AI at Klaviyo: Frequently Asked Questions

  # AI at Klaviyo: Frequently Asked Questions

  Klaviyo uses generative AI and machine learning to support predictive analytics, personalization, workflow assistance, and content assistance features. AI features are designed with customer control and oversight in mind. Some features use account-only processing; some platform-level features use aggregated/de-identified data. For generative AI capabilities, Klaviyo uses vetted third-party providers under contractual restrictions prohibiting retention and training rights on customer data. Customers retain ownership and control of their content and AI-generated outputs, subject to Klaviyo’s [Terms of Service](https://www.klaviyo.com/legal/terms-of-service) or applicable Master Services Agreement.

This document does not amend or form part of your contract with Klaviyo, and it’s possible that some of the information in this document could change or evolve over time.

**1. What is Klaviyo AI?**

Klaviyo uses generative AI and machine learning to help customers work more efficiently and effectively. Some of the features and products that include these are:

- **Agentic AI:** Marketing Agent, Customer Agent
- **Predictive AI:** CLV, expected next order date, best cross-sell date, product recommendations, next best product, predicted number of orders, churn risk, personalized send time, personalized campaigns, channel affinity, RFM analysis, smart send time
- **Generative AI (Content):** Subject Line Generator, Email AI, Image Remix, Brand voice AI
- **Automation AI:** Segments AI, Flows AI, Benchmarks

All AI features are designed with customer control, transparency, and security in mind.

**2. Who owns the inputs and outputs in relation to Klaviyo’s AI features?**

As between you and Klaviyo, you own all **Inputs** (the data or prompts you provide) and you own the **Outputs** generated by our AI features. For clarity, Inputs and Outputs are considered Customer Data under Klaviyo’s [Terms of Service](https://www.klaviyo.com/legal/terms-of-service) or applicable Master Services Agreement.

Our content generation generative AI features leverage industry-leading models from partners like OpenAI, Anthropic, and Gemini. While AI is a powerful productivity tool, it can occasionally produce inaccuracies or content that may unintentionally mirror existing works. You are responsible for the final **human review** of all AI-generated content. You are the best judge of whether Outputs meet your brand standards, are accurate, and appropriate for your specific use case before you use it.

**3. How does Klaviyo use Customer Data in relation to AI features? Will it be shared with third-party providers?**

Your data privacy and confidentiality is our priority. We handle data in two specific ways depending on the feature:

- **To Provide the Services:** For certain generative AI features (like Subject Line AI or Email AI), Klaviyo sends the necessary prompt or data to industry-leading Large Language Model (LLM) providers like OpenAI or Anthropic. This data is shared strictly to generate the Output you requested. These providers are contractually prohibited from using your data to train their own global models.
- **Model Training and Service Improvement:** To improve and train our proprietary models, Klaviyo uses aggregated or de-identified data. This means your specific customer details are removed or bundled with others so that no individual or brand can be identified. Klaviyo does not train AI models that allow other customers to replicate your proprietary content, brand voice, or strategy.
- **Privacy by Design:** We process Customer Personal Data to the extent necessary to provide the service. We do not “sell” or “share” your data to AI providers (as those terms are defined under applicable data protection laws), and we ensure all third-party partners adhere to our Data Processing Agreement (DPA) standards. Klaviyo does not train AI models that allow other customers to replicate your proprietary content, brand voice, or strategy. Please refer to our [Privacy FAQs](https://www.klaviyo.com/legal/privacy-faqs) for more detail.

**4. Do third-party AI providers process our data?**

For generative AI (like writing assistance, image generation, and chat agents), we partner with leading large language model (LLM) providers OpenAI, Anthropic, AWS Bedrock and Gemini to process Inputs to generate Outputs.

These providers are chosen for their capability and security. Importantly, as noted above, they are contractually prohibited from using customer data for training. They may only process data to deliver the requested feature and are subject to Klaviyo’s vendor security and risk requirements.

When Customer Personal Data is processed by third-party LLM providers for the provision of the Klaviyo Services, we ensure those providers adhere to our DPA standards and are also listed on our subprocessor list.

**5. Can we opt out of generative AI features?**

For generative and agentic AI features (like content generation or K:AI Agents), you have full control on whether to use the features. You are ultimately not required to use the AI suggestions, you can always stick to manual methods as desired.

