Ken AI

Ken AI Privacy Policy

Company: Ken Technology LLC
Website: https://getken.ai
Privacy Contact: [email protected]
Effective Date: May 7, 2026
Last Updated: May 7, 2026

This Privacy Policy explains how Ken Technology LLC ("Ken," "Ken AI," "we," "us," or "our") collects, uses, discloses, and protects personal information in connection with our website, platform, managed outbound services, email infrastructure, AI personalization, analytics, reporting, integrations, and related services (the "Services").

This Privacy Policy applies to business users, clients, website visitors, and business prospects whose information may be processed in connection with the Services. The Services are intended for business-to-business use and are not intended for consumers or for personal, family, or household use.

1. Key Points

  • We provide B2B outbound, data, AI personalization, email infrastructure, analytics, and related services.
  • Our business database currently contains approximately 300 million business profiles and companies, subject to ongoing refresh, validation, deduplication, removal, and fluctuation over time.
  • We process different data in different roles. For some data, we act as a controller or business. For certain Client-uploaded data processed only on Client's instructions, we act as a processor, service provider, or contractor.
  • We do not sell personal information for money. Some retargeting, audience matching, measurement, or advertising activities may be considered a "sale," "sharing," or targeted advertising under certain U.S. state privacy laws, depending on how they are configured and where the individual is located.
  • Hashing an email address does not necessarily make it anonymous. Hashed identifiers may still be personal information or personal data.
  • We do not intentionally collect sensitive personal information or special category data for the Services.
  • We have not appointed a Data Protection Officer. Privacy inquiries should be sent to [email protected].

2. Scope and Roles

2.1 Ken as controller or business. Ken generally acts as an independent controller or business for personal information that we process for our own purposes, including website data, account data, billing records, support communications, security logs, product analytics, Ken-Sourced Data, the Ken Database, Suppression Data maintained for compliance, and aggregated or deidentified analytics.

2.2 Ken as processor, service provider, or contractor. Ken generally acts as a processor, service provider, or contractor when we process Client-uploaded lead lists, Client CRM data, Client suppression lists, or other Client Personal Data solely to provide Services to Client under the Data Processing Addendum.

2.3 Client responsibilities. Client is responsible for determining whether it may use the Services for a particular Campaign, audience, jurisdiction, list, retargeting workflow, or data source. Client is responsible for its own privacy notices, legal bases, consents, opt-outs, and platform-policy compliance.

2.4 Ad platforms and integrations. When Client enables advertising-platform integrations, Client is generally the advertiser and is responsible for ensuring that the data is eligible for matching, retargeting, lookalike audience creation, measurement, and other advertising uses. Ken may act as a service provider, processor, or integration provider for those workflows, depending on configuration and law.

2.5 Privacy and security representative. Privacy and security inquiries may be directed to Colton Sumners through [email protected]. This contact is for privacy and security inquiries and is not a statement that Ken has appointed a GDPR Article 27 or UK GDPR representative. If Ken is required to appoint an EU or UK representative established in the relevant jurisdiction, Ken will identify that representative in this Privacy Policy or provide the details where required by law.

3. Personal Information We Collect

3.1 Website and device information

When you visit our website or use the Platform, we may collect IP address, device identifiers, browser type, operating system, referring pages, pages viewed, session activity, cookie identifiers, approximate location inferred from IP address, and other usage or diagnostic data.

3.2 Account, client, and business contact information

We may collect name, business email address, phone number, company name, job title, role, login credentials, account settings, billing contact details, support messages, meeting notes, call recordings or transcripts if enabled, onboarding answers, and communications with us.

3.3 Billing and transaction information

We and our payment providers may collect payment method information, billing address, tax details, invoice history, payment status, chargeback information, and transaction records. Ken does not intentionally store full payment card numbers if handled by a third-party payment processor.

3.4 Client Data and Campaign settings

We may collect Client-uploaded lead lists, CRM data, calendar or scheduling metadata, target audience descriptions, ideal customer profile information, customer lists, competitor lists, blocklists, suppression lists, Client Content, brand guidelines, offer details, approved messaging, Campaign instructions, and related files.

3.5 Information about business prospects

We may collect or process information about Prospects, including:

  • name;
  • business email address;
  • employer, company, and company domain;
  • job title, department, seniority, role, and professional history;
  • LinkedIn URL, professional profile URLs, and publicly available online presence;
  • company website information, industry, company size, location, business model, pricing signals, technology stack, hiring activity, funding signals, public posts, articles, press, and other company attributes;
  • verification, enrichment, qualification, segmentation, scoring, and fit information;
  • Campaign send, open, click, bounce, reply, unsubscribe, meeting, conversion, and engagement data;
  • reply content, sentiment tags, out-of-office status, auto-reply status, and similar classifications;
  • timestamps, user-agent, IP-derived data, and anti-bot indicators related to email and link engagement.

