Draft Privacy and Cookies Notice
Draft for review — not effective.This working draft is aligned to the implemented V1 informational-site forms and delivery code. It is not a statement of approved or deployed data practices. The endpoints, technical retention controls, provider arrangements, request process, release-time technology inventory, and final wording must be approved before this can become Keller AI's public Privacy and Cookies Notice. It does not describe Archangel or any customer deployment.
Scope
If approved, this notice would cover personal information submitted through the two V1 forms on kellerai.io. It would not govern customer services, evaluations, or other business relationships that require separate written terms.
Information in the implemented V1 forms
The Book a Demo and Contact forms share one fixed interface. It requires name, work email, and company. A visitor may also provide role, topic, and a message. The payload also includes the form intent, a random submissionId, a required privacy acknowledgement value, and a honeypot value used for abuse handling.
Visitors should not submit confidential information, regulated data, credentials, or sensitive personal information through these forms.
Proposed purpose
The implemented design supports routing and responding to an inquiry, operating the form, applying limited duplicate handling, and handling abuse. OPS-393 and counsel must approve the actual uses, access, and disclosures before deployment and before this notice becomes effective.
Implemented delivery design
The repository implements API Gateway, a validation Lambda, SQS and a dead-letter queue, DynamoDB idempotency handling, a delivery Lambda, and SES notification. A repeated browser submission using the same submissionId is suppressed only while its idempotency record remains in DynamoDB. The source sets that record's expiry value to 24 hours after the record is created, but DynamoDB TTL deletion is asynchronous and may occur later; this draft does not promise an exact suppression or deletion time. The browser endpoint is runtime configured, and its exact origin is added to the website's Content Security Policy.
SES delivery is at least once and may produce a duplicate notification when delivery is retried. No CRM upsert is implemented. The staging and production endpoints, allowed origins, sender identity, controlled destination, provider arrangements, and deployment status remain unapproved.
Approved V1 retention standard
Inquiry information may be retained while an opportunity or business conversation remains active. Inactive website inquiries are scheduled for deletion or anonymization 12 months after the last meaningful interaction. Routine operational logs are retained for 30 days. A longer period may apply when reasonably necessary for security, legal-hold, contractual, or legal obligations.
These periods must be enforced across the controlled destination, queues, logs, backups, and related provider systems before this notice becomes effective. The 24-hour idempotency expiry described above is a separate duplicate-suppression control and does not extend the inquiry retention period.
Analytics, cookies, and similar technologies
The V1 source does not implement analytics, advertising, session replay, non-essential cookies, or browser storage used to identify a visitor. Analytics remain disabled. The deployed site and its approved providers still require a release-time inventory before this combined notice can become effective.
No analytics or non-essential cookie technology may be enabled in V1. If analytics or similar technology is proposed later, its inventory, retention, notice language, and any required consent or preference control must be reviewed and implemented before that technology loads. Browser cookie controls do not substitute for those decisions.
Choices and privacy requests
This draft does not yet state jurisdiction-specific rights; counsel must approve those details. Privacy questions and requests may be sent to contact@kellerai.io.
Changes
Keller AI may replace this draft only after the data map, endpoints, destinations, provider terms and disclosures, technical retention controls, request process, and counsel review are complete. Any effective notice must state its effective date on this page.