Privacy notice

Last updated: 1st January 2025

Kryptify is committed to safeguarding your personal data and ensuring compliance with all applicable data protection laws, including the UK GDPR, the Data Protection Act 2018, and other relevant legislation. This privacy notice explains how we collect, use, and protect your personal data and outlines your rights under these laws.

1. Data collection

Personal information: We collect personal information you provide directly, such as your name, email address, and payment information.

Usage data: We automatically collect metadata, including IP addresses, device details, and error logs (via Sentry), to ensure security and resolve technical issues.

2. No selling or unnecessary sharing of data

We do not sell your personal data to any third parties. Your data is only shared with trusted subprocessors to fulfil legitimate purposes required to deliver the service. Details of these subprocessors are provided below.

3. Subprocessors

To provide our service, we rely on trusted subprocessors, including:

  • AWS: Provides hosting and secure storage infrastructure.
  • Sentry: Enables error tracking and debugging to improve service reliability.
  • Mailgun: Sends transactional emails, such as account confirmations and notifications.

All subprocessors are contractually required to comply with data protection laws and maintain the confidentiality and security of your data.

4. Legal basis for processing

We process your personal data based on the following legal bases:

  • Contract performance: To provide and operate our services.
  • Legitimate interests: To improve our services, prevent fraud, and ensure security.
  • Consent: For optional marketing communications (with your explicit consent).
  • Legal obligations: To comply with applicable laws and regulations.

5. Your rights under data protection laws

As a data subject, you have the following rights:

  • Right to access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request corrections to inaccurate or incomplete data.
  • Right to erasure: Request the deletion of your personal data in certain circumstances.
  • Right to restrict processing: Request that we limit the processing of your personal data.
  • Right to data portability: Receive your data in a structured, commonly used format for transfer to another provider.
  • Right to object: Object to processing activities, such as direct marketing.

To exercise these rights, contact us at [email protected].

6. International data transfers

Your data may be transferred to and stored on servers outside the UK or EEA. We ensure such transfers comply with GDPR using mechanisms such as Standard Contractual Clauses or adequacy decisions.

7. Data security and retention

We employ industry-standard security measures, including end-to-end encryption, secure servers, and regular audits, to protect your data from unauthorised access or loss.

Your personal data is retained only for as long as necessary to fulfil the purposes outlined in this privacy notice or to comply with legal obligations. For example:

  • User account data is retained while your account is active and deleted within 30 days of closure.
  • Error logs are retained for up to 12 months to improve our services.

8. Cookies

We use cookies strictly necessary for the functionality of the service, such as maintaining session integrity and tracking errors. You can manage cookie settings through your browser.

9. Automated decision-making

We do not use automated decision-making processes that produce legal or significant effects. If this changes, we will update this privacy notice and notify affected users.

10. Data breach notification

In the unlikely event of a data breach, we will notify affected users and the relevant supervisory authority without undue delay, as required under GDPR.

11. Data processing agreement (DPA)

For clients who process personal data through our platform and require a Data Processing Agreement (DPA) under applicable data protection laws, we provide a DPA outlining our commitments as a data processor. To request a copy of our DPA, please contact us at [email protected].

12. Children's privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect data from children. If we become aware of such data, it will be deleted promptly.

13. Contact us

If you have questions or concerns about this privacy notice, contact us at [email protected].