◈ Legal Document

Privacy
Policy.

Effective: 1 January 2026 · Last updated: 26 May 2026 · Version 1.0

This Privacy Policy applies to KOZAI, an AI Business Intelligence service operated by VARKOS GROUP LLC (Wyoming, USA) and distributed by VARKOS VIP LTD (London, UK).

Who We Are

KOZAI is an AI platform built for emerging markets, with native African language support and mobile-first payment integration.

Data Controller: VARKOS GROUP LLC · 30 N Gould St Ste N, Sheridan, WY 82801, USA
EU Representative: VARKOS VIP LTD · London, United Kingdom
Contact: support@mykozai.com

Data We Collect

Account data — name, email, company name, billing address
Access codes — DIV- codes used to authenticate sessions
Usage data — queries sent to AI agents (processed in real-time, not stored permanently)
Payment data — processed by Stripe Inc. We never store card details
Technical data — IP address, browser type, device info, session tokens
Communication data — emails you send to our support team

Payment data: when you subscribe via African payment methods (M-Pesa, Wave, Orange Money, Flutterwave, Paystack), payment processing is handled by the respective licensed provider. We do not store full payment credentials.

How We Use Your Data

To provide and maintain the KOZAI service
To authenticate access via your DIV- code
To process payments and send invoices
To send service notifications and updates
To improve our AI models and service quality
To comply with legal obligations

AI Queries & Confidentiality

Your queries to KOZAI agents are transmitted securely and processed in real-time. We do not permanently store the content of your AI conversations on our servers. Session logs are kept for 7 days for debugging purposes, then permanently deleted.

We never use your business queries to train third-party AI models without explicit consent.

Legal Basis (GDPR)

Contract performance — to deliver the service you subscribed to
Legitimate interest — security, fraud prevention, service improvement
Legal obligation — compliance with EU/UK/US law
Consent — for marketing communications (opt-in only)

Data Sharing

We share data only with trusted service providers necessary to deliver KOZAI:

Stripe Inc. — payment processing (US, EU certified)
VARKOS FLUX — Sovereign AI routing infrastructure (anonymized queries)
Supabase Inc. — database infrastructure (EU region)
Vercel Inc. — hosting and delivery

We never sell your data. Ever.

Your Rights

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to data portability
Right to object to processing
Right to withdraw consent at any time

To exercise any right: support@mykozai.com · Response within 72 hours.

Cookies

KOZAI uses essential cookies for authentication and session management. Analytics cookies are optional and require your explicit consent. We use Iubenda for consent management in compliance with GDPR and ePrivacy Directive.

Data Retention

Account data: retained for the duration of your subscription + 2 years
AI query logs: 7 days, then permanently deleted
Payment records: 7 years (legal requirement)
Communication logs: 2 years

Security

KOZAI uses enterprise-grade security: TLS 1.3 encryption in transit, AES-256 at rest, row-level security on all database tables, and JWT authentication with short-lived tokens. Access codes (DIV-) add an additional layer of human-verified access control.

Changes to This Policy

We may update this policy. Significant changes will be notified via email 30 days in advance. Continued use after the effective date constitutes acceptance.

PrivacyPolicy.