Privacy Policy

Last Updated:  March 13, 2024

Thank you for visiting the Korro AI website. This privacy policy explains how we process your personal data, how we protect such data, and the rights you have concerning the use of such data in line with applicable data protection laws.

This policy may contain references to several data protection laws which may not apply to your specific country or jurisdiction.  

For further information on this policy and how we process your data, contact us at

Who are we?

In this policy, “Korro AI”, “we” or “us” refers to Korro AI Limited, 2nd Floor, 167-169 Great Portland St, London W1W 5PF, United Kingdom.  We are the data controller under the applicable privacy laws.

What data do we collect and how we use it? 

In the following section, you will find information on how we collect your personal data, what data is collected, its uses and the legal basis upon which it is processed.


Cookies are small text files that are placed on your computer or mobile device by websites that you visit. They are widely used in order to make websites work efficiently, as well as to provide information to the owners of the site. Cookies are useful because they allow a website to recognize your device, letting you navigate between pages efficiently, remember your preferences, and generally improve your experience.

Strictly Necessary Cookies

On our website we use cookies, which are necessary in order for the site to function. They may also be necessary to enable user guidance, security and implementation of the site. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

We do not use these necessary cookies for analysis, tracking or advertising purposes.

The legal basis for using these cookies is our legitimate interest in having a website that is usable by our visitors.

You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies or prevent the setting of new cookies at any time by using the appropriate browser settings.

Please note that if you delete certain cookies, our web pages may not be displayed correctly and that some functions may no longer be available.

When you contact usWhen you contact us via email, post or telephone, we process your full name, address, e-mail address, telephone number (as applicable)This data is used to review and respond to your request. The legal basis is that the processing is necessary in order to take steps prior to entering into a contract with you or your consent when applicable.
When you apply for a position with usWe process your general application data including full name, address, resume and other corresponding application material.This data is used to process your application. The legal basis is that the processing is necessary in order to take steps prior to entering into an employment contract with you or your consent when applicable.

Additional personal data may be collected in the following situations:

If at any time you wish to withdraw consent for future processing, please contact us at

How long do we keep your personal data? 

Korro AI retains your personal data for the purposes listed above in the section “What data do we collect and how we use it”. Your personal data will be retained as long as it is necessary to fulfill the specific purpose for which it was collected.

For customers this will be no longer than one (1) year after your last contact with us. For unsuccessful applicants this will be no longer than six (6) months after a decision has been made on the position for which you applied, unless consent is provided to retain for longer. For successful applicants the personal data contained in your application will become part of your personnel file.

In specific cases, a longer retention of your personal data might be required according to legal obligations.

International Data transfers

In order to carry out the activities described in this policy, we may transfer your personal data to our affiliates, service providers or partners. These may include but are not limited to other Korro entities and cloud service providers. We share only necessary personal data required for the third parties to complete the tasks for which they have been contracted. Korro does not sell your data to any third parties.

Your  data may be transferred to countries whose data protection laws are not considered to be as strong as the UK GDPR or the laws which apply where you live. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without informing you or allowing you to take legal action.

In order to grant sufficient protection of your personal data, all data transfers are covered under an appropriate legal transfer mechanism (e.g., adequacy decision or standard contractual clauses) as required under data privacy law.

Any sharing of your personal data with other Korro AI entities or service providers will be made in accordance with applicable data protection laws and will be limited to the extent necessary. The legal basis for our sharing of your personal data with such companies is according to Art. 28(1) UK GDPR, Art 26(1) UK GDPR or alternatively our legitimate interests in commissioning those companies with the services described above (Art. 6(1)(f) UK GDPR).

We may also be required to disclose your personal data to government or law enforcement officials in response to a lawful request by a public authority or if we have to do so to comply with a legal obligation, including to meet national security or law enforcement requirements according to Art. 6(1)(c) UK GDPR. We can also disclose your information in order to pursue our legitimate interest in applying or enforcing our terms and conditions or in responding to any claims, in protecting our rights or the rights of a third party, in protecting the safety of any person or in preventing any illegal activity (including for the purposes of fraud protection and credit risk reduction) according to Art. 6(1)(f) UK GDPR.

Your privacy rights

You have certain rights as relates to the processing of your personal data.

  • Access: Be informed as to whether we process your personal data and where that is the case, to request access to that personal data.
  • Rectification: Request the correction of inaccurate personal data.
  • Erasure: You have the right to request that we delete your personal data under certain circumstances, e.g., if your personal data is no longer necessary for the purposes for which it was collected.
  • Restriction: Request that we temporarily or permanently stop processing all or some of your personal data
  • Object: You have the right to object to the processing of your personal data under certain circumstances, in particular if we process your Personal Data on the legal basis of legitimate interests or if we use your personal data for marketing purposes.
  • Data portability: Request a copy of your personal data in commonly used, electronic format and the right to transmit that personal data to another data controller.

Automated individual decision making: We do not use your personal data to make decisions based solely on automated decision making (decisions without human involvement), including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.

Right to lodge a complaint:

You have the right to lodge a complaint with the applicable data protection authority (where you live, work or where the processing occurred), if you believe that the processing of your data violates data protection regulations.

You may exercise these rights by contacting us directly:


Who do I contact with other questions?

If you have any comments or questions about this Privacy Policy, please contact us at complaint

You may also contact our data protection officer:

FIRST PRIVACY GmbH                                                    

Konsul-Smidt-Straße 88                                            E-Mail:

28217 Bremen, Germany                                   

Changes to this privacy policy

We may amend this Privacy Policy occasionally and will provide you with a prominent notice of any material changes.

1. Any therapeutic modules paired with the Korro Engine are developed subject to the regulatory requirements of the jurisdiction(s) in which such products are intended to be marketed.

2. Only OT immersive clinics are currently available in the US.

3. All products are developed, tested, and commercialized according to the regulatory requirements of the jurisdiction(s) in which they are intended to be marketed.