Privacy-policy | Kaisaro

Privacy Policy

Effective Date: June 8, 2026

Kaisaro LLC — Bellevue, Washington, United States

Kaisaro LLC (“Kaisaro,” “Company,” “we,” “our,” or “us”) is committed to protecting the privacy and security of personal information entrusted to us. This Privacy Policy describes how we collect, use, disclose, process, store, and protect information obtained through our website, communications, business interactions, recruiting activities, and related services.

Please read this Privacy Policy carefully. By accessing or using this website, submitting information through our forms, or otherwise interacting with Kaisaro, you acknowledge that you have read and understood the practices described below.

1. Company Information

Kaisaro LLC

Bellevue, Washington, United States

Email: info@kaisaro.com

Website: https://www.kaisaro.com

2. Scope and Applicability

This Privacy Policy applies to personal information collected from individuals who interact with Kaisaro’s website, submit inquiries or applications, or engage with Kaisaro in a business capacity.

Kaisaro operates primarily in the United States and provides services to domestic and international clients. To the extent that Kaisaro processes personal data of individuals located in the European Economic Area (“EEA”), the United Kingdom (“UK”), or other jurisdictions with applicable data protection laws, those laws and the protections described in this Policy apply to such processing.

This Policy does not apply to the data practices of third-party websites, services, or platforms linked from this website, or to information that is not personal in nature.

3. Information We Collect

We may collect information directly from users, automatically through website usage, and from authorized third-party sources.

A. Information Voluntarily Submitted

When you contact us, submit inquiries, upload documents, apply for opportunities, or otherwise communicate with Kaisaro, we may collect information including, but not limited to:

Full name
Email address and telephone number
Company or organization name and professional title
LinkedIn or professional profile information
Resume, curriculum vitae (CV), portfolio, or other employment-related materials
Uploaded documents, files, or attachments
Any additional information voluntarily provided in correspondence

B. Automatically Collected Information

When you access or interact with the website, certain technical and usage-related information may be collected automatically, including:

IP address and approximate geolocation derived from IP address
Browser type and version; device identifiers and operating system
Referring URLs, pages visited, and navigation patterns
Date, time, and duration of access
Cookies, analytics identifiers, and related technical information (see Section 10)

C. Restricted or Sensitive Information

Unless expressly requested and subject to appropriate written agreements, users should not submit through public website forms:

Medical or health records or biometric information
Government-issued identification numbers (e.g., Social Security numbers, passport numbers)
Classified, regulated, or export-controlled technical data
Proprietary third-party confidential information
Financial account information (e.g., bank account or credit card numbers)
Sensitive personal information protected by applicable law

Submission of restricted or sensitive information through public website forms is at the user’s own risk. Kaisaro is not responsible for such unsolicited disclosures and cannot guarantee their security in transit.

4. Purposes for Processing

We collect, use, process, and retain information for the following legitimate business and operational purposes:

Responding to communications, inquiries, and requests for information
Evaluating employment, consulting, partnership, investor, supplier, and collaboration opportunities
Providing engineering, research, development, consulting, and related professional services
Operating, maintaining, securing, and improving website functionality and user experience
Detecting, investigating, and preventing fraud, abuse, unauthorized access, or unlawful activity
Maintaining business, financial, legal, and compliance records
Enforcing legal rights, contractual obligations, and internal policies
Complying with applicable laws, regulations, legal processes, and governmental requests

Kaisaro does not sell or rent personal information to third parties.

5. Legal Basis for Processing (GDPR)

Where applicable under the General Data Protection Regulation (“GDPR”) or similar laws, Kaisaro processes personal data on one or more of the following legal bases, mapped to specific activities in the table below.

Processing activity

Legal basis

Responding to contact form inquiries and communications

Legitimate interests (responding to business enquiries)

Evaluating employment, consulting, and partnership applications

Pre-contractual steps at the data subject's request; legitimate interests

Providing engineering, research, or consulting services

Performance of a contract

Operating and improving website functionality and security

Legitimate interests (secure and functional website operation)

Detecting and preventing fraud, abuse, or unauthorized access

Legitimate interests; legal obligation

Analytics and usage measurement (cookie-based)

Consent

Maintaining business and financial records

Legal obligation (tax, accounting, company law)

Enforcing legal rights and contractual obligations

Legitimate interests; legal claims

Complying with legal processes and governmental requests

Legal obligation

Where Kaisaro relies on “legitimate interests” as a legal basis, we have balanced our interests against data subjects’ rights and concluded that the processing does not unduly override individuals’ privacy interests. Individuals may object to processing on this basis at any time (see Section 12).

