跳转到主要内容

Privacy Policy

Last updated: March 2026

1. Introduction

Kodda (“we”, “us”, or “our”) operates the kodda.dev service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our tool. If you are located in the European Economic Area (EEA) or United Kingdom, this policy also serves as our GDPR/UK GDPR disclosure. The data controller is Kodda, reachable at support@kodda.dev.

2. Data We Collect

  • Account data — email address, display name, and authentication credentials provided at sign-up.
  • Workspace data — documents, text, and files you upload to train your AI assistants.
  • Usage data — chat logs, queries, and analytics related to widget interactions.
  • Payment data — subscription status processed via our payment provider. We do not store full credit card details.

3. How We Use Your Data

We strictly use your data to operate, maintain, and improve the Kodda tool. Your uploaded documents and workspace data are never used to train foundational AI models across other customers. Your data is isolated to your tenant environment. We use your information to:

  • Provide the core RAG (Retrieval-Augmented Generation) chat functionality.
  • Process transactions and send related billing information.
  • Detect, prevent, and address technical issues or security breaches.
  • Provide customer support.

4. Third-Party Processors

To provide our tool, we share data with trusted third-party service providers. These sub-processors are bound by strict data processing agreements:

  • MongoDB Atlas & Qdrant: For application database and vector embedding storage.
  • AWS S3 / MinIO: For secure, encrypted document file storage.
  • RevenueCat & Stripe: For subscription management and payment processing.
  • Sentry: For error tracking and performance monitoring.
  • OpenAI / LLM Providers: For generating answers. We use zero-retention APIs where available so your inputs are not used for their training.

5. Data Retention & Security

We retain your personal information and uploaded documents only for as long as your account is active or as needed to provide you the tool. Upon account deletion, we securely erase your workspace data, chat logs, and files within 30 days.

We implement robust security measures including encryption in transit (TLS) and at rest (AES-256), multi-tenant logical isolation, and regular security audits. In the event of a data breach, we will notify affected users and relevant supervisory authorities within 72 hours as required by law.

6. Your GDPR & Privacy Rights

Depending on your location, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the data we hold about you.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data.
  • Right to Data Portability: Receive your data in a structured, commonly used format.
  • Right to Restrict or Object: Object to processing or request restriction of how your data is used.

To exercise any of these rights, or to contact our Data Protection Officer (DPO), please email us at privacy@kodda.dev.

7. Cookies and Tracking

We use essential cookies strictly necessary for authenticating users, managing sessions, and securing the tool. We do not use third-party marketing cookies or sell your data to advertisers.

8. International Data Transfers

Your data may be transferred to and processed in countries outside of your residence. For EEA/UK users, we ensure appropriate safeguards (such as Standard Contractual Clauses) are in place when transferring data to our subprocessors globally.

9. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@kodda.dev.