Privacy Policy

How we handle the personal data of Kikaron users and members.

Last updated: 10 June 2026

1. Who is responsible

Kikaron is a community platform operated from Amsterdam, the Netherlands. For all questions about this privacy policy or the way we handle your data, contact us at info@kikaron.com.

2. Scope

This policy explains what personal data we collect when you use the Kikaron website (kikaron.com) and the Kikaron platform (apps.kikaron.com), why we collect it, how we use it, who else sees it, and what rights you have under the EU General Data Protection Regulation (GDPR).

When you and your members upload content into a Kikaron environment, you are the data controller of that content and we are your data processor. This policy covers the data we collect about you in our role as service operator.

3. What we collect

Account data. Name, email address, organisation name, language preference, and the password hash you set when you sign up. We need this to create and operate your account.

Content data. Anything you and your members put into your environment: team spaces, documents, updates, events, tasks, contacts, photos, calendar entries, etc. We host this on your behalf; we do not look at it except for the technical operation of the Service.

Billing data. Billing address, VAT number (where applicable), and an opaque payment-method token from our payment processor. We do not store full payment-card numbers.

Usage data. When you visit the website we collect anonymous, aggregate page-view counts via Umami — no cookies, no IP address stored, no cross-site tracking. We do not run product analytics inside the platform itself.

Support communications. Anything you send us by email or in support conversations.

4. Why we use it (lawful basis)

  • To provide the Service under the contract between us — account data, content data, billing data.
  • Legitimate interest in keeping the Service secure, debugging issues, and improving it — usage data, technical logs.
  • Legal obligation — invoicing and tax records.
  • Consent — anything else, e.g., a newsletter sign-up, with a clear opt-in and an opt-out at any time.

5. Where your data is stored

Your account data and content data live on servers located in Germany, operated by a European hosting provider. Backups are stored in the same jurisdiction. We do not transfer personal data outside the European Economic Area.

6. Who else sees it

We share personal data only with the small number of providers we need to run the Service. Each is bound by a data-processing agreement and may not use the data for their own purposes. Currently:

  • Hosting — our German hosting provider stores the data on EU-based servers.
  • Payments — our payment processor handles card transactions and stores the cardholder’s data on its own infrastructure under PCI-DSS.
  • Email delivery — transactional and notification emails (sign-up confirmations, password resets, member invites) are sent through an EU-hosted email provider.
  • Web analytics — anonymous page-view counts go to our self-hosted Umami instance on the same European infrastructure.

We do not share, sell, or rent personal data for marketing or AI-training purposes.

7. How long we keep it

  • Account & content data — for the lifetime of your subscription, plus 30 days after cancellation in case you reactivate. After that, we permanently delete the environment.
  • Billing & invoicing data — 7 years, as required by Dutch tax law.
  • Usage logs — 30 days, then deleted automatically.
  • Support communications — up to 2 years, then deleted.

You can export and delete your data at any time during the active period through the export tools in the Service.

8. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • correct inaccurate data;
  • ask us to delete it (“right to erasure”);
  • restrict or object to certain processing;
  • receive your data in a portable format;
  • withdraw any consent you have given.

Send any of these requests to info@kikaron.com. We will respond within one month.

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

9. Cookies and similar technologies

The marketing site (kikaron.com) sets no cookies at all. Our analytics is cookieless and counts visits per page without identifying anyone.

The platform (apps.kikaron.com) sets a session cookie to keep you signed in, and a CSRF token cookie for form security. These are strictly necessary for the Service to function and do not require consent under EU rules.

10. Children

The Service is not intended for children under 16. We do not knowingly collect personal data from anyone under 16. If you become aware that a minor has registered without parental consent, please email us and we will remove the account.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced at least 30 days in advance by email or through the Service.

12. Contact

Questions, requests, or concerns? Email us at info@kikaron.com.