Legal
Privacy Policy
This Privacy Policy explains how Matteo Ferraroni, sole proprietor doing business as Karat ("Karat", "we", "us"), based in Jacksonville, Florida, USA, collects, uses, shares, and protects personal information in connection with the website at karat.run and the services provided through it (collectively, the "Service"). Karat is the data controller for the personal information described here.
1.Information we collect
1.1 Information you give us
- Snapshot request form — your business domain and email address.
- Booking a call — name, email, time zone, and any details you enter on the Cal.com booking form.
- Client onboarding — for paying clients: company name, billing contact, billing address, target keywords/competitors, and any other information needed to deliver the engagement.
- Email correspondence — the content of messages you send to us.
1.2 Information we collect about prospective clients (B2B prospecting)
Where we send personalised outreach to a small list of named B2B contacts, we collect business contact details (name, role, company, business email, public profile URL) from public sources: company websites, LinkedIn, Crunchbase, conference attendee lists, GitHub, podcast episode notes, and similar sources. We do not purchase, rent, scrape in bulk, or use third-party mailing lists. Each contact is researched and selected individually because their company is a relevant fit for Karat's services.
1.3 Information we collect automatically
When you visit karat.run, our hosting and DNS provider (Cloudflare) automatically logs technical information such as your IP address, browser type, referring URL, and the pages requested. We use this only to operate the site, prevent abuse, and produce aggregate analytics. karat.run does not set marketing or advertising cookies.
2.How we use information
- To deliver the Service — produce reports, send weekly client updates, run AI search monitoring, and ship recommended fixes.
- To communicate with you about your account, billing, support, and material changes to the Service.
- To send relevant, individually researched B2B outreach to prospective clients.
- To improve Karat's methodology and product.
- To comply with legal obligations, prevent fraud, and enforce our Terms.
3.How we share information
We share personal information only with the service providers we rely on to operate the Service. Each is contractually bound to confidentiality and appropriate security. We do not sell personal information and do not share it for cross-context behavioral advertising.
| Provider | Purpose | Location |
|---|---|---|
| Cloudflare | Website hosting, DNS, CDN | Global |
| Amazon Web Services | Application storage, processing | US |
| Mailgun (Sinch) | Transactional and outbound email delivery | US |
| Fastmail | Mailbox for [email protected] | US |
| Cal.com | Meeting scheduling | US |
| Stripe | Payment processing | US |
| Anthropic, OpenAI, Google, Perplexity | LLM API calls used to run audits (we send only the prompt and the target company's public information) | US |
We may also share information when required by law, to enforce our Terms, to protect rights or safety, or as part of a business transfer (e.g., merger or acquisition).
4.Data retention
- Snapshot and prospecting records: retained for up to 24 months from last interaction, after which they are deleted or anonymised.
- Client account, contract, and billing records: retained for as long as the engagement is active and afterwards for the period required by applicable US tax and accounting law (typically 7 years).
- Email correspondence: retained for 36 months from the last reply.
- Server logs: retained for up to 90 days.
5.Your rights
Regardless of where you live, you can ask us to:
- tell you what personal information we hold about you;
- correct anything that is inaccurate;
- delete your information;
- stop processing it for marketing or outreach;
- send you a portable copy of it.
Email [email protected] and we will respond within 30 days.
If you are in the European Economic Area, the United Kingdom, or Switzerland, you also have rights under the GDPR — including the right to lodge a complaint with your local data protection authority. The same email address handles those requests.
6.Opting out of email
Every marketing or outbound email Karat sends includes an unsubscribe link and a clear way to reply asking us to stop. You can also email [email protected] with the subject "unsubscribe" and we will remove you within two business days. Transactional emails to active clients (e.g., invoices, weekly reports you are paying for) cannot be opted out of without ending the engagement.
7.Security
Karat uses access controls, encryption in transit (TLS), encryption at rest where supported by the provider, principle-of-least-privilege access, and reputable infrastructure providers. No system is perfectly secure; if we learn of a breach affecting your personal information, we will notify you and any relevant authorities as required by applicable law.
8.Children
Karat's Service is intended for businesses and adults. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, please email [email protected] and we will delete it.
9.Cookies
karat.run does not currently set advertising or analytics cookies. If we add analytics in the future, this policy will be updated and, where required, a cookie banner will be shown.
10.Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be posted here with a new "Last updated" date and, where appropriate, communicated by email.
11.Contact
Data controller: Matteo Ferraroni, doing business as Karat, based in Jacksonville, Florida, USA.
Privacy contact: [email protected]
General contact: [email protected]