KleinoraKleinora

Privacy Policy

Last updated: 3 May 2026

Kleinora (operated by LitsAI Technologies) takes your privacy seriously. This page explains what we collect, why, and what your rights are under the General Data Protection Regulation (GDPR / Regulation (EU) 2016/679) and Greek law.

1. Who we are

Data controller: LitsAI Technologies, contactable at support@litsaitechnologies.com. If you have any privacy question, that's the inbox to use.

2. What we collect

2.1 Account data

  • Your name and email address (you provide these at sign-up)
  • Hashed password (if you sign up with email/password — we never see the plain password)
  • OAuth provider IDs (if you sign up with Google or Apple — we only receive your email and name from them)
  • Phone number (optional, if you provide it)

2.2 Business data

If you create a business profile, we store the information you enter: business name, contact email, address, phone, opening hours, services, prices, staff names, and Greek B2B invoicing fields (legal name, ΑΦΜ, ΔΟΥ, accounting email).

2.3 Booking and customer data

Appointments you create or that customers book through your public booking page include: customer name, customer phone, optional customer email, the service booked, scheduled time. As a business operator, you are the data controller for your customers' information; we are your data processor.

2.4 Payment data

We do not store full card numbers, CVV, or expiry dates. Payment processing is handled entirely by Stripe. We store only the Stripe customer and subscription IDs Stripe gives us, plus the date and amount of your last payment.

2.5 Operational data

  • IP address (briefly, for rate limiting and security; not retained long-term)
  • Cookies — see our Cookie Policy
  • If you opt in to analytics, anonymous error reports and screen recordings of broken sessions only (so we can fix bugs)

3. Why we collect it (legal basis)

  • Contract performance (GDPR Art. 6(1)(b)) — to provide you the service you signed up for: storing your business, processing appointments, billing your subscription.
  • Legal obligation (Art. 6(1)(c)) — Greek accounting law requires us to keep certain invoicing records for a period set by law (typically 5 years).
  • Legitimate interest (Art. 6(1)(f)) — anonymous error monitoring to keep the platform reliable. We balance this against your interests by anonymizing data and providing opt-out via the cookie banner.
  • Consent (Art. 6(1)(a)) — analytics cookies and session replay are off by default; we activate them only after you opt in via the cookie banner. You can withdraw consent at any time by clearing your browser's site data.

4. Who we share data with

We only share data with vendors necessary to run the service:

  • Neon (cloud database hosting in the EU)
  • Netlify (web hosting)
  • Stripe (subscription billing — see their privacy policy linked above)
  • Resend (transactional email delivery)
  • Sentry (error monitoring — only if you opt in)
  • Google / Apple (OAuth identity verification, if you choose to sign in with them)

We do not sell your data, do not share it with advertisers, and never use it to train AI models.

5. Where data is stored

Primary storage is in the European Union (Neon EU region). Some sub-processors (Stripe, Sentry) may process data outside the EU under standard contractual clauses approved by the European Commission.

6. How long we keep it

  • Active account data: as long as your account is active.
  • Closed accounts: personal data is anonymized within 30 days of account deletion. Business and invoicing records are kept for 5 years to comply with Greek tax law, then deleted.
  • Logs / error reports: 90 days.

7. Your rights

Under GDPR you have the right to:

  • Access — get a copy of all your data we hold. Available in your account settings as "Export my data".
  • Rectification — correct inaccurate data. You can edit most fields directly in your account; for the rest, email us.
  • Erasure ("right to be forgotten") — delete your account. Available in account settings as "Delete my account". Subject to legal retention requirements above.
  • Restriction / objection — limit or object to our processing.
  • Portability — get your data in a machine-readable format (JSON). Same export endpoint as Access.
  • Withdraw consent — opt out of analytics at any time via the cookie banner or by clearing site data.
  • Lodge a complaint — with the Hellenic Data Protection Authority (www.dpa.gr) if you believe we've mishandled your data.

To exercise any of these rights, email support@litsaitechnologies.com. We respond within 30 days.

8. Security

We use industry-standard measures: HTTPS everywhere, encrypted passwords (bcrypt), authentication via secure HTTP-only cookies, rate limiting on sign-in, and audit logs for administrative changes. No system is 100% secure; in the event of a breach affecting your data, we will notify you within 72 hours as required by GDPR.

9. Children

Kleinora is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe we have, contact us and we will delete it.

10. Changes to this policy

We may update this policy occasionally. Material changes will be announced by email and on this page. The "Last updated" date at the top reflects the most recent revision.

11. Contact

Questions, requests, or complaints: support@litsaitechnologies.com.

PrivacyTermsCookiesSupport© 2026 LitsAI Technologies