KomplyOS

Privacy Policy

Effective April 25, 2026 · Last updated April 25, 2026

KomplyOS LLC is a Delaware company that builds software for managing building compliance, inspections, and maintenance work. This Privacy Policy explains what information we collect when you use komplyos.com or the KomplyOS application, why we collect it, who we share it with, and what choices you have.

We wrote this in plain language because privacy notices that nobody reads do not protect anyone. If something here is unclear, email privacy@komplyos.com and we will answer.

1. Who we are and what this policy covers

KomplyOS LLC is a Delaware limited liability company. We provide a web platform that helps property managers, condo and co-op boards, and the technicians they hire track building equipment, schedule inspections, file required reports, and stay on top of compliance deadlines.

This policy applies to our marketing website at komplyos.com and to the KomplyOS web and mobile application that customers access after they sign up. In this policy, "we" and "our" mean KomplyOS LLC. "You" means anyone whose information we collect — whether you visit our marketing site, sign up for an account, or use the application as part of an organization that already subscribes.

A note on roles. Most of the data inside KomplyOS belongs to one of our customers — typically a property manager or a condo or co-op board. When you use the application as an Admin, Client, or Technician, we are processing that data on behalf of the customer who owns the account. The customer decides what data goes in, who can see it, and when it gets deleted; we follow their direction.

2. Information we collect

We collect only the information we need to deliver the Service, support our customers, and meet our legal obligations. Here is what that looks like in practice.

Account information

When you create an account, we collect your name, email address, phone number, role, and the organization you belong to. Admins also choose a password. We never see your password in plain text — it is hashed before it is stored.

Customer-submitted data

Customers and their authorized users add a wide range of operational data to KomplyOS to do their jobs: building addresses, equipment lists, inspection forms and responses, signatures, status updates, work orders, scheduling notes, and customer-to-technician messages. We treat all of this as the customer's data.

Photos and documents

You can upload photos and documents to KomplyOS — for example, a photo of a fire-extinguisher tag during an inspection, or a PDF of a permit. Photos taken on a phone may include EXIF metadata, such as the time the photo was taken or the device location at the time. We do not extract, analyze, or use that metadata for anything beyond storing the file you uploaded.

AI Assistant conversations

The KomplyOS AI Assistant lets administrators ask questions about their account and run common tasks in plain language. We retain the messages you send to the Assistant and the responses it returns so we can deliver the feature, debug issues, and improve quality over time. The Assistant runs on Anthropic's Claude API; Anthropic is listed in the subprocessor table below.

Payment information

We do not store credit card numbers. Payments are processed by Stripe. When a customer enters card details to subscribe, those details go directly to Stripe. We receive only a token, the brand of the card, the last four digits, and the billing zip code — enough to show which card paid for which invoice.

Telemetry

When you use KomplyOS, our servers automatically receive standard technical information: your IP address, browser type, device type, operating system, and which pages or features you used. We use this to keep the Service running, debug problems, and detect abuse.

Cookies

We use a small number of necessary cookies to keep you signed in and remember your preferences. We also use privacy-respecting analytics cookies to understand which pages people visit on the marketing site. We do not use third-party advertising cookies, and we do not run retargeting pixels.

3. How we use information

We use the information we collect to:

  • Run and deliver the KomplyOS Service to our customers and their authorized users.
  • Process payments and manage subscriptions.
  • Power the AI Assistant and improve its quality over time.
  • Produce anonymized, aggregated analytics that help us understand how the Service is used and where to invest next.
  • Detect and prevent fraud, abuse, and security incidents.
  • Send transactional emails such as billing receipts, password resets, and inspection alerts.
  • Respond to support requests and customer questions.
  • Comply with our legal and regulatory obligations.

We do not use your information for behavioral advertising, and we do not feed it into third-party ad networks.

4. Subprocessors

A subprocessor is a service we hire that may handle some of your information so we can deliver KomplyOS. We keep this list short on purpose. Today, we use four:

SubprocessorPurposeRegion
AWSHosting and S3 file storageUnited States
StripePayment processingUnited States
AnthropicAI Assistant — Claude APIUnited States
MailgunTransactional emailUnited States

If we add a new subprocessor that processes personal data, we will give customers at least 30 days notice before that subprocessor starts handling data — typically by email to account admins and an updated note on this page. That gives customers time to ask questions or, if they object, work with us on the timing.

5. Sharing and disclosure

Beyond the subprocessors listed above, we share information only in these limited situations:

  • With service providers who help us operate the Service (for example, the subprocessors in Section 4). They may access only what they need to do their job for us, under contracts that require them to protect the data.
  • For legal compliance, when we are required to respond to a subpoena, court order, or other lawful request, or when we believe disclosure is necessary to protect the rights, safety, or property of KomplyOS, our customers, or the public.
  • In a corporate transaction, such as a merger, acquisition, financing, or sale of assets. If that happens, we will require the receiving party to honor this Privacy Policy or notify customers of any material change.
  • At your direction, when you or your customer asks us to share information with a third party — for example, when you generate a shareable inspection report or connect KomplyOS to another tool you use.

We do not sell your personal information, and we are not a data broker.

6. Retention

We keep your information for as long as we need it to deliver the Service and meet our legal obligations.

