Privacy policy
Last updated: June 2026
This policy explains what personal data Qala collects through this website and the Atlas agent, how we use it, and the choices you have. It applies to visitors to this site and to people who contact us or book a call. If you have any questions, reach us through our contact page.
Who we are
Qala is the data controller for personal data collected through this site. We are an AI agency based in East Africa (Kenya), building custom AI agents for businesses. For any privacy question, or to exercise your rights, contact us via our contact page.
Lawful basis for processing
Under the Kenya Data Protection Act 2019, we rely on legitimate interest for site analytics and for receiving and responding to contact-form submissions; consent for any marketing communication you opt into; and contract for work we carry out for clients who engage us.
Your rights
Under the Kenya Data Protection Act 2019, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Request erasure of your data
- Object to certain processing
- Portability — receive your data in a usable format
- Restrict processing in certain circumstances
- Withdraw consent at any time, where processing is based on consent
To exercise any of these, contact us through our contact page. We aim to respond within 30 days.
Third-party processors
We use a small number of trusted third parties to run this site and the Atlas agent. Each one's role is listed below.
Anthropic
Receives Atlas conversation content (system prompt, visitor messages, and model output) to generate Atlas's replies. Based in the United States. Their handling of that data is governed by their current API terms and privacy policy. Anthropic's data handling policy →
Cloudflare
Hosting (Cloudflare Pages), serverless function logs, cookieless web analytics, and the Turnstile bot challenge (Turnstile itself captures no personally identifiable information). Cloudflare's logging policy →
Calendly
Powers the booking flow for the workflow-audit call. Calendly acts as a separate data controller for booking data — when you book a slot, Calendly's own privacy policy applies to that interaction. Calendly's privacy policy →
Resend
Delivers transactional email — contact-form notifications to our team, and an auto-confirmation to you after you submit the form.
How we handle Atlas conversations
Atlas conversations are processed by Anthropic for inference and aren't stored on our servers. The disclosure shown beneath the Atlas input is the canonical statement; this section mirrors it. On our side, we log only structural metrics — never what is said.
What we log
- Timestamp
- Hashed session id
- Message count on the session
- Prompt + completion token counts
- Response latency (ms)
- Error code, if any
What we never log
- Message content
- Visitor input
- Model output
- Full prompts
- Raw IP addresses (the rate-limit counter uses a hashed key)
How we handle contact-form submissions
The contact form collects your name, email, optional company, a description of the workflow you want to fix, and an optional budget range. These are delivered to our inbox via Resend so we can reply. We keep them only as long as needed to handle your enquiry and any work that follows, and we do not sell them or share them for advertising.
Cookies
Our analytics provider, Cloudflare Web Analytics, is cookieless — no tracking cookies are set when you visit. We set one functional cookie, atlas_session, when you use the Atlas agent. It is short-lived, used only to bind your session to the agent's rate limits, and contains no tracking identifiers.
Changes to this policy
We may update this policy from time to time. The "Last updated" date above reflects the most recent substantive change; please check back periodically.
Contact us
For privacy questions, or to exercise any of your rights, reach us through our contact page. We aim to respond within 30 days.