Privacy Policy
This Privacy Policy explains how K2A Solutions LLC ("K2A," "we," "us," or "our") collects, uses, shares, and protects your personal information when you visit our website, book a demo, fill out our onboarding wizard, or use our AI consulting and AI Operating System services.
On this page
- About this policy
- Who we are
- Information we collect
- Sensitive personal information
- How we use your information
- How we share your information
- AI processing
- Cookies and tracking
- Your privacy rights
- How to exercise your rights
- Global Privacy Control
- Data retention
- Children's privacy
- International users
- Security
- Changes to this policy
- Contact us
1. About this policy
This policy covers two contexts:
- Our website and prospect interactions. When you visit k2asolutions.com, request a demo, or fill out our onboarding form, K2A acts as the controller of your personal information.
- The AI Operating Systems we build for client businesses. When K2A processes data inside an OS we have built and deployed for a client, K2A acts as a service provider (CCPA) or processor (GDPR) on behalf of that client. Our handling of that data is governed by a separate Data Processing Agreement with each client. See our DPA for those terms.
2. Who we are and how to contact us
K2A Solutions LLC is a New York limited liability company headquartered in New York, NY. For privacy-related inquiries, including requests to exercise your rights under applicable law:
- Email: privacy@k2asolutions.com
- General contact: team@k2asolutions.com
3. Information we collect
The categories of personal information we collect, the sources, the business purposes, and the categories of recipients:
| Category | Examples | Source | Purpose |
|---|---|---|---|
| Identifiers | Name, email, phone number, business name, job title | You, when you book a demo, fill the onboarding wizard, or contact us | Respond to inquiries, deliver services, send service-related communications |
| Commercial information | Subscription status, billing history, services purchased | You, our payment processor (Stripe) | Process payments, deliver services, support, fraud prevention |
| Internet activity | IP address, browser type, pages viewed, referring URL, approximate location derived from IP | Automatically when you visit our site | Site security, traffic analysis, debugging |
| Professional information | Information about your business operations, departments, tools you use, automation needs (collected through the onboarding wizard) | You, when you complete onboarding | Build and configure your AI Operating System, scope the consulting engagement |
| Communications content | Emails you send us, demo call notes, support messages | You, our staff during interactions with you | Provide support, deliver services, improve our offerings |
| Inferences | Suitability for our services, business segment categorization | Derived from the categories above | Determine fit for our services, prioritize follow-up |
4. Sensitive personal information
We do not knowingly collect sensitive personal information as defined under the California Consumer Privacy Act, including: government identifiers, financial account credentials, precise geolocation, racial or ethnic origin, religious beliefs, union membership, the content of mail or messages not directed to us, genetic data, biometric identifiers, health information, sex life or sexual orientation information, or neural data.
Payment card details are processed directly by Stripe; K2A never receives, stores, or transmits your raw card data.
5. How we use your information
We use the information we collect to:
- Deliver, maintain, and support the AI consulting services and AI Operating System we have agreed to provide to you
- Build and configure a custom AI Operating System based on the information you provide during onboarding
- Process payments and manage your subscription
- Communicate with you about your account, service updates, and support requests
- Send service-related notifications (we do not send marketing email to clients without separate consent)
- Respond to demo requests and follow up on inquiries
- Operate, secure, and improve our website and services
- Detect, investigate, and prevent fraud, abuse, or violations of our terms
- Comply with legal obligations and enforce our agreements
6. How we share your information
We share personal information only as described below.
Service providers
We engage third-party service providers to help us deliver our services. Each is bound by a contract restricting their use of your information to the services they provide to us. Our current service providers include:
- Stripe — payment processing
- Hetzner Online GmbH — server hosting and infrastructure
- Cloudflare — DNS, content delivery, edge security
- Resend — transactional email delivery
- Google Workspace — internal email, document storage, calendars
- Anthropic — AI model inference (for service delivery; not used to train Anthropic's models per their API terms)
- GoHighLevel — customer relationship management
A current and detailed list, including locations and processing purposes, is maintained in our Security documentation and DPA.
Legal and safety
We may disclose information if we believe in good faith that disclosure is necessary to comply with applicable law, valid legal process (including subpoenas, court orders, or government requests), to protect our rights or property, to prevent fraud or harm, or to protect the safety of any person.
Business transfers
If K2A is involved in a merger, acquisition, financing, sale of assets, or bankruptcy, your personal information may be transferred as part of that transaction. We will provide notice before personal information becomes subject to a different privacy policy.
What we do not do
We do not sell your personal information for monetary consideration. We do not share your personal information for cross-context behavioral advertising. We do not use your personal information to train artificial intelligence models that we make available to others. We do not offer financial incentives in exchange for personal information.
7. AI processing
K2A delivers AI services. We want to be specific about how that affects your data.
- Model providers we use. We route requests to large language models offered by providers including Anthropic. Inputs and outputs may transit and be processed by these providers under their published API and data terms.
- No training on your data by default. Our model providers' API terms prohibit them from using your inputs and outputs to train their public models. K2A does not separately train models on your data, and we do not aggregate client data across customers for any model training purpose.