6. Data Retention Schedule

Kaisaro retains personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law, regulation, or contractual obligation. The following schedule describes our standard retention periods by data category.

Data category

Retention period

Legal basis

Contact form inquiries / general correspondence

2 years from last contact

Legitimate interests; legal compliance

Job applications, CVs, portfolios

3 years from submission date, or until hired (then per employment records policy)

Pre-contractual steps; legitimate interests

Business contracts and client records

7 years from contract termination

Legal obligation (tax / accounting); legitimate interests

Website analytics and usage logs

13 months from collection

Consent; legitimate interests

Security and access logs

12 months from generation

Legitimate interests; legal obligation

Financial and invoicing records

7 years from transaction date

Legal obligation

Legal hold / litigation-related records

Duration of proceedings plus applicable statute of limitations

Legal obligation; legal claims

Cookie consent records

3 years from consent date

Legal obligation (accountability)

Retention periods may be extended where information is required for ongoing litigation, regulatory investigation, audit, or other legal proceeding. Where legally permissible, Kaisaro will anonymize or pseudonymize data that is no longer needed in identifiable form.

7. Disclosure of Information

Kaisaro may disclose personal information to the following categories of recipients when reasonably necessary for legitimate business purposes or as required by law:

Website hosting and cloud infrastructure providers
IT, cybersecurity, and analytics service providers
Legal, accounting, compliance, and professional advisors
Contractors, consultants, and service providers acting on Kaisaro’s behalf under appropriate confidentiality obligations
Government authorities, regulators, law enforcement, or judicial bodies when required by applicable law, legal process, or court order

All disclosures to third-party service providers are made subject to contractual data processing agreements that require recipients to protect personal information in a manner consistent with this Policy and applicable law.

Kaisaro does not sell or rent personal information. Kaisaro does not share personal information for third-party advertising purposes.

8. International Data Transfers

Kaisaro is headquartered in the United States. Information submitted through this website or related communications may be transferred to, processed in, or stored within the United States, where Kaisaro and its service providers operate.

For personal data transferred from the EEA, UK, or other jurisdictions that impose restrictions on international data transfers, Kaisaro relies on one or more of the following transfer mechanisms to ensure adequate protection:

Standard Contractual Clauses (“SCCs”) approved by the European Commission (including the UK International Data Transfer Addendum where applicable);
An adequacy decision by the European Commission or relevant supervisory authority; or
Another appropriate safeguard or derogation permitted under applicable law.

Individuals may request information about the specific transfer mechanisms Kaisaro uses and obtain copies of relevant safeguards by contacting us at info@kaisaro.com.

Note: Mere use of this website does not constitute valid consent to international data transfers under the GDPR. Kaisaro relies on Standard Contractual Clauses and other lawful mechanisms, not browsewrap consent, for cross-border transfers of EEA or UK personal data.

9. Employment, Recruiting, and Applicant Information

If you submit employment-related materials, including resumes, CVs, portfolios, or application information:

Such information may be reviewed for current or future employment, consulting, advisory, or contractor opportunities.
Submission of information does not create any employment relationship, contractual obligation, or guarantee of engagement.
Applicant information will be retained in accordance with the retention schedule in Section 6.
Applicants are encouraged to avoid including unnecessary sensitive personal information within submitted materials, including health information, financial account details, or government identification numbers.

Kaisaro processes applicant data on the legal basis of pre-contractual steps taken at the data subject’s request and legitimate business interests in evaluating candidates.

10. Cookies and Analytics Technologies

This website may use cookies and similar tracking technologies. A “cookie” is a small text file stored on your device that helps websites recognize returning visitors and measure usage.

Categories of Cookies

Essential / strictly necessary cookies — required for core website functionality (e.g., security, session management). These do not require consent.
Analytics and performance cookies — used to measure website traffic and user behavior (e.g., Google Analytics). These require your prior consent in jurisdictions where consent is legally required.
Functionality cookies — used to remember your preferences. May require consent depending on jurisdiction.
Marketing and advertising cookies — Kaisaro does not currently use advertising or targeting cookies.

Consent and Control

In jurisdictions where applicable law (including the GDPR and the EU ePrivacy Directive) requires prior consent before non-essential cookies are set, this website uses a cookie consent management tool. Non-essential cookies will not be activated until you have actively accepted them through the consent banner presented upon your first visit.

