Kyrox

Privacy Policy

Last updated: 19 January 2026

1. Who we are

Kyrox Systems is a startup building a chat-first project management platform. We are currently operating an MVP in private beta.

This Privacy Policy explains how we collect, use, store, and protect personal data when you access or use Kyrox.

For the purposes of applicable data protection laws, Kyrox Systems is the data controller.

2. Information we collect

We collect information needed to provide and secure the service, and to support integrations you choose to connect.

This may include:

  • Account and profile information
    Email address, name, and basic profile details such as avatar image and job title.
  • Authentication information
    If you sign in via Replit OpenID Connect, we receive standard identity claims such as a unique account identifier, email, name, and profile details. We also maintain active sessions to keep you signed in.
  • Workspace and user-generated content
    Projects, tasks, messages, notes, attachments, and other content you submit to the platform.
  • Organisation and access information
    Organisation membership, roles, invitations, and access control data used to enforce tenant and permission boundaries.
  • Integrations data (only when you connect an integration)
    If you connect third-party services such as Google, Microsoft, Slack, GitHub, or project and task tools, we may process data from those services that you authorise, such as calendars and events, file metadata, messages, issues, and imported projects or tasks.
  • Integration credentials
    To keep integrations working, we store connection credentials such as access tokens and refresh tokens, along with authorised scopes and basic external account identifiers (for example an account ID and display name). These are used only to provide the integration functionality you enable.
  • Usage and technical data
    Basic technical logs and telemetry, such as timestamps, device and browser information, and error diagnostics. This is used to maintain stability, security, and performance.

We do not sell personal data and we do not use personal data for advertising.

3. How we use your information

We use collected information to:

  • Provide and operate the Kyrox service
  • Authenticate users and secure access
  • Enforce organisation and permission boundaries
  • Maintain reliability, monitor performance, and prevent abuse
  • Support and run integrations you choose to connect
  • Communicate important service-related information, including security and operational notices

4. Third-party integrations

Kyrox supports optional integrations with third-party services. If you choose to connect an integration, Kyrox will access and process data from that provider in line with the permissions you authorise.

Examples of data we may access depending on the integration include:

  • Calendar lists and events (Google Calendar, Microsoft Outlook via Microsoft Graph)
  • File and folder metadata (Google Drive, Microsoft OneDrive)
  • Messaging and workspace metadata (Slack)
  • Repository and issue metadata (GitHub)
  • Imported project and task data (for example Asana, Trello, Jira, and similar tools)

You can disconnect an integration at any time through the product. Disconnecting stops new data access via that provider, subject to normal technical and operational delays.

5. Tokens and credentials

Where an integration uses OAuth, Kyrox stores tokens required to maintain the connection, including refresh tokens where provided by the integration. These tokens are used only to perform actions you authorise and to keep the integration working.

We take reasonable measures to protect tokens and credentials and restrict access to authorised personnel and systems only.

6. Cookies and local storage

Kyrox uses cookies and similar local storage mechanisms to maintain secure sessions, remember authentication state, and support core functionality.

You can control cookies through your browser settings. Disabling cookies may affect functionality, including your ability to sign in and remain signed in.

7. Logging and diagnostics

Kyrox processes technical logs to operate and secure the service. Logs may include request metadata and limited diagnostic information to investigate errors and improve reliability.

We aim to reduce the amount of personal data captured in logs, apply redaction where appropriate, and restrict access to authorised personnel.

8. Payments and billing

If your organisation uses paid features or billing-related services, we may process billing contact information and payment-related identifiers required to manage subscriptions and payment confirmation (for example, transaction references or subscription tokens provided by a payment processor).

Payment processing is handled by third-party payment providers. We do not store full payment card details on Kyrox systems.

9. Data retention

We retain personal data only as long as needed to provide the service, secure the platform, and meet legal or operational obligations.

Some retention periods are time-limited by design, such as session data and verification tokens. For other platform data, retention depends on product and operational needs, including the need to maintain system integrity and appropriate auditability.

You may request deletion of your account and associated personal data. Some data may be retained where required for security, fraud prevention, dispute resolution, or legal compliance.

10. Your rights

As a matter of company policy, Kyrox provides all users with the following rights, regardless of location:

  • Right of access
    You may request access to the personal data we hold about you.
  • Right to correction
    You may request that inaccurate or incomplete personal data be corrected.
  • Right to deletion
    You may request deletion of your account and associated personal data, subject to operational, security, or legal constraints.
  • Right to restriction or objection
    You may request that certain processing of your personal data be restricted or object to specific uses, where applicable.
  • Right to data portability (where feasible)
    You may request a copy of your personal data in a commonly used, machine-readable format, where technically feasible.

Requests can be made using the contact details below. We aim to respond within a reasonable timeframe and may require verification of identity before fulfilling requests.

11. Changes to this policy

We may update this Privacy Policy as the product evolves. The “Last updated” date will reflect the most recent changes.

Material changes will be communicated where appropriate.

12. Contact

For questions about this Privacy Policy or data handling, contact:

support@kyrox-systems.com