Legal

Privacy Policy

Last updated: July 1, 2026

Kipper Inc. (“Kipper,” “Company,” “We,” “Our”) respects your privacy and is committed to protecting it through our compliance with this policy. This document details the types of information we may collect or that you may provide when you access, use, or register with any of our services, including the Kipper conversational finance intelligence platform (collectively, “Services”), and our practices for using, maintaining, protecting, and disclosing that information.

Please read this carefully to understand our policies and practices regarding your information and how we will treat it. By using or registering with our Services, you agree to this Privacy Policy. Your continued use of our Services after we make changes is deemed to be acceptance of those changes, so please check this policy periodically for updates.

This policy is organized in two parts. Part 1 applies to all Kipper services. Part 2 contains additional terms specific to the Kipper platform.

Part 1: General Privacy Policy

Information We Collect and How We Collect It

We collect information from and about users of our Services:

  • Directly from you when you provide it to us.
  • Automatically when you use the Services.

Information You Provide to Us

When you use or register with the Services, we may ask you to provide information by which you may be personally identified, such as your name, email address, postal address, phone number, and any other identifier by which you may be contacted or identified online or offline (“Personal Information”).

This information includes:

  • Information that you provide by filling in forms in the Services, including at the time of registering to use the Services.
  • Details of your subscription and billing interactions with us.
  • Records and copies of your correspondence, including email addresses and phone numbers, if you contact us or report a problem with the Services.
  • Your responses to surveys that we might ask you to complete for research purposes.

Automatic Information Collection

When you access or use the Services, we may automatically collect:

  • Usage Details. Certain details of your access to and use of the Services, including traffic data, location data, logs, and other communication data and the resources you access through the Services.
  • Device Information. Information about your device and internet connection, including IP address, operating system, and browser type.
  • Session Recordings. We use session recording tools, which may include PostHog and other similar services, to record activity for logged-in users of the Kipper platform, including clicks, navigation, and interactions within the Service. This data is used to improve the Service, diagnose issues, and provide support. All text input fields are configured to be masked in session recordings. Session recordings are not used for advertising purposes and are not sold or shared with third parties except as necessary to operate the Service. By using the Service, you consent to this recording as described in our Terms of Service.

Cookies and Tracking

Analytics. We use Umami, a first-party, cookieless analytics tool, to understand how visitors use the Site, collecting information such as pages viewed, time spent, referral source, and device type. This data is processed by Kipper and is not shared with third parties. For logged-in platform users, we use session recording and product analytics tools as described in Part 2 of this policy.

Advertising. We run advertising campaigns on third-party platforms such as Meta and LinkedIn. We do not place any advertising, retargeting, or tracking pixels, tags, chat widgets, or session-recording tools on this Site. We may use UTM parameters or similar campaign identifiers in links from those campaigns to attribute traffic once a visitor arrives at the Site; this information is read directly from the URL and is not transmitted back to those platforms.

Embedded Third-Party Tools. Certain pages — for example, our meeting-scheduling pages — embed third-party tools such as Calendly to provide their functionality. Calendly’s widget does not load until you click to schedule a time; nothing is requested from Calendly before that point. Once loaded, these tools operate under the applicable third party’s own privacy practices, not this policy.

Cookie Controls. This Site does not set advertising or tracking cookies. To the extent any cookies are used for basic site functionality, most browsers allow you to refuse or delete them, though doing so may affect the functionality of the Site.

California Residents. Kipper does not currently share personal information for cross-context behavioral advertising from this Site. California residents may still have rights under the CCPA with respect to personal information we do collect; contact us at legal@kipper.com to exercise those rights.

Use of Personal Information We Collect

We may use the information we collect in the following ways:

  • To set up and manage your account with us.
  • To provide the Services and manage your subscription and billing.
  • To deliver service messages, including confirmations, invoices, technical notices, security alerts, and support and administrative messages.
  • To personalize your experience and deliver content in which you are most interested.
  • To conduct aggregated analysis of the performance of our Services.
  • To comply with our legal obligations.

We aim to collect only the information reasonably necessary to deliver the Services you use, and to minimize what we collect where practicable.