3.6 Ken-Sourced Data and the Ken Database

Ken maintains and uses the Ken Database for B2B prospecting, enrichment, qualification, segmentation, and related services. The Ken Database currently includes approximately 300 million business profiles and companies, but size, coverage, freshness, fields, and availability may fluctuate over time due to ongoing refresh, validation, deduplication, removals, source availability, and compliance requirements.

3.7 AI and Generated Content

We may process Client Data, Prospect Data, website data, professional profile data, Campaign Data, and Client instructions through AI systems to generate, evaluate, rewrite, classify, score, summarize, or personalize Campaign content and workflows.

3.8 Sensitive data

The Services are not designed to collect or process sensitive personal information, special categories of personal data, consumer credit data, health data, financial account data, children's data, biometric data, precise geolocation data, government identifiers, or similar restricted data. Clients must not provide such data unless Ken expressly agrees in writing and appropriate safeguards are in place.

4. Sources of Personal Information

We may collect personal information from:

  • you, your company, your Authorized Users, and your communications with us;
  • Client-uploaded files, CRMs, calendars, scheduling tools, email systems, and other Client systems;
  • public websites, company websites, professional profiles, search results, business directories, public posts, articles, press, and other publicly available sources;
  • third-party business data providers, enrichment providers, verification providers, and lead data providers;
  • email infrastructure, link tracking, open tracking, deliverability tools, spam scoring tools, anti-bot tools, and analytics tools;
  • AI providers, cloud providers, hosting providers, payment providers, support providers, ad platforms, and other vendors;
  • Prospects who reply, click, unsubscribe, book meetings, or otherwise interact with Campaigns;
  • partners, referrals, events, and sales or marketing channels.

5. How We Use Personal Information and Legal Bases

Where GDPR, UK GDPR, or similar laws apply, we rely on the legal bases described below. The exact legal basis may depend on the data, context, jurisdiction, Client instructions, and whether Ken or Client acts as controller.

5.1 To provide the Services. We use personal information to create accounts, onboard Clients, build lists, enrich data, verify emails, personalize messages, operate Campaigns, send emails, manage domains and inboxes, classify replies, provide dashboards, generate reports, provide support, and integrate with Client systems. Legal bases may include performance of a contract, legitimate interests, Client instructions where we act as processor, and consent where required.

5.2 To process Client-uploaded data on Client instructions. When Client provides lead lists, CRM data, or other Client Personal Data for processing on Client's behalf, Client determines the legal basis and Ken processes that data according to Client's documented instructions and the Data Processing Addendum.

5.3 To maintain and use the Ken Database. We use Ken-Sourced Data and business profile data to provide B2B data, prospecting, enrichment, qualification, segmentation, and outreach services. Where required, we rely on legitimate interests in B2B marketing, business development, data accuracy, and helping businesses identify relevant business contacts, balanced against the rights and interests of the individuals involved. We may rely on consent where required by law, and individuals may object to processing as described below.

5.4 To personalize and evaluate Campaign content. We use AI and automation to personalize emails, evaluate quality, score spam risk, classify replies, identify fit, generate insights, and improve Campaign performance. Legal bases may include performance of a contract, legitimate interests, Client instructions where we act as processor, and consent where required.

5.5 To operate retargeting and advertising integrations. If enabled, we may process identifiers, hashed email addresses, engagement data, and audience segments for matching, retargeting, measurement, lookalike audience creation, or similar purposes. Legal bases may include Client instructions, legitimate interests, and consent where required. Client is responsible for ensuring it has the rights, notices, consents, opt-outs, and platform eligibility needed for these uses.

5.6 To communicate with Clients and users. We use contact information to provide support, send service notices, respond to inquiries, provide product updates, send administrative messages, and market our Services to business contacts. Legal bases may include performance of a contract, legitimate interests, and consent where required.

5.7 To bill and manage our business. We use billing, transaction, account, and business information to invoice, collect payment, process refunds or disputes, manage contracts, keep records, and comply with tax and accounting obligations. Legal bases may include performance of a contract, legal obligations, and legitimate interests.

5.8 To secure, monitor, and improve the Services. We use data to debug, prevent fraud, monitor deliverability, detect abuse, protect accounts, enforce policies, improve models and workflows, develop features, perform analytics, and create deidentified or aggregated insights. Legal bases may include legitimate interests, legal obligations, and performance of a contract.

