Cairo Network

1. Who We Are

Cairo AI ("Cairo," "we," "us," or "our") is operated by Cairo Technologies AB, a company registered in Sweden. We provide AI-powered customer support automation for e-commerce businesses.

Data Protection Officer: privacy@cairo.ai

Address: Cairo Technologies AB, Stockholm, Sweden

2. Data We Collect

2.1 Account Data (You as the User)

When you create an account, we collect:

Name and email address
Company/store name
Billing information (processed by our payment provider)
Account preferences and settings

2.2 Integration Data

When you connect your accounts, we access:

Email (Gmail): Email content, sender/recipient addresses, timestamps, thread information, and attachments for customer support emails
E-commerce (Shopify): Order data, customer information, product details, shipping/tracking information, and refund status
OAuth tokens: Securely stored credentials to maintain your integrations

2.3 End-Customer Data

Through your integrations, we process data about your customers, including:

Names and email addresses
Order history and purchase details
Shipping addresses
Support inquiries and communication history

Important: For this data, you are the data controller and Cairo is the data processor. See our Data Processing Agreement.

2.4 Learning and Feedback Data

To improve the AI for your account, we collect:

Your approval, edit, or rejection decisions on AI drafts
Edits you make to AI-generated responses
Patterns and preferences derived from your feedback
Confidence scores and accuracy metrics

2.5 Usage Data

We automatically collect:

Log data (IP address, browser type, access times)
Feature usage and interaction patterns
Performance and error data

3. How We Use Your Data

Purpose	Legal Basis (GDPR)
Providing the Service	Contract performance
Processing customer emails	Contract performance
Training AI on your feedback	Contract performance
Billing and payments	Contract performance
Security and fraud prevention	Legitimate interest
Product improvement	Legitimate interest
Marketing communications	Consent (opt-in)
Legal compliance	Legal obligation

4. Data Isolation and AI Training

Your data is never used to train AI for other customers.

Cairo maintains strict data isolation between accounts. The patterns and improvements learned from your feedback are used exclusively to improve the Service for your account.

Specifically:

Each customer account has isolated data storage
AI models are personalized per-account based on your feedback
No cross-tenant learning or data sharing occurs
Aggregated, anonymized statistics may be used for service-wide improvements

5. Data Sharing

We share data only in these circumstances:

5.1 Sub-processors

We use trusted service providers to operate Cairo. See our Sub-processors page for a complete list.

5.2 AI Providers

Email content is processed by our AI providers (e.g., Anthropic) to generate responses. These providers:

Process data only as instructed by us
Do not use your data to train their general models
Are bound by strict data processing agreements

5.3 Legal Requirements

We may disclose data if required by law, court order, or to protect our rights and safety.

5.4 Business Transfers

In the event of a merger, acquisition, or sale, your data may be transferred to the successor entity under equivalent privacy protections.

6. Data Retention

Data Type	Retention Period
Account data	Duration of account + 30 days
Email content	90 days (configurable)
Order data	Duration of account
Learning patterns	Duration of account
Billing records	7 years (legal requirement)
Usage logs	90 days

Upon account deletion, we delete or anonymize your data within 30 days, except where retention is required by law.

7. Data Security

We protect your data with:

Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
Access controls: Role-based access with multi-factor authentication for our team
Infrastructure: SOC 2 compliant cloud infrastructure hosted in the European Union
Monitoring: 24/7 security monitoring and incident response
Audits: Regular security assessments and penetration testing

8. International Data Transfers

Your data is primarily stored and processed in the European Union. When data is transferred outside the EU (e.g., to AI providers in the US), we ensure appropriate safeguards:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data Processing Agreements with all sub-processors
Assessment of third-country data protection laws

9. Your Rights (GDPR)

Under GDPR, you have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion of your data ("right to be forgotten")
Restriction: Limit how we process your data
Portability: Receive your data in a structured format
Object: Object to processing based on legitimate interests
Withdraw consent: Where processing is based on consent

To exercise these rights, contact us at privacy@cairo.ai. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In Sweden, this is Integritetsskyddsmyndigheten (IMY).

10. Cookies

We use cookies and similar technologies for:

Essential cookies: Required for the Service to function (authentication, security)
Analytics cookies: To understand how you use the Service (with your consent)

You can manage cookie preferences through your browser settings or our cookie consent banner.

11. Children's Privacy

Cairo is designed for business use and is not intended for individuals under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a minor, please contact us immediately.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top indicates when changes were made.

13. Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@cairo.ai
Address: Cairo Technologies AB, Stockholm, Sweden

We aim to respond to all inquiries within 30 days.