**6. What procedures are in place to ensure that aggregated and deidentified data cannot be traced back to an individual?**

We implement multiple controls designed to ensure that aggregated or de-identified data cannot be traced back to an individual customer. Prior to machine learning model training, intermediate datasets are reviewed to ensure that Customer Personal Data is not included in the training dataset.

Additionally, any aggregated information used in our systems is structured at a sufficiently coarse level so that many different profiles fall within the same category. This approach helps prevent the identification or re-identification of Customer Personal Data from aggregated outputs.

We also implement internal access controls. Our internal AI tooling operates under managed permission controls. These safeguards help ensure that Customer Personal Data is protected and that AI systems operate on appropriately aggregated or de-identified data.

**7. How does Klaviyo address bias, accuracy, and hallucinations?**

Klaviyo uses internal validation suites to ensure our models are performing to our standards, including ongoing monitoring of model performance. We use both internal as well as 3rd party content moderation tools to filter out harmful or inaccurate responses.

While safeguards are in place, no generative AI system can guarantee 100% elimination of inaccurate or undesirable outputs. Customers retain full control over how AI-generated outputs are used.

**8. Are Klaviyo’s AI features compliant with AI regulations and industry standard practices?**

Our AI features are developed in close partnership between our product, legal, and security teams. Klaviyo regularly evaluates AI features in the context of industry standard practices, applicable privacy laws and monitors evolving AI regulations, including the EU AI Act. AI features are reviewed with consideration for data minimization, purpose limitation, transparency and human oversight. Ultimately, you are the best judge to determine whether our Services meet your needs and compliance requirements.

**9. Does Klaviyo use generative AI to analyze customer data as part of Customer Success or Support services?**

Yes. In connection with providing Customer Success and Support services, Klaviyo may use generative artificial intelligence technologies, including large language models (LLMs) provided by third-party vendors such as OpenAI and Anthropic, to assist Klaviyo personnel in analyzing account performance and generating insights, summaries, and recommendations for customers.

These tools process information from a customer’s Klaviyo account in order to help Klaviyo’s Customer Success and Support teams to provide customer support, review account activity, identify trends, and provide guidance intended to help customers better understand and optimize their use of the Klaviyo platform. AI-generated outputs are solely used to assist Klaviyo personnel in delivering Customer Success and Support services. Customer Data is processed only as necessary to provide these services and in accordance with Klaviyo’s applicable contractual, security, and privacy commitments.

As part of this process, Klaviyo may also leverage Model Context Protocol (MCP) to analyze data within customer accounts and provide AI systems with structured access to relevant account information so that contextual insights and recommendations can be generated. MCP does not grant AI systems the ability to modify your account or take automated actions. Access is limited to data necessary to deliver the requested service, is governed by the same contractual and security commitments that apply to all sub-processors, and is conducted only in connection with an active Customer Success or Support engagement.

**10. What AI governance practices does Klaviyo follow in the development of AI features?**

Klaviyo employs a “Safety by Design” framework for all AI product development. Our governance is built on four key pillars to ensure our tools are reliable, secure, and compliant with evolving global standards:

- **Multi-Disciplinary Oversight:** Every AI feature undergoes a formal review process involving Product, Engineering, Legal, Privacy, and Security teams. This ensures that every model we deploy has been vetted for data privacy, ethical alignment, and technical robustness.
- **Rigorous Risk Assessment:** We maintain a centralized AI Feature Inventory (our “Source of Truth”) where we identify the features, its details, and potential risks for every feature. We document and implement technical mitigations before any tool reaches our customers.
- **Human-in-the-Loop Philosophy:** We design our AI to be an “Assistant,” not an “Autopilot.” Our interface is designed to ensure customers have the final say, providing them with the tools to review, edit, and approve AI-generated content before it is ever sent to an end-consumer.
- **Continuous Monitoring & Auditing:** Governance doesn’t end at launch. We continuously monitor our AI features for performance and accuracy. We also keep our Subprocessor List updated, ensuring that any third-party LLM providers we partner with meet our enterprise-grade security and privacy requirements.

**11. What security controls protect AI-related data?**

AI-related data is protected by Klaviyo’s existing security program, including encryption in transit and at rest, access controls, and vendor risk management. Klaviyo maintains ISO 27001 certification and SOC 2 Type II reporting, both independently audited and verified.

For a full overview of our security practices, please visit [trust.klaviyo.com](https://trust.klaviyo.com).