5.9 To comply with law and enforce rights. We use data to comply with legal obligations, respond to lawful requests, manage data rights requests, maintain suppression lists, enforce agreements, investigate violations, and protect Ken, Clients, Prospects, and others. Legal bases may include legal obligations and legitimate interests.

6. Information We Process About Business Prospects

6.1 Purpose. We process Prospect Data to help Clients identify, qualify, contact, analyze, and follow up with relevant business contacts and companies.

6.2 Categories. Prospect Data may include business contact details, professional role information, company data, public profile information, enrichment data, verification data, segmentation data, Campaign Data, Engagement Data, reply data, and suppression data.

6.3 Sources. Prospect Data may come from Clients, third-party business data providers, public websites, professional networks, company websites, search results, enrichment providers, verification providers, Campaign engagement, and Prospects themselves.

6.4 Notices in Campaigns. Campaigns should identify the sender and provide a way to opt out or unsubscribe where required. Some Campaigns may link to this Privacy Policy or to Client's privacy notice.

6.5 Opt-out and objection. Business Prospects may opt out of further outreach, object to certain processing, or request access, deletion, or correction by contacting [email protected]. We may need to retain limited Suppression Data to honor opt-outs and prevent future outreach.

6.6 Legitimate interests. Where we rely on legitimate interests for B2B Prospect Data, we consider factors such as the business context, the nature of the data, the source of the data, reasonable expectations, impact on individuals, safeguards, opt-out rights, and the relevance of the outreach. We may document legitimate interest assessments where required.

7. AI, Profiling, and Automated Processing

7.1 AI uses. We use AI and automation to generate and evaluate email copy, personalize messages, classify Prospects, segment audiences, verify fit, score spam risk, tag sentiment, summarize replies, and generate insights.

7.2 Human involvement. Ken uses human strategy, review, support, QA, and oversight in the Services. Client may choose approval settings for Campaigns, subject to the Service Agreement.

7.3 No legal or similarly significant automated decisions. We do not intend to use AI to make decisions about individuals that produce legal or similarly significant effects, such as credit, employment, housing, insurance, or eligibility decisions.

7.4 Third-party AI providers. We may use third-party AI providers and model-routing providers such as Anthropic, OpenAI, OpenRouter, Together AI, and Fireworks AI, and other providers listed in our DPA or made available to Clients where required. We do not currently use Google Gemini or other Google AI model services for Campaign generation, evaluation, classification, or personalization. Where we use AI providers as subprocessors or service providers, we use commercially reasonable measures and contractual or platform terms designed to prevent Client Data and Prospect Data submitted through the Services from being used to train those providers' general-purpose base models, except where Client expressly authorizes otherwise.

7.5 Limitations. AI outputs may be inaccurate, incomplete, biased, offensive, or unsuitable. Clients are responsible for reviewing and approving Campaign content and use of outputs.

8. Cookies, Pixels, Opens, Clicks, and Tracking

8.1 Website cookies. We may use cookies, pixels, local storage, SDKs, and similar technologies to operate our website, maintain sessions, remember preferences, analyze usage, improve performance, secure the Services, and market our Services.

8.2 Email and Campaign tracking. Campaigns may use open pixels, tracked links, click tracking, reply tracking, bounce tracking, anti-bot detection, and related technologies to measure engagement and deliverability, attribute meetings, manage suppression, and generate analytics.

8.3 Advertising and analytics technologies. We may use analytics and advertising technologies to understand website use, measure marketing performance, and, where enabled, support retargeting or audience matching.

8.4 Cookie choices. You can control cookies through browser settings and, where available, our cookie banner or preference tools. Some cookies are necessary for the Services and cannot be disabled through our tools. If required by law, we will request consent before using non-essential cookies or similar technologies.

8.5 Global Privacy Control. Where required by applicable U.S. state privacy laws, we will treat a legally recognized opt-out preference signal, such as Global Privacy Control, as a request to opt out of sale, sharing, or targeted advertising for that browser or device.

9. How We Disclose Personal Information

We may disclose personal information to the following categories of recipients:

9.1 Service providers and subprocessors. We disclose data to vendors that help us provide the Services, including cloud hosting providers, infrastructure providers, email infrastructure providers, domain and DNS providers, AI providers, model-routing providers, data and enrichment providers, verification providers, analytics providers, support tools, payment processors, security providers, and professional advisors. For security, confidentiality, and vendor-management reasons, we may describe certain vendor groups by category in this Privacy Policy and provide more detailed subprocessor information to Clients where required by applicable law or contract.

