Privacy Policy
Last updated: 7 May 2026Kukuda Labs GmbH ("Kukuda", "we", "us") is the controller of your personal data and committed to protecting it. This Policy explains how we process data in connection with our AI visibility service at kukuda.ai.
1. Data Controller
Kukuda Labs GmbH
[YOUR_STREET_ADDRESS]
[YOUR_PLZ] Berlin, Germany
Email: privacy@kukuda.ai
2. What Data We Collect and Why
| Data | Purpose | Legal Basis (Art. 6 GDPR) |
|---|---|---|
| Email address, business name | Account creation and service delivery | Art. 6(1)(b) — contract performance |
| Feature usage, pages visited | Product analytics and improvement | Art. 6(1)(f) — legitimate interest |
| Newsletter email | Sending the Peek-a-boo newsletter | Art. 6(1)(a) — consent |
| Stripe customer ID | Payment processing reference | Art. 6(1)(b) — contract performance |
| IP address, browser data | Security and fraud prevention | Art. 6(1)(f) — legitimate interest |
We do not sell, rent, or share your personal data with third parties for advertising purposes.
3. Retention Periods
- Account data: duration of your subscription plus 6 years (§ 257 HGB — German commercial records obligation).
- Analytics data: 90 days rolling window.
- Newsletter data: until you unsubscribe. Unsubscribe at any time via the link in our emails.
- Security logs: 30 days.
4. Sub-processors
We engage the following processors under Art. 28 GDPR:
| Sub-processor | Service | Location |
|---|---|---|
| Supabase Inc. | Database and authentication hosting | EU (Frankfurt) |
| Stripe Inc. | Payment processing (PCI-DSS certified) | EU |
| PostHog Inc. | Product analytics | EU |
| Resend Inc. | Transactional email delivery | EU |
No personal data is transferred outside the EU/EEA without adequate safeguards under Chapter V GDPR.
5. Your Rights
Under the GDPR you have the right to:
- Access (Art. 15): obtain a copy of the personal data we hold about you.
- Rectification (Art. 16): have inaccurate data corrected.
- Erasure (Art. 17): request deletion of your data ("right to be forgotten").
- Portability (Art. 20): receive your data in a machine-readable format.
- Restriction (Art. 18): restrict how we process your data in certain circumstances.
- Objection (Art. 21): object to processing based on legitimate interest.
- Withdraw consent (Art. 7(3)): withdraw newsletter consent at any time without affecting the lawfulness of prior processing.
To exercise any right, email privacy@kukuda.ai. We will respond within 30 days.
6. Supervisory Authority
You have the right to lodge a complaint with the competent data protection authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin
www.datenschutz-berlin.de
7. Cookies
We use one first-party session cookie strictly necessary for authentication. We do not use advertising cookies or third-party tracking cookies.
8. Changes to This Policy
If we make material changes to this Policy, we will notify you by email at least 14 days before the changes take effect. Continued use of the service constitutes acceptance.