Kymata

Legal

Privacy Policy

Last updated: March 24, 2026

This Privacy Policy describes how Kymata Inc. ("Kymata," "we," "us," or "our") collects, uses, discloses, and otherwise processes personal information in connection with our public website (including kymata.ai), marketing activities, and our cloud software platform and related services (collectively, the "Services"). For enterprise customers, additional terms (such as a data processing addendum) may apply under your agreement with us.

Who we are

Kymata Inc. is a Delaware corporation with its principal business address at 650 Castro Street, Suite 120-260, Mountain View, CA 94041, United States. Where this policy refers to "personal information," we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked—directly or indirectly—with a particular individual or household, as defined under applicable U.S. state privacy laws.

Scope and relationship to contracts

This policy applies to personal information we process as a business in connection with the Services. If you use Kymata as part of your organization, your organization may control certain account and usage information; where applicable, we process personal information on behalf of our business customers as a service provider or processor in accordance with our customer agreements and any data processing terms.

Our website may contain links to third-party sites or integrations. This policy does not apply to third-party services; their privacy practices are governed by their own policies.

Personal information we collect

Depending on how you interact with us, we may collect the following categories of personal information:

  • Identifiers and contact data: such as name, business email address, phone number, job title, company name, and similar professional contact details you provide when you request a demo, subscribe to updates, create or administer an account, or communicate with us.
  • Account and authentication data: credentials, security questions or tokens, user IDs, and session information used to authenticate and maintain secure access.
  • Customer content and usage data: information you or your organization submit to the Services (for example, portfolio, vendor, or workflow data) and metadata generated through use of the platform (such as activity logs, configuration settings, and audit trails) where such data identifies or relates to individuals.
  • Device and technical data: IP address, device identifiers, browser type, operating system, approximate location derived from IP, and diagnostic or performance data from the Services.
  • Commercial information: records of products or services purchased or considered, and billing and payment-related information processed by our payment processors (we generally do not store full payment card numbers).
  • Marketing and communications preferences: your preferences for receiving communications from us and engagement data such as email opens and clicks where permitted.
  • Inferences: insights derived from the above information to improve the Services, secure accounts, and personalize communications in line with your choices.

We do not use the Services to knowingly collect sensitive personal information (such as government ID numbers, health information, or precise geolocation) except where you or your organization voluntarily provide it in connection with a legitimate business need and we are permitted to process it under applicable law and contract.

Sources of personal information

  • Directly from you or your organization (forms, contracts, support requests)
  • Automatically through the Services and our websites (cookies, logs, analytics)
  • From integrations or identity providers you connect to the Services
  • From service providers who assist our operations (for example, analytics or CRM)
  • From publicly available professional sources (for example, company websites)

How we use personal information

We use personal information for the following business purposes:

  • Providing, operating, securing, maintaining, and improving the Services
  • Creating and managing accounts; authenticating users; customer support
  • Processing transactions, invoices, and payments
  • Communicating about the Services, technical notices, and policy updates
  • Sending marketing communications where permitted (you may opt out as described below)
  • Detecting, investigating, and preventing fraud, abuse, and security incidents
  • Complying with legal obligations and enforcing our terms and policies
  • Analytics and product improvement in aggregated or de-identified form where appropriate
  • Corporate transactions such as a merger, financing, or acquisition

Cookies and similar technologies

We and our partners use cookies, pixels, local storage, and similar technologies to operate the site, remember preferences, measure performance, and—where allowed—support marketing. You can control cookies through your browser settings. Disabling certain cookies may affect site functionality.

How we disclose personal information

We may disclose personal information to:

  • Service providers and subprocessors who host infrastructure, provide security, analytics, communications, payments, or professional services, subject to contractual obligations
  • Your organization when you use the Services under an enterprise account
  • Professional advisers (lawyers, accountants, insurers) where necessary
  • Authorities when required by law, subpoena, or to protect rights, safety, and security
  • Successors in a merger, acquisition, reorganization, or sale of assets

We do not "sell" personal information as traditionally understood. We may use advertising or analytics technologies that could be considered "sharing" for cross-context behavioral advertising under California law; you may opt out as described below where required.

International transfers

We are headquartered in the United States. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where we or our subprocessors operate. Where required, we implement appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) in accordance with applicable law and our customer agreements.

Retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy, including to provide the Services, meet legal, accounting, or reporting requirements, resolve disputes, and enforce agreements. Retention periods vary depending on the nature of the information and whether you or your organization have contractual deletion or archival requirements.

Security

We implement administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, or alteration. These measures may include access controls, encryption in transit where appropriate, logging, vulnerability management, and vendor reviews. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

Your privacy rights (United States)

Depending on where you live, you may have rights regarding your personal information. For example, California residents may have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"):

  • Right to know what personal information we collect, use, and disclose
  • Right to request deletion of personal information, subject to exceptions
  • Right to correct inaccurate personal information
  • Right to opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising, where applicable
  • Right to limit use of sensitive personal information, where applicable
  • Right not to receive discriminatory treatment for exercising privacy rights

Residents of other U.S. states with comprehensive privacy laws (such as Colorado, Connecticut, Virginia, and others) may have similar rights. We will honor applicable requests in line with those laws.

To submit a request, contact us using the information below. We may need to verify your identity before responding. Authorized agents may submit requests on your behalf where permitted by law, with appropriate authorization.

Marketing opt-out

You may unsubscribe from marketing emails by using the link in any promotional message or by contacting us. Transactional or service-related messages may continue as permitted by law.

Children's privacy

The Services are intended for business users and are not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us and we will take appropriate steps to delete it.

Automated decision-making

We do not use personal information for solely automated decision-making that produces legal or similarly significant effects concerning individuals, except as may be described in a separate notice or product documentation where required.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Where changes are material, we will provide additional notice as appropriate (for example, via email or an in-app notice).

Contact us

For questions about this Privacy Policy or to exercise your privacy rights, contact:

For general terms of use, see our Terms of Service. Enterprise customers should also refer to their agreement with Kymata and any data processing addendum for contractual privacy commitments.