Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

• Company: Kamina.io (SASU)
• SIRET: 881 915 813 00011
• Address: 11 Rempart Saint Thiébault, 57000 Metz, France
• Contact: hello@kamina.io

2. Data We Collect

We collect the minimum data necessary to operate our website and deliver our services. Categories of data collected include:

a) Analytics data

We use Cloudflare Web Analytics to understand aggregate traffic patterns. This service collects anonymised, aggregated data including page views, referrer URLs, and approximate geographic region (country level). No cookies are set by this analytics service, and individual users are not tracked across sessions or sites.

b) Contact and booking forms

When you contact us by email or book a call via Cal.com, we collect your name, email address, company name (if provided), and the content of your message or booking details. This data is used solely to respond to your enquiry or manage your scheduled call.

c) Billing data

If you subscribe to our services, billing and payment data is processed by Stripe, Inc. We do not store your full card number or IBAN on our systems. We retain transaction identifiers, billing address, and invoicing records as required by French accounting and tax law.

d) Technical data

Our infrastructure (Cloudflare) may log IP addresses, HTTP headers, and request metadata for security, DDoS protection, and operational purposes. These logs are retained for a limited period as described in Cloudflare's own privacy notice.

3. Legal Basis for Processing

• Performance of a contract (Art. 6(1)(b) GDPR): Processing your contact details and billing data to deliver our subscription services and manage our contractual relationship.
• Legitimate interests (Art. 6(1)(f) GDPR): Anonymised analytics to improve site performance; security logging to protect our infrastructure.
• Legal obligation (Art. 6(1)(c) GDPR): Retention of accounting and invoicing records as required by French tax and commercial law (Code de Commerce, Code Général des Impôts).
• Consent (Art. 6(1)(a) GDPR): Where we request your consent for any additional processing (e.g., marketing emails), you may withdraw that consent at any time.

4. Data Retention Periods

• Contact enquiries: 3 years from the last interaction, unless a contractual relationship is established.
• Active client data: Duration of the contract plus 3 years for dispute resolution purposes.
• Invoicing and accounting records: 10 years, as required by French commercial law (Article L. 123-22 of the Code de Commerce).
• Analytics data: Aggregated and anonymised — no individual retention limit applies.
• Security logs: Up to 30 days, per Cloudflare's data retention practices.

5. Third-Party Data Processors

We engage the following sub-processors. Transfers to processors outside the EU/EEA are governed by Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms under Chapter V of the GDPR.

• Cloudflare, Inc. (USA) — CDN, DNS, DDoS protection, and privacy-preserving web analytics. Privacy notice: cloudflare.com/privacypolicy
• Cal.com, Inc. (USA) — Scheduling and booking management. Privacy notice: cal.com/privacy
• Stripe, Inc. (USA) — Payment processing and subscription billing. Privacy notice: stripe.com/privacy

6. Your Data Subject Rights

Under the GDPR, you have the following rights with respect to your personal data:

• Right of access (Art. 15): You may request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You may request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): You may request deletion of your data, subject to our legal retention obligations.
• Right to restriction of processing (Art. 18): You may request that we limit processing of your data in certain circumstances.
• Right to data portability (Art. 20): Where processing is based on consent or contract and carried out automatically, you may request your data in a structured, machine-readable format.
• Right to object (Art. 21): You may object to processing based on legitimate interests at any time.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at hello@kamina.io. We will respond within 30 days. If you believe your rights have been violated, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) at cnil.fr.

7. Cookie Policy

We operate a minimal cookie footprint in line with our commitment to privacy by design.

• Strictly necessary cookies: We do not set any first-party cookies for strictly necessary purposes at this time.
• Analytics: Cloudflare Web Analytics is used in cookieless mode. It does not set cookies or track individual users across sessions. No consent is required for this analytics method under the ePrivacy Directive.
• Third-party cookies: Embedded content or links (e.g., Cal.com booking widget, Stripe checkout) may set their own cookies when you actively interact with them. Please refer to the respective privacy notices listed in Section 5.

You can control or delete cookies through your browser settings. Disabling third-party cookies may affect the functionality of booking and payment flows.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated to active clients by email. The "Last updated" date at the top of this page always reflects the most recent revision.