You may manage or withdraw cookie consent at any time by:

Clicking the “Cookie Settings” link available in the website footer;
Adjusting your browser settings to block or delete cookies (note: this may affect website functionality); or
Submitting a request to info@kaisaro.com.

Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

11. Data Security

Kaisaro implements commercially reasonable administrative, technical, and organizational security measures designed to protect personal information against unauthorized access, disclosure, misuse, alteration, destruction, or loss. These measures include, where appropriate, encryption of data in transit, access controls, and vendor security assessments.

No internet transmission or electronic storage system can be guaranteed to be completely secure. Accordingly, Kaisaro cannot guarantee absolute security of information transmitted to or stored through the website, and users transmit information at their own risk.

12. Privacy Rights and Requests

Depending on applicable law and your jurisdiction, you may have rights relating to your personal information. Kaisaro will honor verified requests in accordance with applicable law.

A. General Rights

The following rights may be available under applicable privacy laws:

Access — the right to request a copy of the personal information Kaisaro holds about you.
Correction — the right to request correction of inaccurate or incomplete personal information.
Deletion — the right to request deletion of personal information, subject to applicable legal retention obligations.
Restriction — the right to request restriction of processing in certain circumstances.
Data portability — the right to receive personal information in a structured, machine-readable format, where technically feasible.
Objection — the right to object to processing based on legitimate interests (including profiling based on legitimate interests).
Withdrawal of consent — where processing is based on consent, the right to withdraw consent at any time without affecting prior lawful processing.

B. California Residents (CCPA / CPRA)

California residents may have additional rights under the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”), including the right to know, delete, correct, and opt out of the sale or sharing of personal information.

Kaisaro does not sell personal information. Kaisaro does not share personal information for cross-context behavioral advertising purposes. Accordingly, no “Do Not Sell or Share” opt-out is required at this time. Should Kaisaro’s practices change, this Policy will be updated and the required opt-out mechanism will be provided.

Kaisaro will not discriminate against individuals who exercise their California privacy rights.

C. EEA and UK Residents (GDPR)

Residents of the European Economic Area or the United Kingdom have rights under the GDPR and applicable national or UK data protection law, including the rights described in Section 12.A above. In addition:

Right to lodge a complaint — you have the right to lodge a complaint with your local supervisory authority at any time. In the UK, this is the Information Commissioner’s Office (ICO). In EU member states, complaints may be lodged with the relevant national data protection authority (DPA). A list of EU DPAs is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
Right not to be subject to solely automated decisions — see Section 15 below.

D. Washington State Residents

Washington residents may have rights under the Washington Privacy Act (WPA) and the Washington My Health MY Data Act, as described in Section 13 below. Requests may be submitted to info@kaisaro.com.

E. How to Submit a Request

Privacy-related requests may be submitted by email to info@kaisaro.com. Please include your full name, the nature of your request, and sufficient information to allow Kaisaro to identify the personal information concerned.

Kaisaro reserves the right to verify the identity of requestors before processing requests, where legally permitted or required. Requests will be acknowledged within a reasonable time and responded to within the period required by applicable law.

13. Washington Consumer Health Data Notice

This section applies to residents of Washington State and is provided in accordance with the Washington My Health MY Data Act (“WMHMDA”), effective March 31, 2024.

Health Data We Do Not Collect

Kaisaro is a technology and engineering services company. Kaisaro does not intentionally collect, process, or share consumer health data as defined under the WMHMDA through this website. Our website forms are not designed or intended to collect health information.

What to Avoid Submitting

Users should not submit through public website forms:

Medical records, diagnoses, treatment information, or prescription data
Biometric or genetic data
Mental or behavioral health information
Information about reproductive health or pregnancy
Any other information that could be used to infer health or medical status

If Health Data Is Inadvertently Submitted

If Kaisaro becomes aware that a user has inadvertently submitted health data through an unsecured channel, Kaisaro will take reasonable steps to delete or secure such information and will not use or disclose it for any purpose other than addressing the submission.

Washington Health Data Rights

To the extent Kaisaro collects consumer health data subject to the WMHMDA in any future context, Washington residents will have the right to: access their health data; withdraw consent for collection; request deletion; and receive a list of third parties with whom such data has been shared. Such rights may be exercised by contacting info@kaisaro.com.

