Privacy Policy

Effective date: 12 June 2024

Kaja is operated by Andras Serfozo as an individual project. This policy explains what personal data Kaja collects, why it is used, and what choices you have.

Contact: subztep@gmail.com

Data We Collect

When you create or use an account, Kaja may collect:

  • account data, such as your name, email address, password authentication data, and account settings;
  • authentication data, such as sessions, verification status, password reset requests, email change requests, and device authorization requests;
  • technical data, such as IP address, browser or device information, request times, error logs, and security logs;
  • email data needed to send account emails, such as verification, password reset, and email change messages.

Kaja does not intentionally collect payment data because accounts are currently free.

How We Use Data

Kaja uses personal data to:

  • create and manage user accounts;
  • authenticate users and protect sessions;
  • send account and security emails;
  • provide, maintain, debug, and secure the service;
  • prevent abuse, spam, and unauthorized access;
  • comply with legal obligations.

Cookies And Sessions

Kaja uses essential cookies or similar session storage for login and authentication. These are needed for the service to work.

Kaja does not currently use advertising cookies. If analytics or other non-essential cookies are added later, this policy should be updated before they are enabled.

If privacy laws such as the GDPR apply, Kaja relies on these legal bases:

  • contract: to provide the account and service you request;
  • legitimate interests: to secure, maintain, and improve the service;
  • consent: where required for optional features;
  • legal obligation: where the law requires records or responses.

Sharing Data

Kaja does not sell personal data.

Personal data may be processed by service providers used to run Kaja, such as:

  • hosting provider: Hetzner Online GmbH;
  • database provider: same as hosting;
  • email/SMTP provider: Gmail SMTP;
  • error monitoring or analytics provider, if enabled later: none.

Kaja may also disclose data if required by law, to protect users, or to investigate abuse or security incidents.

Retention

Kaja keeps account data while your account exists.

After account deletion, Kaja will delete or anonymize personal data within 30 days, unless it must be kept longer for security, abuse prevention, backups, or legal reasons.

Server logs are kept for 30-90 days unless needed longer for security or incident investigation.

Security

Kaja uses reasonable technical and organizational measures to protect personal data, including authentication controls, protected session cookies, and limited access to production systems.

No online service can guarantee perfect security. If you believe you found a security issue, contact subztep@gmail.com.

Your Rights

Depending on where you live, you may have rights to:

  • access the personal data held about you;
  • correct inaccurate data;
  • delete your account or personal data;
  • object to or restrict certain processing;
  • receive a copy of your data;
  • complain to a data protection authority.

To make a request, contact subztep@gmail.com. Kaja may need to verify your identity before acting on a request.

International Transfers

Kaja may process data in countries other than your own, depending on the hosting and email providers used. Currently, personal data may be processed in Germany.

Children

Kaja is not intended for children under 13. Do not create an account if you are below that age.

Changes

This policy may be updated from time to time. Material changes will be posted on this page, and the effective date will be updated.

This site uses Just the Docs, a documentation theme for Jekyll.