Skip to main content
Kayden Connect

Privacy Policy

Introduction

Kayden Connect LLC (“Kayden Connect”, “we”, “us”, or “our”) is a Wyoming limited liability company with its registered office at 30 N Gould St Ste R, Sheridan, WY 82801, USA. We operate the Kayden Connect platform at app.kaydenconnect.com and the marketing website at www.kaydenconnect.com.

This Privacy Policy describes the personal data we collect about you, how we use it, who we share it with, and the rights available to you under the EU and UK General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”) as amended by the CPRA, the South African Protection of Personal Information Act (“POPIA”), and other applicable data protection laws.

Data We Collect

Information you provide directly

  • Account data: name, work email, company name, job title, country
  • Billing data: handled by Stripe: we receive country, last four digits, and expiration of the card; we do not store full card numbers
  • Tenant content: posts, comments, messages, knowledge-base articles, uploads
  • Support communications: tickets, contact form submissions, survey responses

Information collected automatically

  • Usage data: pages visited, features used, session duration, error reports
  • Device data: browser type, operating system, screen resolution, language
  • Network data: IP address (truncated for analytics), approximate region
  • Cookies and similar technologies. See our Cookie Policy

Marketing analytics

When you visit our marketing site, we may receive analytics data via Google Analytics 4, Google Ads conversion tracking, and the LinkedIn Insight Tag, subject to your cookie consent.

How We Use Your Data

  • To provide, operate, secure, and maintain the Kayden Connect platform
  • To process subscriptions, taxes, and billing through Stripe
  • To send transactional messages (account verification, billing alerts, security notices, service announcements)
  • To send marketing communications where you have given consent (opt-out at any time)
  • To improve our services through aggregated analytics and product telemetry
  • To detect, prevent, and respond to fraud, abuse, and security incidents
  • To comply with legal, tax, and regulatory obligations

Sub-processors & Sharing

We engage the sub-processors below to operate the platform. We do not sell or share your personal data for cross-context behavioural advertising as defined under the CCPA.

The current list is also published at our Sub-processors page, which we update when changes occur.

Sub-processorPurposeRegion
Google Cloud Platform / FirebaseAuthentication, hosting, database, file storageeurope-west1 (Belgium)
Stripe Payments Europe / Stripe, Inc.Subscription billing, Stripe Tax, payment method storageEU / United States
ResendTransactional email (verification, billing, security)United States
LoopsMarketing email (consent-based newsletter and lead magnets)United States
MuxVideo hosting and streaming for webinars and product videoUnited States
CloudflareTurnstile bot protection on public forms; CDNGlobal
Google (Analytics 4, Ads)Marketing-site analytics and advertising conversion measurementGlobal
LinkedInInsight Tag for B2B marketing measurementGlobal

We also disclose personal data when required by law, to enforce our Terms of Service, or in connection with a corporate transaction (with appropriate confidentiality protections).

International Data Transfers

Your personal data is primarily processed in the European Union (Google Cloud europe-west1, Belgium). Some sub-processors are located in the United States and other third countries. Where personal data is transferred outside the EEA, UK, or South Africa, we rely on the European Commission’s Standard Contractual Clauses (“SCCs”), the UK International Data Transfer Addendum, and supplementary measures appropriate to the transfer. A copy of the SCCs we rely on can be requested from legal@kaydenconnect.com.

Data Retention

  • Active account and tenant content: retained while your subscription is active
  • Cancelled accounts: retained for 60 days after cancellation per the lifecycle described in our Terms, then permanently deleted (a self-serve data export tool is available throughout this window)
  • Trial accounts that expire without conversion: hard-locked on day 14, deletion warning email on day 23, permanent purge on day 44
  • Billing records: 7 years (tax and accounting requirements)
  • Audit and security logs: up to 13 months
  • Aggregated, de-identified analytics: retained without time limit

Your Rights

Rights under GDPR and UK GDPR

  • Access: request a copy of personal data we hold about you
  • Rectification: correct inaccurate or incomplete data
  • Erasure: request deletion (subject to legal retention obligations)
  • Portability — receive your data in a structured, machine-readable format
  • Restriction — limit how we process your data while we investigate a request
  • Object — object to processing based on legitimate interests, including direct marketing
  • Withdraw consent — at any time, without affecting processing carried out before withdrawal
  • Complain: to your local supervisory authority. EU residents can identify their authority at edpb.europa.eu; UK residents may contact the ICO at ico.org.uk.

Rights under the CCPA / CPRA (California residents)

  • Right to know — what categories of personal information we collect, the sources, the business purposes, and the categories of recipients
  • Right to delete — request deletion of personal information we have collected from you
  • Right to correct — inaccurate personal information
  • Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioural advertising
  • Right to non-discrimination — we will not deny service, charge different prices, or provide a different level of quality because you exercised your CCPA rights

Rights under POPIA (South Africa)

  • Access to personal information we hold
  • Correction or deletion of inaccurate or excessive information
  • Object to processing on reasonable grounds
  • Lodge a complaint with the Information Regulator at inforegulator.org.za

To exercise any of these rights, email privacy@kaydenconnect.com. We will respond within 30 days (or the shortest period required by applicable law). Verification of your identity may be required.

Cookies

We use strictly-necessary, performance, and marketing cookies. For details on the cookies we set, third-party cookies, and how to manage your preferences, see our Cookie Policy.

Children’s Privacy

Kayden Connect is a business-to-business platform intended for users aged 16 and over. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact privacy@kaydenconnect.com and we will take appropriate action.

Security

We honour SOC 2 Common Criteria controls in our day-to-day engineering practice. SOC 2 Type I certification is in progress and not yet attested; SOC 2 Type II is on our roadmap and follows Type I. Specific safeguards include:

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • Role-based access control with Firebase custom claims and tenant isolation
  • Automated database backups and point-in-time recovery
  • Logical separation of tenant data through strict server-side authorisation
  • Regular dependency scanning and patching

A summary of our security practices is available on our Security page.

Changes to This Policy

We may update this Privacy Policy to reflect changes to our services, applicable law, or our data practices. Material changes will be communicated by email to account administrators at least 30 days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

Contact Us

For privacy questions or to exercise your rights, contact us at:

If you are in the EEA or UK and need to lodge a complaint, you may do so with your local supervisory authority.