Privacy Policy

Last updated: April 2026

This Privacy Policy explains how personal data is processed when using KODAI ("Service"), available at www.usekodai.com, operated by kidd.vc.

Protecting your privacy is important to us. KODAI is built with a focus on data minimization, transparency, and compliance with the General Data Protection Regulation (GDPR).

1. Data Controller

kidd.vc

Owner: Lukas Kleinmond

Am Rathaus 4

55286 Wörrstadt

Germany

Email: hi@usekodai.com

Web: www.usekodai.com

Phone: +49 155 65578413

2. Scope of this Privacy Policy

This Privacy Policy applies to:

The website www.usekodai.com
The KODAI web application (dashboard)
The KODAI tracking script, replay ingestion endpoints, and APIs
All related services provided under the name KODAI

3. What Data KODAI Processes

3.1 Website Visitors (www.usekodai.com)

When you visit our website, the following technical data may be processed automatically:

IP address (shortened / anonymized where possible)
Browser type and version
Operating system
Referrer URL
Date and time of access
Requested pages

This data is processed solely to ensure website security, stability, and performance.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

3.2 Account Registration & App Usage

When you create an account or use the KODAI app, we process:

Email address
Account credentials (passwords are encrypted and never stored in plain text)
Access-request and onboarding information you submit
Project and configuration data
Subscription and billing status
Connected billing-provider metadata (e.g. from Stripe) required for customer and revenue intelligence features

We do not sell or share this data with third parties for advertising purposes.

Legal basis: Art. 6(1)(b) GDPR (contract performance)

3.3 Analytics, Error Intelligence & Session Replay Data

Depending on your implementation and enabled features, KODAI processes technical product-usage and diagnostics data. We apply privacy-by-design controls and support pseudonymous operation where possible.

No sale of personal data
No data sharing for third-party advertising
No cross-site advertising identifiers
Configurable data controls for capture scope and masking
Data minimization and retention controls

Captured data may include:

Page views
Sessions
Entry and exit pages
Scroll depth
Time spent on pages
Referrer and traffic source (e.g. direct, organic, referral)
Device type (browser, OS, screen size)
Country, region, or city (based on shortened or pseudonymized IP data where feasible)
Error and exception events, stack traces, and related diagnostics
Session replay event streams required to reconstruct user journeys and issues

Data categories and legal requirements can vary by your setup. You are responsible for implementing lawful notice and consent where required by local law.

Legal basis: Art. 6(1)(b) GDPR (service provision) and Art. 6(1)(f) GDPR (legitimate interest in reliability, security, and product analytics), subject to applicable local consent requirements.

4. No Sensitive Personal Data

KODAI is designed to avoid intentional collection of special category data. Customers must not use the Service to intentionally collect sensitive personal data unless they have a valid legal basis and appropriate safeguards.

By default, KODAI does not intentionally require:

Names
Exact IP addresses
Email addresses of end-users
Login credentials of end-users
Payment details of end-users

Depending on customer configuration, some replay or diagnostics payloads may contain user-provided content. Customers are responsible for masking and lawful configuration.

5. Data Retention

Data retention depends on your workspace configuration and commercial agreement:

Retention windows differ by feature (for example analytics, issue diagnostics, and replay data)
Specific limits are communicated in product settings, contract terms, or written agreements

After the retention period, data is automatically deleted and cannot be restored.

6. Data Processing & Infrastructure

Data is processed in the European Union and, where required for service delivery, in other jurisdictions under appropriate safeguards
We use secure, GDPR-compliant infrastructure
Access is restricted to authorized personnel only
Industry-standard security measures are applied

7. Access & Billing

KODAI currently uses an access-based onboarding model. Billing terms, if applicable, are agreed individually. Where payment providers are used, payment card data is processed by those providers and not stored by us in full card form.

Legal basis: Art. 6(1)(b) GDPR

8. Cookies

KODAI does not rely on third-party advertising cookies.

Only strictly necessary cookies may be used for:

Authentication
Session management
Security purposes

9. Your Rights under GDPR

You have the right to:

Access your data (Art. 15 GDPR)
Rectify incorrect data (Art. 16 GDPR)
Delete your data (Art. 17 GDPR)
Restrict processing (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Object to processing (Art. 21 GDPR)

You can exercise your rights by contacting us at hi@usekodai.com.

10. Data Deletion & Account Termination

You may delete your account at any time.

Upon deletion:

All associated data is permanently removed
No backups are retained beyond technical necessity

11. Third-Party Services

KODAI uses a minimal number of trusted service providers strictly necessary to operate the Service (e.g. hosting, infrastructure, authentication, and billing providers).

No data is shared for advertising or marketing purposes.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated revision date.

13. Contact & Complaints

If you believe your data protection rights have been violated, you may contact your local data protection authority.

Primary contact: security@usekodai.com