14. Children’s Privacy

This website is not directed toward children under the age of 13, and Kaisaro does not knowingly collect personal information from children under 13. If Kaisaro becomes aware that personal information has been collected from a child without appropriate parental consent or other legal authorization, Kaisaro will take prompt steps to delete such information.

Parents or guardians who believe that a child has submitted personal information to Kaisaro may contact us at info@kaisaro.com to request deletion.

15. Automated Decision-Making and Profiling

Kaisaro does not currently use automated decision-making processes that produce legal or similarly significant effects on individuals, including automated applicant screening, credit scoring, or profiling for targeting purposes.

If Kaisaro introduces any automated decision-making processes subject to GDPR Article 22, this Policy will be updated to describe the logic involved, the significance, and the potential consequences of such processing, and affected individuals will be provided with the right to request human review of automated decisions.

16. Data Breach Notification

In the event of a personal data breach that poses a risk to the rights and freedoms of affected individuals, Kaisaro will comply with applicable breach notification requirements, including:

Notifying affected Washington State residents within 30 calendar days of discovering a breach, in accordance with RCW 19.255.010;
Notifying the relevant supervisory authority within 72 hours of discovering a breach involving EEA or UK personal data, where required under GDPR Article 33; and
Providing affected individuals with notice as required by applicable state or federal law.

Breach notifications will include, to the extent practicable: a description of the nature of the breach; the categories and approximate number of individuals affected; the likely consequences of the breach; and the measures taken or proposed to address it.

Individuals who suspect unauthorized access to or misuse of their personal information held by Kaisaro should contact info@kaisaro.com promptly.

17. Third-Party Websites and Services

This website may contain links to third-party websites, platforms, or services. Kaisaro is not responsible for the privacy practices, security measures, content, or operations of any third-party website or service.

Users access third-party websites at their own risk and should review the applicable privacy policies and terms of those services independently. The presence of a link does not constitute Kaisaro’s endorsement of the linked site.

18. Confidentiality and Intellectual Property

Submission of information through publicly accessible website forms does not create a confidential, fiduciary, partnership, employment, joint venture, or attorney-client relationship with Kaisaro, unless expressly established through a separate written agreement executed by an authorized representative of Kaisaro.

Users should not transmit proprietary, confidential, classified, regulated, or export-controlled technical information through public website forms. Kaisaro is not bound by any unsolicited confidentiality obligation arising from information submitted through public channels.

All original website content, materials, designs, graphics, trademarks, and logos displayed on this website are owned by or licensed to Kaisaro LLC, unless otherwise stated, and are protected by applicable intellectual property laws. Unauthorized reproduction, distribution, or modification is prohibited.

19. Modifications to This Privacy Policy

Kaisaro reserves the right to revise, update, or modify this Privacy Policy at any time. Updated versions will be posted on this page with a revised effective date.

For material changes — such as new categories of data collected, new sharing arrangements, or changes to individuals’ rights — Kaisaro will provide advance notice by email (where a contact address is available) or by a prominent notice on the website homepage prior to the change taking effect. Where required by applicable law, Kaisaro will obtain fresh consent before implementing material changes.

Continued use of the website following publication of a revised Policy constitutes acknowledgment of the changes, except where applicable law requires affirmative consent.

20. EU and UK Representative

Kaisaro is established in the United States and does not currently maintain a physical presence in the EEA or the United Kingdom. To the extent Kaisaro processes personal data of EEA or UK residents and is required under GDPR Article 27 or the UK GDPR to designate a local representative, Kaisaro will appoint a representative and disclose their contact details in this Policy.

If you are located in the EEA or UK and have a question or concern regarding Kaisaro’s processing of your personal data, you may contact Kaisaro directly at info@kaisaro.com. Kaisaro will respond within the timeframe required by applicable law.

If Kaisaro’s processing of EEA/UK personal data increases in scope, Kaisaro will appoint a formal EU representative under GDPR Article 27 and will update this section accordingly.

21. Contact Information

For questions, concerns, or requests relating to this Privacy Policy or Kaisaro’s data practices, please contact:

Kaisaro LLC — Privacy Office

Bellevue, Washington, United States

Email: info@kaisaro.com

Website: https://www.kaisaro.com

Kaisaro will acknowledge privacy requests within 10 business days and respond substantively within the period required by applicable law (generally 30–45 days for GDPR and CCPA/CPRA requests, subject to one permitted extension).