Legal
Last updated: 1 June 2025
1. Overview
Kiyo (“we”, “our”, “the assistant”) is an AI shopping interface operated by Kapruka Holdings (Pvt) Ltd (“Kapruka”). This policy explains what data we collect when you use Kiyo, how we use it, and your rights. By using Kiyo you agree to the practices described here.
2. Data We Collect
We do not collect payment card details. All payment processing is handled directly by Kapruka's PCI-compliant checkout infrastructure.
3. How We Use Your Data
Conversation data may be reviewed by Kapruka's engineering team in anonymised or aggregated form to improve the service. We do not sell your personal data to third parties.
4. AI Processing
Kiyo is powered by a third-party large language model (such as Anthropic Claude, OpenAI GPT, or Google Gemini, depending on configuration). Messages you send may be processed by the respective AI provider's infrastructure, subject to their privacy policies. We do not pass personally identifiable information to the AI model unless you include it in a message yourself (e.g. a delivery address).
5. Data Retention
Chat history, cart contents, and session state live entirely in your browser's local storage — Kiyo does not operate a backend database and does not persist your conversations on its own servers. During an active session, your messages pass through Kiyo's server only momentarily, to be relayed to the AI provider and to Kapruka's order systems. Order records themselves are retained by Kapruka as required by Sri Lankan commercial law.
6. Cookies
Kiyo uses essential browser storage (localStorage and sessionStorage) to maintain your cart, chat history, and session state. No third-party advertising or tracking cookies are set by Kiyo. You can clear your browser storage at any time through your browser settings, which will reset your cart and history.
7. Your Rights
You have the right to:
To exercise any of these rights, email colombo.office@kapruka.com.
8. Security
All data is transmitted over HTTPS. Kapruka employs industry-standard security practices including encryption at rest and in transit, role-based access controls, and regular security audits. Despite these measures, no system is entirely secure — please do not share sensitive credentials through the chat interface.
9. Third-Party Services
Kiyo integrates with the following third-party services, each governed by their own privacy policies:
10. Changes to This Policy
We may update this policy from time to time. Material changes will be indicated by an updated “Last updated” date at the top of this page. Continued use of Kiyo after changes constitutes acceptance of the revised policy.
11. Contact
For privacy-related enquiries, contact Kapruka Holdings (Pvt) Ltd:
colombo.office@kapruka.com
147 Old Kottawa Road, Nugegoda 10250, Sri Lanka