contracted for.
  • Legitimate Interests (Art. 6(1)(f)): Service improvement, security, and fraud prevention, balanced against your rights.
  • Consent (Art. 6(1)(a)): Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Legal Obligation (Art. 6(1)(c)): Where required by applicable law.

4. How We Share Information

We do not sell your personal data.

We share information only in these circumstances:

  • Third-Party Platforms: Data is transmitted to platforms you choose to connect. Their privacy policies govern their handling of your data.
  • Service Providers: Trusted providers for hosting, infrastructure, analytics, and payment processing, bound by data processing agreements.
  • Legal Requirements: Where required by law, regulation, legal process, or government request, or to protect our rights, safety, or property.
  • Business Transfers: In connection with a merger, acquisition, or asset sale, with notice to affected users.
  • With Your Consent: For any other purpose with your explicit consent.

5. Data Storage, Transfers, and Retention

5.1 Storage

Data is stored on cloud infrastructure that may be located in India, the EEA, the United States, or other jurisdictions. By using the Service, you acknowledge this.

5.2 International Transfers

For transfers outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs), adequacy decisions, or your explicit consent. Contact legal@knorai.com for details on safeguards.

5.3 Retention
  • Active account data: duration of your subscription plus thirty (30) days
  • Conversation logs: twelve (12) months, then anonymised or deleted
  • Aggregated analytics: retained in anonymised form indefinitely
  • Billing records: seven (7) years per applicable tax law
  • Post-termination: data available for thirty (30) days, then permanently deleted within sixty (60) days
5.4 Deletion

Upon termination or valid deletion request, personal data is deleted or anonymised within sixty (60) days, except where retention is required by law.

6. Data Security

We implement commercially reasonable technical and organisational measures to protect data, including encryption in transit and at rest, access controls, monitoring, and incident response procedures.

IMPORTANT: No system is 100% secure. We do not guarantee absolute security. Data transmitted through third-party platforms is subject to those platforms’ security practices, which are outside our control. You assume the risk inherent in transmitting data over the internet and through third-party services. You are responsible for securing your own credentials, systems, and endpoints.

7. Your Rights

7.1 GDPR Rights (EEA/UK)
  • Access (Art. 15): Obtain a copy of your personal data.
  • Rectification (Art. 16): Correct inaccurate data.
  • Erasure (Art. 17): Request deletion (“right to be forgotten”), subject to legal retention requirements.
  • Restriction (Art. 18): Restrict processing in certain circumstances.
  • Portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Objection (Art. 21): Object to processing based on legitimate interests.
  • Withdraw Consent (Art. 7(3)): Withdraw consent at any time.
  • Complaint: Lodge a complaint with your local data protection authority.
7.2 Other Jurisdictions

Users in jurisdictions with data protection laws (including California CCPA/CPRA, Brazil LGPD, Canada PIPEDA, Australia Privacy Act, and others) may have equivalent or similar rights. We honour valid requests in accordance with applicable law.

7.3 How to Exercise Rights

Send requests to legal@knorai.com with information sufficient to verify your identity. We respond within thirty (30) days or such shorter period as required by law.

7.4 Controller vs. Processor

Critical distinction: For personal data of YOUR customers processed through the Service, YOU are the data controller and we are the data processor. You are solely responsible for having appropriate legal bases, privacy notices, and consent mechanisms in place for your customers’ data. We process your customers’ data solely on your instructions and per our processing obligations. You indemnify us against claims arising from your failure to meet your obligations as data controller.

8. Cookies

The Service uses cookies and similar technologies:

TypePurposeDurationBasis
EssentialAuthentication, session, securitySession / 30 daysContractual necessity
FunctionalPreferences, settings1 yearLegitimate interest
AnalyticsUsage, performance measurement2 yearsConsent

You can control cookies through browser settings. Disabling essential cookies may affect functionality. For EEA/UK users, consent is obtained before non-essential cookies are placed.

9. Children

The Service is not directed at individuals under 18. We do not knowingly collect data from minors. If we learn that we have, we will delete it promptly. Contact legal@knorai.com if you believe a child has provided data.

10. Data Breach Notification

In the event of a personal data breach likely to result in risk to individuals, we will: (a) notify the relevant supervisory authority within 72 hours where required by GDPR; (b) notify affected users without undue delay where the breach poses high risk; and (c) document the breach and remedial actions. Breaches originating from third-party platforms are the responsibility of those platforms.

11. Do Not Track

The Service does not currently respond to Do Not Track browser signals.

12. Changes to This Policy

We may update this Policy from time to time. Material changes will be communicated via email or the Service at least thirty (30) days before taking effect. Continued use after the effective date constitutes acceptance.

13. Contact

Data Controller: Iquester Solutions LLP
Address: B-01/485, Kalyani, Nadia,
West Bengal, India, 741235
Privacy Contact: legal@knorai.com  |  Support: support@knorai.com

EEA/UK users: if unsatisfied with our response, you may lodge a complaint with your local data protection supervisory authority.