Privacy Policy

Kallista (“Kallista,” “we,” “us”) operates the catering-outreach service at kallista.io. Contact: privacy@kallista.io.

We collect three categories of data:

1. Restaurant profile data you provide. Your domain, location, menu, catering capabilities, signature dishes, and contact details. Some of this is extracted automatically from your public website with your consent during onboarding.
2. Mailbox connection data. If you connect a Gmail (Google) or Outlook (Microsoft) mailbox to send outreach through, we store an OAuth refresh token issued by your email provider and the email address that authorized the grant. We do not store your password.
3. Outreach activity. Records of emails sent on your behalf, replies received, click and open events, and the prospect metadata used to compose each email.

When you connect a Gmail mailbox, you grant Kallista thegmail.sendscope. We use this scope solely to send outbound catering-outreach emails that you authored or approved. Specifically:

• We sendemails composed in Kallista’s interface from your connected address.
• We do not read your inbox, drafts, sent items, or any other Gmail data. Thegmail.send scope is write-only.
• We do not use Google user data to train AI models, for advertising, for resale, or for any purpose other than the one stated here.
• We do not transfer Google user data to third parties except as needed to provide the service (e.g., the transactional email is sent to the recipient you authored it for).

Kallista’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

When you connect an Outlook / Microsoft 365 mailbox, you grant Kallista the Mail.Send scope. We use it the same way as Google’sgmail.send: to send outbound emails you authored. We do not read your inbox, sent items, calendar, or contacts.

• To find catering prospects. Your profile (cuisine, location, capabilities) feeds the prospect-discovery pipeline.
• To compose outreach emails.Your menu, signature dishes, and operator-provided context are sent to Anthropic’s Claude API, which writes draft emails on our behalf. Anthropic does not retain or train on this data per their commercial terms.
• To send and track outreach. We send through your connected mailbox and record delivery / open / click / reply events so you can review what your autopilot did.
• To bill you. We use a payment processor (Stripe) for subscription billing. Stripe receives the data they need to process payment; we do not store credit card numbers ourselves.

We share data only with the service providers we depend on:

• Supabase — our database and file storage host.
• Fly.io — runs our backend application servers.
• Vercel — runs our web frontend.
• Anthropic — provides the Claude AI model that drafts outreach emails.
• A B2B contact data provider — surfaces verified business decision-makers (e.g., office managers, EAs, event planners) we contact on your behalf.
• Stripe — payment processing.

We do not sell your data, your contacts’ data, or any data extracted from your connected mailbox. We do not share data with advertisers.

• OAuth tokens — until you disconnect the mailbox or close your account, then deleted within 30 days.
• Restaurant profile and outreach history — for the life of your account, then deleted within 90 days of account closure.
• Billing records — kept for 7 years per US tax requirements.

OAuth tokens are encrypted at rest using industry-standard symmetric encryption (Fernet / AES-128-CBC + HMAC). Database connections use TLS. Application-server-to-database traffic stays within the hosting provider’s private network where possible.

• Disconnect a mailbox from your settings at any time. Token is destroyed immediately.
• Revoke our access directly with Google at myaccount.google.com/permissions or with Microsoft at myaccount.microsoft.com.
• Request a copy of your data by emailing privacy@kallista.io.
• Request deletion of your account and all associated data by emailing the same address. We complete deletion requests within 30 days.

Kallista is a B2B service. We do not knowingly collect data from anyone under 18.

When we update this policy materially, we will post the revised version here and update the “Last updated” date. Material changes that affect how we use connected-mailbox data will trigger an email notification before they take effect.

Questions, requests, or complaints: privacy@kallista.io.