This Privacy Policy describes how k2o (“we”, “us”, “our”) processes personal data when you use our business operations cockpit at cockpit.k2o.ai (the “Service”). By using the Service, you agree to this policy.
1. Data controller
k2o is operated by Vizueo. For privacy-related requests, contact us at account@k2o.ai.
2. Data we collect
Account data
- Email address and profile information from your sign-in provider
- Workspace settings, module preferences, and user configuration
Google account data (optional integrations)
When you choose to connect Google services, k2o accesses data only with your explicit OAuth consent. We request the following scopes:
- https://mail.google.com/ — required for Gmail access via IMAP/SMTP with OAuth 2.0. Used to read, send, archive, and organize emails in the Mail module.
- calendar.readonly — to display your upcoming meetings in the RDV (appointments) module.
- calendar.events — to create or update calendar events when you schedule from k2o (e.g. Calendly-related workflows).
- userinfo.email and openid — to identify your Google account during authentication.
We do not sell, rent, or share your mailbox or calendar data with third parties for advertising or marketing purposes.
Other integrations
Depending on the modules you activate (Meta Ads, WhatsApp, CRM, etc.), k2o may process data from those third-party services solely to provide the features you enable.
Technical data
- Log data (IP address, browser type, timestamps, error logs)
- Usage data related to features you use within the Service
3. How we use your data
- Provide and operate the k2o cockpit and its modules
- Display and manage your emails in the Mail module
- Show and sync calendar events in the RDV module
- Power AI agents and automations you configure
- Authenticate your account and maintain security
- Respond to support requests and improve the Service
We process data based on your consent (OAuth connections), contract performance (providing the Service), and our legitimate interest in securing and improving the platform.
4. Where data is stored
- Cloud infrastructure (EU) — account data, OAuth tokens, and synced metadata are stored on Supabase infrastructure hosted in the European Union.
- Encrypted credentials — OAuth refresh tokens and sensitive API keys are encrypted at rest using Supabase Vault.
- Local-first modules — certain business data (CRM, notes, todos) may remain on your local machine depending on your workspace configuration.
5. Data retention
- Google OAuth tokens and connected mailbox metadata are retained while your Google account remains connected.
- Email and calendar content cached by k2o is retained only as long as needed to provide the Service or until you disconnect the integration.
- Account data is retained for the duration of your account plus any legally required period.
You may disconnect Google or delete a mailbox at any time from Settings → Connectors in the app. Upon disconnection, we revoke OAuth access and delete associated tokens from our systems within a reasonable timeframe.
6. Your rights
If you are in the European Economic Area or another jurisdiction with similar rights, you may:
- Access, rectify, or delete your personal data
- Restrict or object to certain processing
- Withdraw consent for OAuth integrations at any time
- Request data portability where applicable
- Lodge a complaint with your local supervisory authority
To exercise these rights, email account@k2o.ai. We respond within 30 days.
7. Third-party services
k2o integrates with services you choose to connect (Google, Meta, WhatsApp, Calendly, etc.). Each provider has its own privacy policy. We only access data required for the scopes you approve during OAuth consent.
8. Security
We implement technical and organizational measures including encryption at rest for credentials, access controls, and secure OAuth flows. No method of transmission over the Internet is 100% secure; we continuously work to protect your data.
9. International transfers
Primary data storage is in the EU. If data is transferred outside the EEA, we use appropriate safeguards such as Standard Contractual Clauses where required.
10. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date.
11. Contact
Questions about this policy: account@k2o.ai. See also our Déclaration de confidentialité (FR) and Terms of Service.