Privacy Policy
Last updated: 7 May 2026Kukuda Labs ("Kukuda", "we", "us") is the controller of your personal data and committed to protecting it. This Policy explains how we process data in connection with our AI visibility service at kukuda.ai.
1. Data Controller
Kukuda Labs
Andrew Ole
Normannenstraße 33a
10367 Berlin
Germany
Email: [email protected]
2. What Data We Collect and Why
| Data | Purpose | Legal Basis (Art. 6 GDPR) |
|---|---|---|
| Email address, business name | Account creation and service delivery | Art. 6(1)(b) — contract performance |
| Feature usage, pages visited | Product analytics and improvement | Art. 6(1)(f) — legitimate interest |
| Newsletter email | Sending the Peek-a-boo newsletter | Art. 6(1)(a) — consent |
| Stripe customer ID | Payment processing reference | Art. 6(1)(b) — contract performance |
| IP address, browser data | Security and fraud prevention | Art. 6(1)(f) — legitimate interest |
| Device/browser data, page events (via the Meta Pixel) | Measuring and optimizing our advertising on Meta platforms | Art. 6(1)(a) — consent |
We do not sell or rent your personal data. We use the Meta (Facebook) Pixel to measure and optimize our advertising; this shares limited event data with Meta as described in the sub-processors section below. We do not otherwise share your personal data with third parties for advertising purposes.
3. Retention Periods
- Account data: duration of your subscription plus 6 years (§ 257 HGB — German commercial records obligation).
- Analytics data: 90 days rolling window.
- Newsletter data: until you unsubscribe. Unsubscribe at any time via the link in our emails.
- Security logs: 30 days.
4. Sub-processors
We engage the following processors under Art. 28 GDPR:
| Sub-processor | Service | Location |
|---|---|---|
| Supabase Inc. | Database and authentication hosting | EU (Frankfurt) |
| Stripe Inc. | Payment processing (PCI-DSS certified) | EU |
| PostHog Inc. | Product analytics | EU |
| Resend Inc. | Transactional email delivery | EU |
| Meta Platforms Ireland Ltd. | Advertising measurement and optimization (Meta Pixel) | EU / US (Data Privacy Framework) |
No personal data is transferred outside the EU/EEA without adequate safeguards under Chapter V GDPR. Transfers to Meta rely on the EU–US Data Privacy Framework and standard contractual clauses.
5. Your Rights
Under the GDPR you have the right to:
- Access (Art. 15): obtain a copy of the personal data we hold about you.
- Rectification (Art. 16): have inaccurate data corrected.
- Erasure (Art. 17): request deletion of your data ("right to be forgotten").
- Portability (Art. 20): receive your data in a machine-readable format.
- Restriction (Art. 18): restrict how we process your data in certain circumstances.
- Objection (Art. 21): object to processing based on legitimate interest.
- Withdraw consent (Art. 7(3)): withdraw newsletter consent at any time without affecting the lawfulness of prior processing.
To exercise any right, email [email protected]. We will respond within 30 days.
6. Supervisory Authority
You have the right to lodge a complaint with the competent data protection authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin
www.datenschutz-berlin.de
7. Cookies
We use one first-party session cookie strictly necessary for authentication. We also use the Meta (Facebook) Pixel, which sets third-party cookies to measure and optimize our advertising on Meta platforms. You can object to advertising cookies through your browser settings or Meta's ad preferences.
8. Changes to This Policy
If we make material changes to this Policy, we will notify you by email at least 14 days before the changes take effect. Continued use of the service constitutes acceptance.