Privacy Policy
Effective date: March 7, 2026 | Last updated: March 7, 2026
Introduction
KTLYST Labs ("KTLYST," "we," "us," or "our") respects your privacy and is committed to protecting the personal data we collect. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.
This policy applies to visitors of ktlystlabs.com and related subdomains, individuals who interact with us through email, forms, or scheduling tools, and prospective design partners, investors, and customers.
1. Data We Collect
Data you provide directly
- Contact information - name, email address, company name, job title (when you schedule a call, submit a form, or email us)
- Communication content - messages you send via email or contact forms
- Design partner applications - organizational details, security stack information, and use-case descriptions submitted through our partner program
Data collected automatically
- Analytics data - pages visited, time on site, referral source, and general geographic region (via Google Analytics with bot filtering enabled)
- Device and browser data - browser type, operating system, screen resolution, and language preference
- Cookies - we use only first-party analytics cookies. We do not use advertising or tracking cookies.
Data we do not collect
- We do not collect passwords, payment information, or financial data through this website
- We do not purchase or obtain personal data from third-party data brokers
- We do not collect data from minors (our services are for business use only)
2. How We Use Your Data
| Purpose | Legal basis (GDPR) |
|---|---|
| Respond to inquiries and schedule meetings | Legitimate interest / consent |
| Evaluate design partner fit | Legitimate interest |
| Improve website content and user experience | Legitimate interest |
| Send updates you have opted into (e.g., signals newsletter) | Consent |
| Comply with legal obligations | Legal obligation |
We do not sell, rent, or trade your personal data to third parties. We do not use your data for automated decision-making or profiling.
3. Third-Party Services
We use a limited number of third-party services to operate this website and communicate with you.
| Service | Purpose | Data shared |
|---|---|---|
| Google Analytics | Website analytics | Anonymized usage data (IP anonymization enabled) |
| Google Calendar | Meeting scheduling | Name, email (provided by you) |
| Vercel | Website hosting | Server logs (IP, user agent) |
| Google Workspace | Email communication | Email content you send us |
Each service operates under its own privacy policy. We select services that maintain appropriate security and privacy standards.
4. Data Retention
We retain personal data only as long as necessary for the purpose it was collected.
- Contact and communication data - retained for the duration of the business relationship, plus 24 months
- Analytics data - retained for 14 months (Google Analytics default with anonymization)
- Design partner application data - retained for the duration of the engagement, or 12 months after last contact if not accepted
You may request deletion of your data at any time (see Your Rights below).
5. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encrypted data transmission (TLS/HTTPS on all pages)
- Access controls limiting data access to authorized personnel only
- Regular review of data handling practices
- Vendor security assessment before adopting third-party tools
No system is perfectly secure. If we become aware of a data breach affecting your personal data, we will notify you and the relevant authorities as required by applicable law.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data.
Under GDPR (EEA, UK, Switzerland)
- Access - request a copy of the data we hold about you
- Rectification - correct inaccurate data
- Erasure - request deletion of your data
- Restriction - limit how we process your data
- Portability - receive your data in a structured, machine-readable format
- Objection - object to processing based on legitimate interest
- Withdraw consent - where processing is based on consent, withdraw at any time
Under CCPA/CPRA (California residents)
- Right to know - what personal information we collect, use, and disclose
- Right to delete - request deletion of personal information
- Right to correct - correct inaccurate personal information
- Right to opt out - opt out of the sale or sharing of personal information (we do not sell personal data)
- Non-discrimination - exercise your rights without receiving discriminatory treatment
To exercise any of these rights, email us at privacy@ktlystlabs.com. We will respond within 30 days (GDPR) or 45 days (CCPA).
7. International Data Transfers
KTLYST Labs is based in the United States. If you are accessing this website from the European Economic Area, United Kingdom, or other regions with data protection laws, your data may be transferred to and processed in the United States.
We rely on Standard Contractual Clauses (SCCs) and service provider commitments where applicable to ensure adequate protection for international transfers.
8. Cookies
This website uses a minimal set of cookies.
- Essential cookies - required for the website to function (hosting, security)
- Analytics cookies - Google Analytics (_ga, _gid) to understand site usage with anonymized data
We do not use advertising cookies, social media tracking pixels, or cross-site tracking. You can disable cookies through your browser settings. Disabling analytics cookies will not affect your experience on this site.
9. Children's Privacy
Our website and services are designed for business professionals. We do not knowingly collect personal data from anyone under the age of 16. If we learn that we have collected data from a minor, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy as our practices or applicable laws change. We will update the "Last updated" date at the top of this page. For material changes, we will provide notice through our website.
11. Contact Us
If you have questions about this Privacy Policy, your personal data, or wish to exercise your rights:
If you are in the EEA and believe your data protection rights have not been adequately addressed, you have the right to lodge a complaint with your local Data Protection Authority.