kromacat

Privacy Policy

This policy explains what personal data Kromacat collects, why, and what rights you have over it.

1. Who We Are (Data Controller)

Kromacat is the data controller for personal data processed through this platform. Contact us about privacy matters at privacy@kromacat.com.

2. Data We Collect

3. Legal Basis for Processing

4. Third-Party Processors

We use the following sub-processors. All have been assessed for GDPR adequacy:

We do not sell your data to third parties. We do not share data with advertisers.

5. Data Retention

6. Your Rights

Under GDPR Arts. 15–21 and CCPA, you have the following rights:

7. Security

  • All data transmitted over HTTPS/TLS 1.3
  • Passwords hashed with bcrypt (Supabase Auth)
  • Database encrypted at rest (AES-256)
  • Row-level security (RLS) enforced on every table
  • Breach notification to supervisory authority within 72 hours (GDPR Art. 33)
  • Affected users notified without undue delay if high risk (Art. 34)

8. Cookies & Analytics

We use only strictly necessary cookies for authentication. No advertising or tracking cookies are set. See our Cookie Policy for the full list.

We use Vercel Web Analytics to understand how the platform is used. This service is entirely cookie-less β€” it sets no cookies and stores no IP addresses. Visitors are identified by a temporary hash derived from the incoming request; that hash is automatically discarded after 24 hours. All data is aggregated and cannot be used to identify any individual.

9. Complaints & Supervisory Authority

If you believe we have mishandled your personal data, you may: