Privacy Policy

1. Information we collect

We may collect and process the following types of information:

• Account and profile information, such as name, email address, organization, role, and authentication identifiers.
• Workflow and operational data, such as task assignments, project details, schedules, and preferences provided by your Organization.
• Usage and device information, such as log data, browser type, device identifiers, IP address, and how you interact with the Services.
• Support and communications, including messages you send to us, feedback, and information you provide during onboarding, training, or support interactions.

2. How we use information

We use information for purposes including:

• providing, operating, and maintaining the Services;
• authenticating users and securing access to the platform;
• enabling workflow automation and optimization;
• analyzing usage to improve performance, reliability, and user experience;
• developing new features and capabilities, including AI-driven recommendations and planning tools;
• providing support, responding to inquiries, and communicating with you;
• meeting legal, regulatory, and compliance obligations, and enforcing our agreements.

3. How we share information

We do not sell personal data. We may share information in the following circumstances:

• With your Organization that provides you access to the Services, consistent with its internal policies and agreements with Korso.
• With service providers that perform services on our behalf, such as cloud hosting, monitoring, analytics, and communication tools, subject to appropriate contractual safeguards.
• With integration partners where your Organization has enabled those integrations.
• For legal, safety, and security reasons, such as to comply with law, respond to lawful requests, protect the rights and safety of Korso, our customers, or others, or to detect and prevent fraud or security incidents.
• In a business transfer, such as a merger, acquisition, financing, or sale of all or a portion of our assets, where information may be transferred as part of the transaction.

4. Data retention

We retain information for as long as necessary to provide the Services, to support your Organization's legitimate business needs, to comply with legal or regulatory obligations, to resolve disputes, and to enforce our agreements. Retention periods may vary depending on the type of data and the context in which it was collected.

5. Security

We use reasonable technical and organizational measures designed to protect information from unauthorized access, use, alteration, or destruction. No system can be guaranteed to be 100% secure, and you are responsible for maintaining the security of your account credentials and devices.

6. Third-party integrations

If you connect third-party services or integrations to Korso, we may access limited data from those services to authenticate your account and enable the integration functionality.

Data accessed through integrations is used solely to provide the requested functionality and is not used for advertising or unrelated purposes. We share integration data only with our core infrastructure providers under contracts that require the same level of protection, and with your Organization according to its configuration of the Services.

7. Your choices

Depending on your role and your Organization's configuration, you may have choices regarding certain data and communications, including:

• updating or correcting account profile information;
• managing certain notification preferences within the Services; and
• requesting access, correction, or deletion of personal data through your Organization, where applicable.

Many privacy rights and requests must be managed through your Organization, which controls how the Services are used in its operations.

8. International transfers

Korso may process and store information in countries other than the country where you are located. When we transfer personal data internationally, we do so in accordance with applicable data protection laws and, where required, use appropriate safeguards.

9. Children's privacy

The Services are not directed to children and are intended for use only in a business and professional context. We do not knowingly collect personal data from children.

10. Changes to this policy

We may update this privacy policy from time to time. If we make material changes, we will provide notice through the Services or by other reasonable means. Your continued use of the Services after the changes become effective indicates your acknowledgment of the updated policy.