- Where outputs live. Outputs generated for you are stored in your tenant of the AI Operating System and are accessible to your authorized users. Retention is governed by your settings within the OS and our standard service retention defaults.
- Limitations of AI. AI outputs may contain errors, omissions, or fabrications ("hallucinations"). We do not warrant the accuracy or fitness of AI outputs for any specific decision. Human review is built into our delivery process for any output sent externally.
- Automated decision-making. K2A does not currently use solely automated processing to make decisions about you that produce legal or similarly significant effects. If we ever do, we will provide the disclosures and opt-out mechanisms required by applicable law.
8. Cookies and tracking technologies
Our marketing website uses only cookies that are strictly necessary to operate the site (for example, basic security and load-balancing cookies served by our infrastructure providers). We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking technologies on our marketing site.
If we add analytics or other non-essential cookies in the future, we will update this policy and provide a cookie consent mechanism in compliance with applicable law.
Your browser may offer controls to block or delete cookies. The K2A marketing website does not require non-essential cookies to function.
9. Your privacy rights
Depending on where you live, you may have one or more of the following rights regarding your personal information:
- Right to know / access. Request confirmation that we process your personal information and request a copy of the categories and specific pieces we hold.
- Right to delete. Request that we delete personal information we have collected from you, subject to legal exceptions.
- Right to correct. Request that we correct inaccurate personal information.
- Right to portability. Receive a copy of your personal information in a portable, readily usable format.
- Right to opt out of sale or sharing. Opt out of any sale or sharing of your personal information for cross-context behavioral advertising. We do not sell or share, but you may exercise this right preemptively.
- Right to limit use of sensitive personal information. Limit our use of your sensitive personal information to that necessary to provide services. We do not collect sensitive personal information.
- Right to opt out of profiling. Opt out of automated profiling that produces legal or similarly significant effects. We do not engage in this kind of profiling.
- Right to non-discrimination. We will not discriminate against you for exercising any of these rights.
- Right to appeal. If we deny your request, you have the right to appeal our decision. Email privacy@k2asolutions.com with "Privacy Appeal" in the subject line.
10. How to exercise your rights
To exercise any of the rights above, contact us by either of these methods:
- Email: privacy@k2asolutions.com with the request type in the subject line
- Postal mail: K2A Solutions LLC, Privacy Requests, New York, NY (full address provided on request)
To protect your information, we will verify your identity before completing a request. We may ask you to confirm details we already hold (for example, the email address associated with your account). For requests involving deletion or significant disclosure, we may require additional verification proportionate to the sensitivity of the information.
Authorized agents. You may designate an authorized agent to make a request on your behalf. The agent must provide written, signed permission from you, and we may contact you to verify the agent's authority. We may deny requests from agents who do not provide proof of authorization.
We will respond within the timelines required by applicable law (generally 45 days, with one possible 45-day extension for complex requests).
11. Global Privacy Control (GPC)
We honor the Global Privacy Control browser signal as a valid opt-out of any sale or sharing of personal information. When we detect a GPC signal from your browser, we will treat it as a request to opt out and will display a confirmation message acknowledging your signal has been honored.
12. Data retention
We retain personal information only as long as needed for the purposes described in this policy, to comply with our legal and tax obligations, to resolve disputes, and to enforce our agreements. Specific retention periods depend on the type of information:
- Account and billing records: retained for the duration of your subscription and for at least seven (7) years after termination, to satisfy tax, accounting, and audit requirements.
- Demo bookings and inquiry records: retained for up to twenty-four (24) months from last contact.
- Onboarding submissions: retained for the life of the engagement and for twelve (12) months after termination, then deleted unless retention is required for legal reasons.
- Server logs and security records: retained for up to ninety (90) days, then deleted, except where required for active investigations.
- Customer communications and support records: retained for up to thirty-six (36) months from the date of the communication.
When we no longer need personal information for these purposes, we delete or de-identify it.
13. Children's privacy
Our services are intended for businesses and the adults who operate them. We do not knowingly collect personal information from anyone under 16. If you believe we have collected personal information from a person under 16, contact us at privacy@k2asolutions.com and we will delete it.
14. International users
K2A is based in the United States and our services are offered to U.S. businesses. If you access our website or services from outside the United States, your information will be transferred to and processed in the United States. By using our services from outside the United States, you consent to the transfer of your information to the United States.
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with data protection laws that apply to international transfers, contact us at privacy@k2asolutions.com for additional information about safeguards available to you.
15. Security
We maintain administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. For details on our security practices, hosting, encryption, sub-processors, and incident response, see our Security page.
No method of transmission or storage is 100% secure. We commit to notifying affected individuals and regulators of personal information security incidents without undue delay and in any event within seventy-two (72) hours of confirmation of an incident, where required by applicable law.
16. Changes to this policy
We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will provide additional notice (for example, by email to account holders or by posting a notice on our website) before the change takes effect.
17. Contact us
Questions about this policy or our privacy practices:
- Email: privacy@k2asolutions.com
- General contact: team@k2asolutions.com
- Mail: K2A Solutions LLC, New York, NY