Privacy Policy

Last updated: January 2025

This Privacy Policy explains how Kylith (“we”, “our”, “the Company”) collects, uses, and protects information across our products, including Kylith Access, Kylith Work, and Kylith Chat (“the Services”). We are committed to implementing privacy-first, security-driven practices and minimizing the amount of data we process.

Kylith is designed for enterprise use and complies with applicable data protection laws and Apple’s platform requirements, including rules governing macOS system extensions, MDM enrollment, and entitlement-based APIs such as EndpointSecurity. Signals we process are limited to security and compliance use.

1. Information We Collect

Kylith collects only the information necessary to deliver secure access, workflow automation, and encrypted communication features. We do not collect unnecessary personal data or perform employee surveillance.

1.1 Account & Identity Information

• User name, email address, and organization information
• Authentication identifiers (e.g., SSO ID, device-bound tokens)
• Role and permission metadata for access control

1.2 Device Information (for Zero Trust security)

When organizations deploy Kylith Access, we may process limited device security signals to verify device trust. These may include:

• Operating system version
• Device model and basic hardware attributes
• Device compliance status (e.g., encryption enabled, biometric enabled)
• System extension authorization state (macOS)

Kylith does not access personal files, photos, messages, browsing history, or user content.

1.3 Service Usage Information

We collect minimal technical logs to maintain reliability and security:

• Timestamps of access requests
• Application or service being accessed
• Policy evaluation results (allow/deny)

No keystrokes, screen contents, clipboard contents, or personal activity are monitored.

1.4 Communication Content (Kylith Chat)

Messages are protected with end-to-end encryption (E2EE). Kylith cannot read, decrypt, or access the content of messages.

We do not store:

• Unencrypted message content
• User conversations for analytics
• Message metadata unrelated to delivery

2. Information We Do Not Collect

Kylith does not collect or monitor:

• Keystrokes or typing activity
• User desktop screenshots or screen recordings
• Camera or microphone data
• Personal documents or media
• Browsing history or website content
• Private information from other applications

These practices are strictly prohibited in our design and violate our product principles.

3. How We Use Information

We use collected data solely to operate and improve the Services in accordance with enterprise security requirements.

We use data to:

• Verify identity and device trust for secure access
• Execute access policies and workflow routing
• Ensure service reliability and diagnose technical issues
• Deliver encrypted communication in Kylith Chat

We do not use personal data for advertising or behavioral analytics.

4. Legal Basis for Processing

Kylith processes data under the following legal bases:

• Performance of a contract with the customer organization
• Legitimate interests in providing secure, fraud-resistant services
• Compliance with legal obligations applicable to enterprise security

5. Data Sharing

We do not sell, rent, or share personal information with third parties for marketing purposes.

We may share limited data only with:

• Authorized enterprise administrators managing user accounts
• Infrastructure providers (cloud hosting, encrypted storage)
• Regulators or authorities when legally required

All service providers are bound by confidentiality and data protection agreements.

6. Cookies & Local Storage

Kylith uses cookies or local storage only to maintain session state and login functionality. We do not use tracking cookies or third-party analytics pixels.

7. Data Security

We implement industry-leading security controls:

• End-to-end encryption for Kylith Chat
• Transport-layer encryption for all network communication
• Hardware-backed keys and passkeys where available
• Encryption at rest for all stored data
• Role-based access control and audit logging

8. Data Retention

We retain only the data necessary to operate the Services. Access logs may be retained for compliance purposes as defined by each enterprise customer.

End-to-end encrypted message content cannot be retained or recovered by Kylith.

9. Your Rights

Depending on your jurisdiction, you may request:

• Access to your personal information
• Correction of inaccurate data
• Deletion of data processed by Kylith
• Export of your personal data (where applicable)

Requests may require validation through your employer or organization if Kylith’s Services are deployed at the enterprise level.

10. Children’s Privacy

Kylith is intended for enterprise use and is not directed toward children under 16. We do not knowingly collect information from minors.

11. International Transfers

Data may be processed in regions where Kylith or its service providers operate. We implement safeguards such as encryption and contractual protections for cross-border transfers.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated to enterprise administrators.

13. Contact Us

For questions regarding privacy or compliance, contact:

Email: support@kylith.com