2. Data We Collect

2.1 Account Data (You as the User)

When you create an account, we collect:

Name and email address
Company/store name
Billing information (processed by our payment provider)
Account preferences and settings

2.2 Integration Data

When you connect your accounts, we access:

Email (Gmail): Email content, sender/recipient addresses, timestamps, thread information, and attachments for customer support emails
E-commerce (Shopify): Order data, customer information, product details, shipping/tracking information, and refund status
OAuth tokens: Securely stored credentials to maintain your integrations

2.3 End-Customer Data

Through your integrations, we process data about your customers, including:

Names and email addresses
Order history and purchase details
Shipping addresses
Support inquiries and communication history

Important: For this data, you are the data controller and Cairo is the data processor. See our Data Processing Agreement.

2.4 Learning and Feedback Data

To improve the AI for your account, we collect:

Your approval, edit, or rejection decisions on AI drafts
Edits you make to AI-generated responses
Patterns and preferences derived from your feedback
Confidence scores and accuracy metrics

2.5 Usage Data

We automatically collect:

Log data (IP address, browser type, access times)
Feature usage and interaction patterns
Performance and error data

3. How We Use Your Data

Purpose	Legal Basis (GDPR)
Providing the Service	Contract performance
Processing customer emails	Contract performance
Training AI on your feedback	Contract performance
Billing and payments	Contract performance
Security and fraud prevention	Legitimate interest
Product improvement	Legitimate interest
Marketing communications	Consent (opt-in)
Legal compliance	Legal obligation

4. Data Isolation and AI Training

Your data is never used to train AI for other customers.

Cairo maintains strict data isolation between accounts. The patterns and improvements learned from your feedback are used exclusively to improve the Service for your account.

Specifically:

Each customer account has isolated data storage
AI models are personalized per-account based on your feedback
No cross-tenant learning or data sharing occurs
Aggregated, anonymized statistics may be used for service-wide improvements

5. Data Sharing

We share data only in these circumstances:

5.1 Sub-processors

We use trusted service providers to operate Cairo. See our Sub-processors page for a complete list.

5.2 AI Providers

Email content is processed by our AI providers (e.g., Anthropic) to generate responses. These providers:

Process data only as instructed by us
Do not use your data to train their general models
Are bound by strict data processing agreements

5.3 Legal Requirements

We may disclose data if required by law, court order, or to protect our rights and safety.

5.4 Business Transfers

In the event of a merger, acquisition, or sale, your data may be transferred to the successor entity under equivalent privacy protections.

6. Data Retention

Data Type	Retention Period
Account data	Duration of account + 30 days
Email content	90 days (configurable)
Order data	Duration of account
Learning patterns	Duration of account
Billing records	7 years (legal requirement)
Usage logs	90 days

Upon account deletion, we delete or anonymize your data within 30 days, except where retention is required by law.

7. Data Security

We protect your data with:

Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
Access controls: Role-based access with multi-factor authentication for our team
Infrastructure: SOC 2 compliant cloud infrastructure hosted in the European Union
Monitoring: 24/7 security monitoring and incident response
Audits: Regular security assessments and penetration testing

8. International Data Transfers

Your data is primarily stored and processed in the European Union. When data is transferred outside the EU (e.g., to AI providers in the US), we ensure appropriate safeguards:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data Processing Agreements with all sub-processors
Assessment of third-country data protection laws

9. Your Rights (GDPR)

Under GDPR, you have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion of your data ("right to be forgotten")
Restriction: Limit how we process your data
Portability: Receive your data in a structured format
Object: Object to processing based on legitimate interests
Withdraw consent: Where processing is based on consent

To exercise these rights, contact us at privacy@cairo.ai. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In Sweden, this is Integritetsskyddsmyndigheten (IMY).

Privacy Policy

1. Who We Are

2. Data We Collect

2.1 Account Data (You as the User)

2.2 Integration Data

2.3 End-Customer Data

2.4 Learning and Feedback Data

2.5 Usage Data

3. How We Use Your Data

4. Data Isolation and AI Training

5. Data Sharing

5.1 Sub-processors

5.2 AI Providers

5.3 Legal Requirements

5.4 Business Transfers

6. Data Retention

7. Data Security

8. International Data Transfers

9. Your Rights (GDPR)

10. Cookies

11. Children's Privacy

12. Changes to This Policy

13. Contact Us

Product

Resources

Legal

Connect

Privacy Policy

1. Who We Are

2. Data We Collect

2.1 Account Data (You as the User)

2.2 Integration Data

2.3 End-Customer Data

2.4 Learning and Feedback Data

2.5 Usage Data

3. How We Use Your Data

4. Data Isolation and AI Training

5. Data Sharing

5.1 Sub-processors

5.2 AI Providers

5.3 Legal Requirements

5.4 Business Transfers

6. Data Retention

7. Data Security

8. International Data Transfers

9. Your Rights (GDPR)

10. Cookies

11. Children's Privacy

12. Changes to This Policy

13. Contact Us

Product

Resources

Legal

Connect