Privacy Policy
Last updated: 2026-07-05
1. Data Controller
Corpobit OÜ (registry code 17360286) is the data controller for Kikplate cloud services provided at kikplate.dev.
Registered address: Harju maakond, Tallinn, Kesklinna linnaosa, Uus-Sadama tn 21-207, 10120, Estonia.
Contact email: [email protected]
2. Scope
This policy applies to the hosted cloud version of Kikplate at kikplate.dev. The open-source self-hosted edition is operated independently by each deployer.
3. Personal Data We Process
We may process account identifiers, name, username, profile image URL, email address, authentication provider information, organization and collaboration metadata, and billing-related metadata required to manage subscription status.
Payment card details are not stored by us. Payments are processed by Stripe.
4. Purposes and Legal Bases
We process personal data to provide the service, secure accounts, enable collaboration features, process subscription access, comply with legal obligations, and improve reliability and support.
Legal bases under GDPR include contract performance, legal obligations, legitimate interests, and consent where applicable.
5. Stripe Payments
Stripe is our payment processor. When you subscribe, billing-related data is shared with Stripe to create and manage subscriptions, invoices, and payment events.
Stripe may act as an independent controller or processor depending on processing activity. Please review Stripe privacy terms at stripe.com/privacy.
6. Data Sharing
We share data only with service providers needed to deliver the service, including hosting, authentication integrations, email delivery, and Stripe for payment processing.
We do not sell personal data.
7. International Transfers
Where data is transferred outside the EEA, we rely on GDPR-compliant transfer mechanisms such as adequacy decisions or standard contractual clauses provided by processors.
8. Retention
We retain account and service data only as long as needed for service delivery, legal compliance, and dispute handling. Data may be retained for a limited period in backups and security logs.
When an account is deleted, we remove or anonymize data where technically and legally feasible.
9. Your GDPR Rights
You may request access, correction, deletion, restriction, objection, and portability of your personal data. You may also lodge a complaint with your local supervisory authority.
To exercise rights, contact [email protected].
10. Security
We use reasonable technical and organizational controls to protect personal data, including access control, transport security, and operational monitoring.
11. Cookies and Similar Technologies
We use essential session and authentication cookies required for core service operation. If optional analytics or marketing cookies are introduced, this policy will be updated and consent requirements will be applied where required.
12. Changes to This Policy
We may update this policy from time to time. The latest version is always published on this page with an updated date.