9.2 AI providers. We may transmit limited data to AI providers and model-routing providers to generate, evaluate, rewrite, classify, score, summarize, or personalize Campaign content and workflows.

9.3 Ad platforms and integration partners. If enabled by Client, we may disclose hashed identifiers, engagement data, segments, or other eligible data to advertising platforms such as Meta and Google, CRM providers, analytics providers, or other integration partners.

9.4 Clients. We disclose Prospect Data, Campaign Data, analytics, replies, exports, and reports to the Client for whose Campaign the data was processed.

9.5 Third-party platforms connected by Client. If Client connects a CRM, calendar, ad account, email account, data warehouse, webhooks, API, or other Third-Party Service, we may disclose data according to Client's instructions and integration settings.

9.6 Legal, compliance, and safety. We may disclose data if we believe disclosure is required or appropriate to comply with law, legal process, regulator requests, law enforcement requests, contractual obligations, security, fraud prevention, rights enforcement, or protection of Ken, Clients, Prospects, or others.

9.7 Business transfers. We may disclose or transfer data in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction.

9.8 Aggregated or deidentified data. We may disclose aggregated or deidentified information that does not identify a person or Client.

10. Sale, Sharing, Targeted Advertising, and CCPA/CPRA Notice

10.1 No sale for money. We do not sell personal information for money.

10.2 Potential sale, sharing, or targeted advertising. Some activities, such as disclosing identifiers, hashed email addresses, engagement data, or audience segments to advertising platforms for retargeting, matching, lookalike audience creation, measurement, or cross-context behavioral advertising, may be considered a "sale," "sharing," or targeted advertising under certain U.S. state privacy laws, even if no money is exchanged.

10.3 Categories potentially shared for advertising. If advertising integrations are enabled, categories of personal information that may be disclosed or shared may include identifiers, internet or similar network activity, business contact information, engagement data, and inferences or segments. Recipients may include advertising platforms, analytics providers, and measurement providers.

10.4 Opt-out mechanism. We maintain a conspicuous "Do Not Sell or Share My Personal Information" or "Your Privacy Choices" link in the website footer or header, where required. If we do not maintain a dedicated privacy choices URL, that link may direct users to this Privacy Policy, a request form, or a pre-addressed email request method that allows users to submit an opt-out request. Users may also email [email protected].

10.5 Privacy choices email. To opt out by email, contact [email protected] with the subject line "Do Not Sell or Share" and include enough information for us to identify the relevant record, such as your business email address, name, company, and the nature of your request. We may ask for additional information when reasonably necessary to match the request to the correct record, and we will use that information only to process the request.

10.6 California rights. California residents may have the right to know/access, delete, correct, opt out of sale or sharing, limit the use and disclosure of sensitive personal information if applicable, and not be discriminated against for exercising privacy rights.

10.7 Categories collected. In the preceding 12 months, we may have collected the categories described in Section 3, including identifiers, business contact information, commercial information, internet or electronic network activity, professional or employment-related information, inferences, and other information provided by Clients or users.

10.8 Sources. Sources are described in Section 4.

10.9 Purposes. Purposes are described in Sections 5 through 9.

10.10 Categories disclosed for business purposes. We may disclose the categories described above to service providers, subprocessors, Clients, integration partners, payment processors, analytics providers, security providers, professional advisors, and legal recipients for the purposes described in this Privacy Policy.

10.11 Sensitive personal information. We do not intentionally collect sensitive personal information for the Services, and we do not use or disclose sensitive personal information to infer characteristics where such use would trigger a right to limit.

10.12 Appeals. If applicable state law gives you the right to appeal our decision on a privacy request, you may appeal by replying to our decision email or contacting [email protected] with the subject line "Privacy Appeal."

11. International Data Transfers

11.1 Processing locations. We process data in the United States and the European Union, including the Netherlands and Germany. Our vendors and subprocessors may process data in the United States, the European Union, the United Kingdom, and other jurisdictions.

11.2 Transfer safeguards. Where required, we use appropriate transfer mechanisms, which may include the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum or UK International Data Transfer Agreement, supplementary measures, or reliance on vendors certified under the EU-U.S. Data Privacy Framework, UK Extension, or Swiss-U.S. Data Privacy Framework where applicable.

11.3 Client transfers. Where Client acts as controller, Client is responsible for ensuring that its transfers to Ken and its instructions to Ken comply with applicable international transfer requirements. The Data Processing Addendum provides additional transfer terms for Client Personal Data.