  • While a customer's account is active, we retain Customer Content for as long as the customer wants it.
  • After an account is terminated, we retain Customer Content for 90 days so the customer can export it. After 90 days, we delete it from our active systems.
  • Encrypted backups may retain data for up to 30 additional days before they are rotated and overwritten.
  • Anonymized and aggregated data — for example, "X% of inspections in 2026 were submitted on time" — may be retained indefinitely, because it cannot be traced back to a specific person or customer.

If a law or a legal hold requires us to keep data longer, we will, and we will document the reason internally.

7. Your rights

Whether or not you live in a state or country with a specific privacy law, we offer the same baseline of rights to everyone who uses KomplyOS:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to fix information that is inaccurate or out of date.
  • Deletion — ask us to delete your personal information. If you are an authorized user under a customer's account, the customer typically holds the deletion right; we will route the request to them and confirm the action with you.
  • Portability and export — receive a copy of your data in a portable, machine-readable format.
  • Marketing opt-out — unsubscribe from marketing emails at any time using the link at the bottom of those emails. Transactional emails about billing, security, or account changes cannot be opted out of while you have an active account.

To exercise any of these rights, email privacy@komplyos.com from the address associated with your account. We respond within 30 days. If we cannot verify your identity or need more information to act on the request, we will tell you what we need and why.

8. NY SHIELD Act statement

KomplyOS is based in New York and serves customers throughout the tri-state area. We comply with the New York Stop Hacks and Improve Electronic Data Security Act (NY SHIELD Act), codified at New York General Business Law §899-bb. We implement reasonable administrative, technical, and physical safeguards to protect the private information of New York residents — including written security policies, access controls, encryption, vulnerability monitoring, vendor oversight, and employee training.

If a security breach affects the private information of New York residents, we will notify affected individuals and, where required, the New York Attorney General and other regulators in the manner and within the timelines that NY law requires.

9. California (CCPA) disclosures

If you are a California resident, the California Consumer Privacy Act (CCPA) gives you specific rights with respect to your personal information. This section describes the categories of information we collect, who we share it with, and what you can do about it.

Categories of personal information collected in the past 12 months

  • Identifiers — name, email address, phone number, IP address, and account ID.
  • Customer records — employer, job title, and role within an organization.
  • Internet or other electronic network activity — pages viewed, features used, and device type.
  • Geolocation data — only if it is present in EXIF metadata of a photo a user uploads. We do not collect real-time precise location.
  • Professional or employment-related information — technician role and certifications attached to a profile.

We do not collect biometric information, racial or ethnic origin, religious beliefs, health information, sexual orientation, or precise real-time location.

Categories of personal information disclosed to service providers

  • Identifiers and customer records — disclosed to AWS for hosting and to Mailgun for transactional email delivery.
  • Identifiers and payment metadata — disclosed to Stripe for payment processing.
  • AI Assistant conversation content — disclosed to Anthropic, which provides the Claude API that powers the Assistant.

Your CCPA rights

  • The right to know what personal information we have collected about you.
  • The right to delete that information, subject to legal exceptions.
  • The right to correct inaccurate information.
  • The right to opt out of the sale or sharing of your personal information. We do not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of, but the right exists.
  • The right not to be discriminated against for exercising any of these rights.

To exercise a CCPA right, email privacy@komplyos.com. We respond within 30 days. You may also designate an authorized agent to make a request on your behalf; we will ask the agent for written authorization signed by you.

10. EU and UK / GDPR posture

KomplyOS is built for customers in the United States, primarily in the New York tri-state area. We do not market the Service to individuals in the European Union or the United Kingdom, and we do not target residents of those regions.

If you are in the EU or the UK, please do not submit personal data through the Service. If you submit personal data anyway, you do so on the basis that we will process it as described in this Privacy Policy and only as needed to deliver the Service you requested. We do not currently maintain an EU or UK representative or Standard Contractual Clauses, because we are not actively processing EU or UK personal data at scale.

If your needs change — for example, your organization expands operations into the EU or UK — please reach out before submitting data so we can decide together whether KomplyOS is the right fit.

11. Children, security, changes, and contact

Children under 18

KomplyOS is a business tool. The Service is not directed at minors, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has submitted personal information to us, please contact privacy@komplyos.com and we will delete it.

Security

We protect your information using a layered set of safeguards.

  • All traffic between your browser or device and KomplyOS is encrypted in transit using TLS.
  • Data at rest is encrypted using AWS-managed keys.
  • Access to production systems is limited to a small number of trained engineers, controlled by role-based access and multi-factor authentication.
  • We follow the principle of least privilege — people get only the access they need to do their work.
  • We review access, vendor relationships, and security controls on a periodic basis.

No system is perfectly secure. If you discover a vulnerability, please report it to privacy@komplyos.com so we can address it quickly.

Changes to this policy

We may update this Privacy Policy from time to time. If we make a material change — for example, adding a new category of data or a new subprocessor — we will notify account admins by email and update the "Last updated" date at the top of this page. Continued use of the Service after the update means you accept the revised policy.

Contact us

For privacy questions, requests, and complaints, email privacy@komplyos.com. We respond within 30 days.

For legal notices, write to: KomplyOS LLC, c/o Resident Agents Inc., 8 The Green, Suite B, Dover, DE 19901.