How We May Share Information We Collect

We may share personal information as follows:

  • With third-party service providers that perform services on our behalf, such as payment processing, hosting, and analytics.
  • In connection with a business transaction such as a merger, acquisition, financing, or sale of all or part of our business or assets. Where required by law or reasonably practicable, we will notify you before your personal information becomes subject to a different privacy policy.
  • To respond to lawful requests and legal processes.
  • To protect the rights and property of Kipper, our agents, customers, and others, including enforcing our agreements and policies.
  • In an emergency, to protect the safety of our employees, customers, or any person.

We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties except as described in this policy.

Sub-Processors

We use third-party sub-processors to operate the Service — for example, cloud hosting, error monitoring, product analytics and session recording, payment processing, and messaging providers. We engage them to process data as needed to provide their services, under written terms requiring data-protection obligations consistent with applicable law. Our current sub-processors are listed at kipper.com/subprocessors.

SMS Communications

We may collect your mobile phone number when you voluntarily provide it via a web form or account registration. Mobile numbers are used to operate the SMS interface — including to receive your questions and deliver Service responses — and to send transactional messages such as account notifications and security alerts. They may be disclosed to service providers (such as our SMS provider) as needed to deliver and support those messages.

Mobile information will not be shared with third parties or affiliates for marketing or promotional purposes. Sharing with service providers that help us operate and deliver the SMS service (such as our SMS provider) is permitted. Text messaging originator opt-in data and consent will not be shared with any third parties.

Providing a mobile number and opting in to SMS communications is entirely optional and is not a condition of purchasing or using our Services. If you opt in, you may opt out at any time by replying STOP to any message. Reply HELP for assistance. Message frequency varies. Message and data rates may apply. For full SMS terms including consent procedures, see our Terms of Service.

Data Retention

We retain personal information we collect from you where we have an ongoing legitimate business need to do so — for example, to provide you with the Services, or to comply with applicable legal, tax, or accounting requirements.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or securely store it and isolate it from any further processing until deletion is possible.

Product-specific data retention practices are described in Part 2 of this policy.

Security of Your Personal Information

The security of your Personal Information is important to us. We use commercially reasonable technical and organizational measures designed to protect your Personal Information against loss, misuse, unauthorized access, disclosure, alteration, and destruction, including encrypting sensitive information in transit using standard protocols.

Data Residency. Customer data, including financial data connected through the Service, is generally hosted on AWS infrastructure in the United States by default. Enterprise customers may request that additional regions be made available; please contact support@kipper.com to discuss.

Please be aware that despite our efforts, no security measures are impenetrable. If you use a password on the Services, you are responsible for keeping it confidential. If you believe your credentials have been compromised, please notify us immediately.

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users, and applicable regulators or authorities where required by law, as soon as reasonably practicable.

References in this Privacy Policy to “GDPR” include both the European Union General Data Protection Regulation (“EU GDPR”) and the United Kingdom General Data Protection Regulation (“UK GDPR”), where applicable.

Our legal basis for collecting and using personal information will depend on the information concerned and the specific context in which we collect it.

We will normally collect personal information from you only (i) where we need it to perform a contract with you; (ii) where the processing is in our legitimate interests and not overridden by your rights; or (iii) where we have your consent to do so. We have a legitimate interest in operating our Services and communicating with you as necessary to provide them, including responding to your queries, improving our platform, and detecting or preventing illegal activities.

In some cases, we may also have a legal obligation to collect personal information, or may need it to protect your vital interests or those of another person. Where we ask you to provide personal information to comply with a legal requirement or to perform a contract, we will make this clear at the relevant time.

Your Data Protection Rights Under the General Data Protection Regulation (GDPR)

If you are a resident of the European Union, you have the following data protection rights:

  • The right to access, correct, update, or request deletion of your personal information.
  • The right to object to processing, request restriction of processing, or request portability of your personal information.
  • The right to opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email we send you.
  • Where we rely on your consent to process personal information, the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
  • The right to complain to your local data protection authority.

We respond to all requests from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

If you are a resident in the European Economic Area and believe we are unlawfully processing your personal information, you have the right to complain to your local data protection supervisory authority.

If you are a resident in Switzerland, the relevant authority is the Federal Data Protection and Information Commissioner.