12. Data Retention

12.1 General retention. We retain personal information for as long as reasonably necessary to provide the Services, maintain our business records, comply with law, resolve disputes, enforce agreements, maintain security, honor opt-outs, and pursue legitimate business purposes.

12.2 Client account and Campaign data. While a Client account is active, we retain data as needed to provide the Services. After termination or cancellation, Ken may archive data and may delete or make unavailable active copies of uploaded lead lists, replies, inboxes, Ken-Sourced Data delivered to Client, workspace-level opt-out lists, Campaign analytics, and related workspace data after fourteen days.

12.3 Suppression Data. We may retain minimal Suppression Data, such as email addresses, hashed identifiers, domains, opt-out timestamps, and related records, as needed to honor opt-outs, prevent future outreach, document compliance, and protect deliverability.

12.4 Billing and legal records. We may retain billing data, invoices, tax records, payment records, contract records, legal records, security logs, and dispute records for longer periods as required or permitted by law.

12.5 Backups and archives. Data may remain in backups, disaster recovery systems, and archives until overwritten or deleted according to our ordinary retention practices, subject to access restrictions.

12.6 Aggregated and deidentified data. We may retain aggregated or deidentified data for analytics, benchmarking, security, and service improvement.

13. Your Rights and Choices

Depending on your location and the role in which Ken processes the data, you may have rights to:

  • access or know what personal information we process;
  • obtain a copy of personal information;
  • correct inaccurate personal information;
  • delete personal information;
  • restrict or limit processing;
  • object to processing, including processing based on legitimate interests;
  • withdraw consent where processing is based on consent;
  • opt out of sale, sharing, targeted advertising, or certain profiling where applicable;
  • data portability;
  • appeal a decision where applicable;
  • not be discriminated against for exercising privacy rights;
  • lodge a complaint with a data protection supervisory authority where GDPR, UK GDPR, or similar law applies.

13.1 How to exercise rights. Contact [email protected]. For sale, sharing, or targeted advertising opt-outs, use the "Do Not Sell or Share My Personal Information" link on our website or email [email protected].

13.2 Verification. We may need to verify your identity, authority, location, and relationship to the relevant data before completing a request. We may ask for information reasonably needed to locate and verify the relevant record.

13.3 Authorized agents. Where permitted by law, you may use an authorized agent to submit a request. We may require proof of authorization and may ask you to verify your identity directly.

13.4 Response timing. We aim to respond within the time required by applicable law, which may be one month under GDPR/UK GDPR or 45 days under certain U.S. state privacy laws, subject to permitted extensions.

13.5 Processor data. If we process data on behalf of a Client as processor or service provider, we may forward your request to that Client or instruct you to contact that Client directly.

13.6 Limits. Rights may be limited by law, security, confidentiality, trade secrets, legal privilege, compliance obligations, suppression needs, dispute resolution, or the rights of others.

14. EU/UK/EEA Additional Notice

14.1 Controller. For data where Ken acts as controller, the controller is Ken Technology LLC, 131 Continental Dr, Suite 305, Newark, DE 19713, United States.

14.2 Privacy contact. Contact [email protected] for privacy inquiries. Ken has not appointed a Data Protection Officer unless stated otherwise.

14.3 Representative. Privacy and security inquiries may be directed to Colton Sumners through [email protected]. If Ken is required to appoint an EU or UK representative established in the relevant jurisdiction, Ken will identify that representative in this Privacy Policy or provide the details where required by law.

14.4 Legal bases. Legal bases are described in Section 5.

14.5 International transfers. Transfer information is described in Section 11.

14.6 Complaints. You may lodge a complaint with your local data protection supervisory authority if you believe our processing violates applicable law. We encourage you to contact us first so we can try to resolve the issue.

15. Security

We use commercially reasonable administrative, technical, and organizational safeguards designed to protect personal information. These may include access controls, authentication, encryption where appropriate, logging, monitoring, backup and recovery practices, vendor review, incident response, and internal security procedures. No system is completely secure, and we cannot guarantee absolute security.

16. Children

The Services are intended for business use and are not directed to children. We do not knowingly collect personal information from children.

17. Third-Party Websites and Services

The Services may link to or integrate with Third-Party Services. We are not responsible for the privacy practices, content, security, or policies of third parties. Your use of Third-Party Services may be governed by their own terms and privacy policies.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a revised "Last Updated" date. Material changes will be communicated where required by law.

19. Contact Us

Ken Technology LLC
131 Continental Dr, Suite 305
Newark, DE 19713
United States
Privacy Contact: [email protected]