Privacy Policy

Last updated 19 Feb 2025

1 – Who we are

Nilhan & Co Limited (company number 07992110, registered in England & Wales) trades under the brand Krator AI and operates the website krator.ai as well as the SaaS platform Monitor. Nilhan & Co Limited is the data-controller for all activities described in this notice.

Registered address: 78 Locks Hill, Brighton and Hove, BN41 2LD

Contact: privacy@krator.ai

2 – Scope of this policy

This notice explains how we collect, use, share and protect personal data when you:

• visit or interact with krator.ai (the “Website”)

• purchase consulting or AI-automation services from Krator AI / Nilhan & Co (the “Services”)

• use, or are referenced in, our paid-media management and analytics platform Monitor (the “Platform”)

It applies to clients, prospective clients, suppliers, job applicants, Website visitors and individuals whose data reach our Platform through authorised integrations such as LinkedIn Lead Gen Forms.

3 – What data we collect

• Website browsing: IP address, device details, cookie IDs and page-interaction events gathered from your browser and analytics cookies.

• Enquiries and demos: name, work e-mail, phone number, company and any message content collected via web forms, Calendly or direct email.

• Client onboarding: company information, billing contact and project documentation provided directly by the client.

• Platform (Monitor): lead-form fields captured on LinkedIn (for example name, job title and e-mail), hashed audience lists and advertising-performance metrics obtained via LinkedIn APIs under the client’s authority.

• Marketing communications: e-mail-open and click data plus communication preferences collected through services like Mailchimp or HubSpot.

We do not intentionally collect special-category data (such as health or ethnicity) or information about children.

4 – How and why we use your data

• To deliver consulting services, run Monitor and transfer leads to client CRMs. Legal basis: performance of a contract (UK GDPR Article 6 (1)(b)).

• To maintain and improve the Website and Platform, ensure security and prevent fraud. Legal basis: legitimate interests (6 (1)(f)).

• To send product updates, newsletters and event invitations. Legal basis: consent (6 (1)(a)) or legitimate interests for B2B marketing.

• To handle billing, accounting, taxation and other legal obligations. Legal basis: legal obligation (6 (1)(c)).

• To defend or pursue legal claims. Legal basis: legitimate interests (6 (1)(f)).

We never sell personal data or use it for profiling beyond the advertiser’s own marketing objectives.

5 – Sharing and international transfers

We share data only with:

• service providers such as AWS, Heroku, data-warehouse, e-mail and CRM vendors who operate under strict data-processing agreements;

• advertising platforms and APIs you authorise (for example LinkedIn Marketing API) so we can deliver the Services;

• professional advisers and regulators where required by law.

Our primary servers are located in the UK. If data must be transferred outside the UK or EU, we rely on UK adequacy decisions or Standard Contractual Clauses together with additional safeguards.

6 – Security

All data are encrypted in transit using TLS 1.2 or higher and at rest using AES-256. Access is restricted through role-based permissions and multi-factor authentication. Annual penetration tests are performed and every API call and export from Monitor is logged.

7 – Retention

• Website analytics: kept for up to 26 months.

• Leads stored in Monitor: retained for 90 days by default or less on client request.

• Contract and billing records: stored for six years after the contract ends.

• Marketing records: retained until you unsubscribe or after 24 months of inactivity.

Data are securely erased or anonymised when the retention period ends.

8 – Your rights

You have the right to access, rectify or erase your personal data; restrict or object to processing; receive a copy of your data in portable format; and withdraw consent at any time. To exercise any of these rights, e-mail privacy@krator.ai. We will respond within one month. You may also lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk).

9 – Cookies

We use first-party cookies for site functionality and Google Analytics for aggregate usage statistics. You can manage cookies through your browser settings. Disabling non-essential cookies will not affect core site functions.

10 – Children

Our Website, Services and Platform target business users and are not directed at anyone under 16. If you believe a child has provided us personal data, please contact us so we can delete it promptly.

11 – Changes to this policy

We may update this notice to reflect legal, technical or business changes. When we do, we update the “Last updated” date and, if the changes are substantial, provide at least 14 days’ notice via the Website or email.

12 – Contact

If you have questions about this policy or our privacy practices, e-mail privacy@krator.ai or write to: Data Protection Officer, Nilhan & Co Limited, 78 Locks Hill , BN41 2LD, United Kingdom.