Privacy Policy

We are committed to protecting your personal information. If you have questions about this notice or our practices, contact privacy@keenious.com.

1. Who we are and how we process data

Keenious AS is the controller for the processing described in this policy. Its registered address is Keenious AS, Sykehusvegen 23, Tromsø, Troms 9019, Norway.

Keenious treats all user data as if the user were in the European Economic Area. Keenious applies the same GDPR standards, rights, and safeguards to everyone, regardless of location.

If the user uses Keenious through an institutional account, the user's organization oversees the data processed for research suggestions. In that case, Keenious acts as a processor on behalf of the user's organization, and the organization is the controller for those features.

2. Scope

This notice covers personal data processed when the user visits the Keenious website, uses its Microsoft Word and Google Docs add-ons, uses its applications and services, or engages with Keenious in related ways, for example sales, marketing, events, and support.

3. Information you provide to us

Keenious collects information the user chooses to give Keenious, including the following:

• Account information, for example name, email address, and password.
• Payment information, which is processed by Keenious's payment provider. Keenious receives limited billing and transaction details. Keenious does not store full card numbers on its systems.
• Content the user submits, for example, documents, selected excerpts, queries, instructions, and feedback. User data is encrypted in transit and while being stored. Keenious manages encryption using industry-standard methods and key management.
• Survey responses, event interactions, and job application materials.

All personal information the user provides must be true, complete, and accurate.

4. Information we collect automatically

When the user visits or uses Keenious services, Keenious collects technical data to operate, secure, and improve the services. This includes IP address, device and browser details, operating system, language, referring URLs, country, time zone, timestamps, pages viewed, feature usage, device events, error reports, and similar diagnostics.

Keenious uses cookies and similar technologies on certain webpages. The user will always be asked for permission for Keenious to use Cookies. See the Keenious Cookie Policy for details and controls.

5. Data, AI features and large language models

Providers and Subprocessors

Keenious utilizes service providers, including those for large language models (LLMs) such as Google Gemini, to operate certain AI features. These features employ technologies like LLMs and NLPs to analyze content and generate recommendations and summaries.

Processing of user data by these providers, which act as subprocessors, is strictly limited to delivering the service under Keenious's documented instructions. We require all service providers to make confidentiality, security, and data protection commitments. A list of subprocessors, including their locations, is available upon request.

The data processed for these features includes:

• Prompts and Inputs: Such as uploaded documents, selected excerpts, queries, and instructions.
• Contextual Data: Information added by Keenious to operate the feature (e.g., language and model configuration).
• Generated Outputs: Responses and summaries created by the model.
• Technical Logs: Including timestamps, usage metrics, model identifiers, and error codes.

Keenious processes and hosts prompts, messages, files, and AI responses within the European Union (specifically Ireland, Belgium, and Germany). Access to this data is retained for up to one day to maintain service reliability, prevent abuse, and resolve issues. Specific items, such as account information, may be retained for longer periods if required by law or necessary for an active security incident investigation. An up to date list of subprocessors, including their locations, is available at - Approved Subprocessors For Keenious.pdf

Users should not submit special category personal data or other sensitive information into the Keenious tool. Users are encouraged to follow the principle of data minimization and provide only the information necessary for using Keenious.

Keenious does not use user prompts, inputs, or outputs to train its models or the models of its providers.

Retention for AI features

Prompts and outputs are retained only as long as needed to provide the feature, secure the service, and meet legal obligations. The default retention period for raw prompts and outputs is 24 hours, after which it will be deleted. Technical logs for AI features are retained for 24 hours. The user can request earlier deletion.

6. How we use personal information

Keenious uses personal information to create and manage accounts, deliver and improve the services, provide support, send administrative messages, protect the services, enforce its terms, comply with legal obligations, respond to legal requests, and manage subscriptions and payments.

Keenious may also use personal information to send information about Keenious products and services, including promotional and sales communications. The lawful basis for this processing is Keenious's legitimate interest in promoting and developing its services. The user has the right to object to receiving such communications at any time. This can be done by clicking the unsubscribe link included in the emails or by contacting privacy@keenious.com. If the user objects, Keenious will stop sending marketing communications.

Keenious does not sell or share personal data with third parties for their own marketing purposes.

7. Sharing and disclosure

Keenious may share data with service providers and subprocessors that help Keenious operate the services, for example, hosting, analytics, payments, and LLM providers. Keenious conducts regular vendor reviews. Keenious may share data to comply with law, to protect rights and safety. Keenious does not sell personal data.

8. Retention

Keenious will keep personal data only as long as needed for the purposes described in this notice or as required by law. When there is no longer a business need to process personal data, it will be deleted. If immediate deletion is not feasible, for example, in backups, Keenious isolates the data and applies deletion on the next cycle. Inactive backup data is removed after 90 days.

9. Security - Your Data Protection

Keenious applies technical and organizational measures appropriate to the risk, including encryption, access controls, audit logging, and staff training.

Encryption

User data is encrypted in transit and while being stored. Keenious manages encryption using industry-standard methods and cryptographic key management.

Limited access

Keenious staff do not have unrestricted access to the user's content or conversations.

Providers and subprocessors

Keenious uses service providers, including large language model (LLM) providers such as Google Gemini, to operate some AI features. Providers may process user data only to deliver the service under Keenious's documented instructions. Keenious requires confidentiality, security, and data protection commitments. Providers do not use the user's prompts or outputs to improve their models.

10. Your privacy rights

In line with GDPR, all users have the following rights, subject to conditions in law:

• Right of access, to obtain a copy of personal data.
• Right to rectification, to correct inaccurate or incomplete data.
• Right to erasure, to request deletion of personal data.
• Right to restrict processing, to request that Keenious limits processing in certain cases.
• Right to data portability, to receive personal data the user provided in a structured, commonly used, machine-readable format.
• Right to object, to object to processing based on legitimate interests or for direct marketing.
• Right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significant effects.

The user can exercise these rights by contacting privacy@keenious.com.

For further information on user EU rights, see https://www.itgovernance.eu/blog/en/the-gdpr-consumer-rights-for-your-personal-data.

11. Cookies and similar technologies

Keenious may use cookies and similar technologies on certain pages to operate and administer our services and improve your experience. See our Cookie Notice for details.

12. Changes to this notice

Keenious will update this notice when needed to stay compliant and transparent. The updated version is effective from the date of publication. For material changes we will provide advance notice and seek consent where required.

13. Contact

If you have questions or comments about this notice, contact privacy@keenious.com or by post at: