Privacy Policy

KRO AI — Chrome Extension & Platform

Last updated: May 23, 2026

1. Who We Are

KRO AI is a product developed and operated by KRO SERVICOS E AUTOMACOES LTDA, a company registered under Brazilian law (CNPJ 66.387.336/0001-67), headquartered at Rua Itaguara, 120 — Cidade Vargas — Jabaquara, São Paulo, SP, Brazil. KRO AI is a SaaS platform for AI-powered copy testing and landing page conversion optimization. Our Chrome extension allows users to select text elements on their landing pages so that our platform can generate and test alternative copy variations.

2. Data We Collect

We collect the following categories of data: Account registration data: name, email address, phone number, and a user-created password. Billing data for individual subscribers (Pessoa Física): full name, CPF, and full address. Billing data for business subscribers (Pessoa Jurídica): CNPJ, company legal name, full company address, name of the financial contact, and business phone number. Payment card details are collected and processed exclusively by Stripe and are never stored on our servers. Extension usage data: when you use our Chrome extension to select a text element on your landing page, the text content of that selected element is sent to our servers. The extension only accesses information from the active tab and does not collect browsing history, personal data from web pages, or any data from other tabs. Platform usage data: we collect event-based analytics data through PostHog and Vercel Analytics to understand how users interact with the KRO AI dashboard, and we use Railway logs to monitor API calls for reliability and debugging purposes.

3. How We Use Your Data

We use your data for the following purposes: to create and manage your account; to process payments and manage subscriptions; to generate AI-powered copy variations based on the text elements you select; to monitor, analyze, and improve the performance and reliability of our platform; to provide customer support; and to comply with legal obligations. We do not use your data for advertising, profiling, or any purpose unrelated to delivering and improving the KRO AI service.

4. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with the following third-party service providers, strictly to the extent necessary to operate our platform: OpenAI and Anthropic, for AI-based copy generation. Stripe, for payment processing. Supabase, for database hosting and authentication. Cloudflare, for security and traffic metrics. PostHog, for product analytics and event monitoring. Vercel, for hosting and web analytics. Railway, for API logging and infrastructure monitoring. Each provider operates under its own privacy policy and data processing terms. We may also disclose data when required by law, court order, or regulatory authority.

5. Security

We implement industry-standard technical and organizational measures to protect your data, including encrypted data transmission via HTTPS/TLS, secure authentication managed through Supabase, network-level protection through Cloudflare, and access controls limiting data access to authorized personnel only. While no system is completely immune to security risks, we continuously work to safeguard your information.

6. Data Retention

We retain your personal data for as long as your account is active. Upon account cancellation, we retain your data for 90 days to allow for account recovery or to address any outstanding issues. After this period, your data is permanently deleted from our systems. Anonymized or aggregated data that cannot identify you may be retained indefinitely for analytical purposes.

7. Your Rights (LGPD)

Under the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados — LGPD), you have the right to: confirm whether we process your personal data; access the personal data we hold about you; correct incomplete, inaccurate, or outdated data; request anonymization, blocking, or deletion of unnecessary or excessive data; request data portability; request the deletion of data processed with your consent; obtain information about which third parties your data has been shared with; and revoke your consent at any time.

To exercise any of these rights, contact us at contato@usekro.ai. We will respond within 15 business days.

8. Cookies and Local Storage

Our Chrome extension uses chrome.storage.local solely to store your Supabase authentication session so you can remain logged in.

Our landing page does not use cookies. Our dashboard platform uses essential cookies required for authentication and session management after you have created an account. We also use essential tracking cookies when a user accesses their landing page through our platform to enable the text selection functionality. We do not use marketing, advertising, or non-essential tracking cookies.

9. International Data Transfer

Our infrastructure providers, including Supabase, Stripe, OpenAI, Anthropic, Vercel, PostHog, Cloudflare, and Railway, host and process data on servers located in the United States. As a result, your data is transferred to and processed in the United States at various stages, including API calls for copy generation, analytics processing, and payment processing. These transfers are necessary to provide the KRO AI service and are conducted with appropriate safeguards in accordance with applicable data protection laws.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email or through a prominent notice on our platform. The "Last updated" date at the top of this page indicates when this policy was last revised. Continued use of KRO AI after changes have been posted constitutes acceptance of the updated policy.

11. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, contact us at:

KRO SERVICOS E AUTOMACOES LTDA CNPJ: 66.387.336/0001-67 Rua Itaguara, 120 — Cidade Vargas — Jabaquara, São Paulo, SP, Brazil Email: contato@usekro.ai Website: usekro.ai

12. Chrome Web Store — Limited Use Disclosure

KRO AI's use and transfer of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Our Chrome extension requests the following permissions: sidePanel, to display the KRO AI interface in the browser's side panel; storage, to store your authentication session locally; activeTab, to access the content of the tab you are currently viewing so you can select text elements; and tabs, to identify the URL of the active tab and ensure the extension operates only on your landing pages. The extension also requires host permissions for https://*.supabase.co/ to handle user authentication and for https://api.usekro.ai/ to communicate with the KRO AI backend servers.

The extension accesses data from the active tab exclusively to allow you to select text elements on your own landing pages for copy testing purposes. We only collect the text content of elements you explicitly select. This data is sent to our servers solely to generate AI-powered copy variations as part of the KRO AI service.

We do not use data obtained through the Chrome extension for advertising, market research, or any purpose unrelated to the core functionality of KRO AI. We do not sell this data to third parties. Data collected through the extension is handled in accordance with all sections of this Privacy Policy.