Last updated: 2026-06-12
This page explains what personal data Kelo processes, why, on what legal basis and for how long — in tables and with plain-language summaries. If your home is managed by an operator that uses Kelo, see section 3 in particular.
| Item | Value |
|---|---|
| Controller | Kelo Technologies S.L. |
| Tax ID (NIF) | [NIF pendiente] |
| Registered office | [Domicilio social pendiente] |
| Privacy contact | hello@getkelo.com |
For any question about your data or to exercise your rights, write to our privacy contact address. We respond within one month at most (art. 12.3 GDPR).
Where Kelo determines the purposes and means of processing (i.e. acts as controller), the processing activities are:
| Purpose | Data | Legal basis | Retention |
|---|---|---|---|
| Responding to contact and demo requests | Name, email, company, message content | Pre-contractual measures (art. 6.1.b GDPR) | 2 years from last contact |
| Newsletter and commercial communications | Name, email | Consent (art. 6.1.a GDPR), withdrawable at any time | Until you withdraw consent |
| Product user accounts (client staff) | Professional identification and contact data, credentials, activity logs | Performance of a contract (art. 6.1.b GDPR) | Contract term + statutory limitation periods (up to 6 years) |
| Site and service security | IP address, technical logs | Legitimate interest in protecting the service (art. 6.1.f GDPR) | 12 months |
We do not sell or share personal data with third parties for their own purposes. Where we rely on legitimate interest we have carried out the corresponding balancing test, and you can object at any time.
Institutional operators that contract Kelo (residential portfolio managers) use the platform to run their properties, including incidents reported by residents through channels such as WhatsApp or email. For that processing, the controller is the operator managing your home, and Kelo acts as processor under article 28 GDPR, pursuant to a data processing agreement (DPA) signed with each client.
The Kelo product includes artificial intelligence agents that handle operational conversations (for example, maintenance incidents over WhatsApp or email). In line with article 50 of the EU AI Act, those agents identify themselves as AI systems in the first interaction, and you can always ask to speak with a person.
Decisions with material impact on residents or other persons remain subject to human supervision and review by the operators. Kelo does not make decisions based solely on automated processing that produce legal effects on you or similarly significantly affect you (art. 22 GDPR).
Kelo generates aggregated, anonymised statistics across the portfolios it serves to improve the service and provide network intelligence features. That information is irreversibly anonymised with aggregation thresholds: it does not identify any client, property or person. Clients may opt out of these features under their contract.
Kelo relies on providers that process data on Kelo's behalf under article 28 GDPR contracts. The main ones are:
| Provider | Service | Location | Transfer safeguard |
|---|---|---|---|
| Supabase | Database and backend | EU (European region) | No transfer outside the EU |
| Meta Platforms (WhatsApp Business) | Messaging channel | United States | EU-U.S. Data Privacy Framework |
| AI model providers (e.g. Anthropic) | Language processing for the agents | United States | EU-U.S. Data Privacy Framework / Standard Contractual Clauses |
We may also disclose data to public authorities or courts where a legal obligation requires it. We will keep this list up to date as providers change.
Kelo's primary infrastructure is located in the European Union. Where a provider processes data outside the European Economic Area, it does so under an adequacy decision (such as the EU-U.S. Data Privacy Framework, art. 45 GDPR) or the European Commission's Standard Contractual Clauses (art. 46 GDPR), as indicated in the table in the previous section.
You can exercise them by writing to hello@getkelo.com. If you believe we have not handled your rights properly, you can complain to the Spanish Data Protection Agency (www.aepd.es).
We will publish any change to this policy on this page, updating the date in the header. If a change is material and affects you, we will notify you through a reasonable means before it takes effect.