To exercise your GDPR rights, please contact us.

Your Data Protection Rights under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have the right to:

  • Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes for collection, and the categories of third parties with whom we have shared it.
  • Request deletion of personal information we have collected from you, subject to certain exceptions recognized by the CCPA.
  • Opt out of the sale or sharing of your personal information. We do not sell personal information, and we do not currently share personal information for cross-context behavioral advertising. If you have questions about our current practices or wish to make a request, contact us at legal@kipper.com.

We will not charge you different prices or provide a different quality of service based on your exercise of CCPA rights. To exercise your CCPA rights, please contact us.

Commercial Communications

We send commercial messages in accordance with applicable laws, including the CAN-SPAM Act (United States), Canada’s Anti-Spam Legislation (CASL), and applicable rules in other regions. Our commercial messages are designed to include a clear way to opt out, and we honor unsubscribe and withdrawal requests. You may opt out at any time by using the unsubscribe link in any email, by replying STOP to any SMS message, or by contacting us directly. Where applicable law requires consent before sending, we obtain it.

Updating and Accessing Your Personal Information

If your Personal Information changes, we invite you to correct or update it. We will retain your information for as long as your account is active or as needed to provide you Services. If you wish to cancel your account or request deletion of your Personal Information, please contact us. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Choices About Use of Your Information

  • You may request that your account be deleted. Certain financial recordkeeping information may be retained where we have a legitimate legal or financial interest in doing so.
  • You may unsubscribe from promotional emails by following the instructions at the end of any such email. Even if you unsubscribe, we may still contact you for transactional, account-related, or administrative purposes.
  • Most browsers allow you to disable cookies. Please note that disabling cookies may affect the functionality of our Services.

The Services may include links to third-party websites whose privacy practices may differ from ours. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to review the privacy policy of any third-party website you visit.

Notice Concerning the Information of Children

Our Services are not directed to children under the age of 18 and we do not intentionally collect information from children under 18. Please contact us if you believe a child has provided Personal Information to us and we will take reasonable steps to delete it as required by law.

Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will update the “Last Updated” date at the top of this page and may notify you by email. We encourage you to review this Policy periodically.

Questions About This Policy

If you have any questions about this Policy or our privacy practices, please contact us at legal@kipper.com.

Part 2: Kipper Platform

This section applies to users of the Kipper conversational finance intelligence platform, including its Slack, Microsoft Teams, AI assistant (such as Claude, ChatGPT, and Gemini), and other integrations. It supplements Part 1 and prevails in the event of any conflict with respect to the Kipper platform specifically.

When Kipper accesses and processes financial data through your connected finance systems, it does so as a data processor acting on your organization’s behalf and under your instructions, as described in our Data Processing Agreement. The controller of that data is your organization. Part 1 of this policy applies to personal data Kipper processes as a controller — including account, billing, and website data.

Finance Data

To provide the Kipper platform, we connect to finance systems you authorize and store a copy of relevant financial data on our servers. Kipper operates in read-only mode with respect to your connected finance systems — it does not write to, modify, or delete your data. The level of access required varies by integration; some finance systems require administrative permissions to read the data needed to provide the Service. This stored data is used to provide, secure, support, and maintain the platform, as described in this policy and our Data Processing Agreement, and is not sold. We do not share it with third parties except with sub-processors that help us operate the Service, customer-directed integrations or communication channels you configure (such as Slack, Microsoft Teams, or SMS), and as required by law.

The platform is designed to log queries submitted through it for security, audit, and service improvement purposes.

Data Retention

Stored finance data is retained for as long as your account remains active. If your access is provided on a free trial or evaluation basis, we may suspend access and delete data associated with the trial after a reasonable period once the trial ends, unless the account converts to a paid subscription, subject to legal, backup, security, and audit retention. Upon account closure or disconnection of a finance system, data associated with that connection is deleted within a reasonable period. Query logs may be retained for as long as necessary for security, audit, and operational purposes.

Access Controls

Access to finance data within the Kipper platform is governed by data access configurations set by your organization’s account administrator. Different users or teams within your organization may be granted access to different subsets of data in accordance with these configurations.