Privacy Policy

Last updated: April 8, 2026

1. Who We Are

Kodals ("we", "us", "our") operates the Kodals uptime monitoring and status page platform. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Data We Collect

Account data: Name, email address, hashed password. Collected when you sign up.

Billing data: Processed by Stripe. We store your Stripe customer ID but never your card number.

Monitoring data: URLs you configure for monitoring, HTTP response codes, latency measurements, and uptime history.

Usage data: Pages visited, features used, browsers, device type, IP address (anonymized after 30 days).

Waitlist data: Email address only, collected with your explicit consent.

3. Legal Basis for Processing (GDPR)

  • Contract: Processing necessary to provide the Service (account data, monitoring data)
  • Consent: Waitlist signup, email notifications, cookie preferences
  • Legitimate interest: Service improvement, security, fraud prevention

4. How We Use Your Data

  • Provide and maintain the Service
  • Send alerts when your monitors detect issues
  • Process billing through Stripe
  • Send essential account-related emails
  • Improve the Service and fix bugs

We do not sell your personal data to third parties. We do not use your data for advertising.

5. Data Sharing

We share data only with:

  • Stripe: Payment processing (PCI DSS compliant)
  • Email provider: Transactional emails (alert delivery)
  • Hosting provider: Infrastructure (Vercel, data processed in the US/EU)

All processors are bound by data processing agreements.

6. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion.
  • Monitoring data: Uptime check history retained for 90 days, then automatically purged.
  • Waitlist data: Retained until launch or until you request removal.
  • Billing records: Retained as required by tax law (typically 7 years).

7. Your Rights (GDPR)

As a data subject, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data (via Settings)
  • Erasure: Delete your account and all associated data (via Settings > Delete Account)
  • Portability: Export your data in a machine-readable format
  • Restriction: Request we limit processing of your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw consent: At any time, without affecting prior lawful processing

To exercise any right, email privacy@kodals.com. We respond within 30 days.

8. Cookies

We use strictly necessary cookies for authentication and preferences. See our full Cookie Policy. You can manage your cookie preferences at any time via the banner or browser settings.

9. Security

We protect your data with:

  • Passwords hashed with bcrypt (cost factor 12)
  • HTTPS/TLS encryption in transit
  • Encrypted database at rest
  • Rate limiting on authentication endpoints
  • Regular security reviews

10. International Transfers

Your data may be processed outside the EU (e.g., Vercel US servers). We ensure adequate protection through Standard Contractual Clauses (SCCs) and processor agreements.

11. Children

The Service is not intended for children under 16. We do not knowingly collect data from children under 16.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email. The date at the top reflects the latest revision.

13. Contact & Data Protection Officer

For privacy-related inquiries:

Email: privacy@kodals.com

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.