Privacy Policy

Last updated: February 9, 2026

At Kurabiye, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our consent management platform and related services.

1. Information We Collect

1.1 Information You Provide

When you create an account or use our services, we may collect:

  • Account Information: Name, email address, company name, and password when you register
  • Billing Information: Payment card details, billing address, and transaction history (processed securely through our payment providers)
  • Communication Data: Information you provide when contacting our support team or participating in surveys
  • Configuration Data: Settings, preferences, and customizations you make within our platform

1.2 Information Collected Automatically

When you use our services, we automatically collect:

  • Usage Data: Information about how you interact with our platform, including features used and time spent
  • Device Information: Browser type, operating system, device identifiers, and IP address
  • Log Data: Server logs including access times, pages viewed, and referring URLs
  • Consent Records: Aggregated and anonymized consent data from websites using our SDK

1.3 Information from Third Parties

We may receive information from:

  • Authentication providers if you choose to sign in with Google or other SSO options
  • Analytics services that help us understand platform usage
  • Business partners for verification and fraud prevention purposes

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our consent management services
  • Process transactions and send related information
  • Send technical notices, updates, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze trends, usage, and activities to improve user experience
  • Detect, investigate, and prevent fraudulent transactions and abuse
  • Personalize and improve your experience with our platform
  • Comply with legal obligations and enforce our terms

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process personal data based on:

  • Contract Performance: Processing necessary to provide our services to you
  • Legitimate Interests: For analytics, security, and service improvement
  • Legal Compliance: To meet regulatory and legal requirements
  • Consent: For marketing communications and optional features

4. Data Sharing and Disclosure

We may share your information with:

  • Service Providers: Third parties who assist in operating our platform (hosting, analytics, payment processing)
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize sharing

We do not sell your personal information to third parties.

5. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal, accounting, and reporting requirements
  • Resolve disputes and enforce our agreements

Consent records are retained for the legally required period (typically 3-7 years depending on jurisdiction) to demonstrate compliance with privacy regulations.

6. Data Security

We implement industry-standard security measures including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • SOC 2 Type II and ISO 27001 compliance
  • Data center security and redundancy

7. International Data Transfers

Your information may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses approved by the European Commission
  • Data residency options (EU data stored in Frankfurt, UK data in London, US data in Oregon)
  • Compliance with applicable data protection frameworks

8. Your Rights

Depending on your location, you may have the following rights:

8.1 GDPR Rights (EEA/UK)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where consent is the legal basis

8.2 CCPA/CPRA Rights (California)

  • Know: Learn what personal information we collect and how it's used
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt out of the sale or sharing of personal information
  • Non-Discrimination: Not be discriminated against for exercising your rights
  • Correct: Request correction of inaccurate personal information
  • Limit Use: Limit use of sensitive personal information

To exercise your rights, contact us at privacy@kurabiye.io or through your account settings.

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for platform functionality
  • Analytics Cookies: To understand usage patterns and improve our service
  • Preference Cookies: To remember your settings and preferences

You can manage cookie preferences through our consent banner or your browser settings.

10. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes

12. Contact Us

For questions about this Privacy Policy or our data practices, contact us:

Kurabiye Privacy Team

Email: privacy@kurabiye.io

Support: support@kurabiye.io

Address: Kurabiye, Data Protection Office

For GDPR-related inquiries, you may also contact your local data protection authority.