Last Updated: April 1, 2026
GDPR Compliance
Kamili Labs LLC is committed to complying with the General Data Protection Regulation (GDPR). This page explains how we handle personal data of individuals in the European Economic Area (EEA) and United Kingdom.
1. Data Controller
Kamili Labs LLC acts as the data controller for personal data collected through Kamili CRM. For CRM business data (contacts, deals) entered by our customers, we act as a data processor on behalf of our customers (the data controllers).
Contact: privacy@kamililabsllc.com
2. Legal Basis for Processing
We process personal data under the following legal bases:
- Contract performance: Processing necessary to provide the Kamili CRM service (account management, authentication, feature delivery)
- Legitimate interests: Product improvement, security, fraud prevention, and analytics
- Consent: Marketing communications, non-essential cookies, and analytics tracking
- Legal obligation: Tax records, compliance requirements
3. Data Subject Rights (Articles 15-22)
Under GDPR, you have the following rights:
- Right of access (Art. 15): Request a copy of all personal data we hold about you
- Right to rectification (Art. 16): Request correction of inaccurate personal data
- Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
- Right to restrict processing (Art. 18): Request that we limit how we use your data
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
- Right to object (Art. 21): Object to processing based on legitimate interests
- Rights related to automated decision-making (Art. 22): Right not to be subject to decisions based solely on automated processing, including AI features
To exercise any of these rights, contact us at privacy@kamililabsllc.com. We will respond within 30 days.
4. Data Protection Officer
For GDPR-related inquiries, contact our data protection team:
- Email: privacy@kamililabsllc.com
- Subject: "GDPR Request"
5. Cross-Border Data Transfers
Your data may be processed in the United States and other countries. We use the following safeguards for international transfers:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements (DPAs) with all sub-processors
- Encryption in transit and at rest
6. Data Breach Notification
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours as required by Article 33. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
7. Right to Lodge a Complaint
You have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated. A list of EU Data Protection Authorities is available at edpb.europa.eu.
8. Sub-Processors
We use the following sub-processors to deliver Kamili CRM:
| Provider | Purpose | Location |
|---|---|---|
| Vercel | Frontend hosting | USA |
| Supabase | Database | USA/EU |
| Stripe | Payments | USA |
| Resend | Transactional email | USA |
| Upstash | Redis caching | USA/EU |
| OpenAI | AI features | USA |