Privacy Policy

Effective Date: July 2025
Last Updated: July 2025

INTRODUCTION

A. LEGAL FRAMEWORK

This Privacy Policy ("Policy") governs the collection, processing, storage, and protection of personal and non-personal information by AddKPI.com ("Company", "We", "Us", or "Our"). The policy is designed to ensure transparency, compliance with global data protection regulations, and the highest standards of user privacy.

B. REGULATORY COMPLIANCE

This Policy is constructed to comply with, but not limited to:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Personal Information Protection and Electronic Documents Act (PIPEDA)
• Australian Privacy Principles (APP)
• OECD Privacy Guidelines
• International data protection best practices

1. INFORMATION COLLECTION

1.1 PERSONAL INFORMATION CATEGORIES

We collect the following personal information:

• Identification Data
  • Full name
  • Company name
  • Contact information
• Contact Information
  • Email addresses
  • Phone numbers
• Financial and Transactional Data
  • This data is collected by Stripe via PayHip
• Technical and Usage Data
  • IP addresses
  • Device identifiers
  • Browser type and version
  • Operating system
  • Geolocation data
  • Website interaction logs
  • Cookie data
  • Session duration
  • Pages visited
  • Clicked links
• Professional Profile Information
  • Industry sector
  • Company size
  • KPI maturity level
  • Specific KPI interests
  • Professional qualifications

1.2 INFORMATION COLLECTION METHODS

• Direct user submissions
• Automated website tracking technologies
• Purchase transactions
• Customer support interactions
• Preview and template interaction
• Third-party service providers
• Public professional databases
• Cookies and similar tracking technologies

1.3 SENSITIVE INFORMATION

We do NOT intentionally collect:

• Racial or ethnic origin
• Political opinions
• Religious beliefs
• Trade union membership
• Genetic data
• Biometric data
• Health information
• Sexual orientation

2. PURPOSE OF DATA PROCESSING

2.1 PRIMARY PURPOSES

• Facilitate digital product purchases
• Provide customer support
• Manage user accounts
• Process payments
• Deliver purchased templates
• Communicate product updates

2.2 SECONDARY PURPOSES

• Website performance optimization
• User experience improvement
• Fraud prevention
• Compliance with legal obligations
• Marketing communications (with explicit consent)
• Product development research

3. DATA STORAGE AND RETENTION

3.1 STORAGE LOCATIONS

• Secure cloud infrastructure
• Geographically distributed data centers
• Encrypted database systems

3.2 RETENTION PERIODS

• Transactional data: 7 years
• User account data: Active account lifetime + 2 years
• Communication logs: 3 years
• Technical logs: 1 year

3.3 DATA DELETION

• Users can request complete data deletion
• Automatic deletion upon account closure
• Retention of minimal data for legal compliance

4. DATA PROTECTION MECHANISMS

4.1 TECHNICAL SAFEGUARDS

• 256-bit SSL encryption
• Multi-factor authentication
• Regular security audits
• Intrusion detection systems
• Secure data transmission protocols
• Regular vulnerability assessments

4.2 ORGANIZATIONAL SAFEGUARDS

• Limited employee data access
• Mandatory privacy training
• Non-disclosure agreements
• Strict access control protocols
• Regular compliance reviews

5. USER RIGHTS

5.1 RIGHT TO ACCESS

• Request full copy of personal data
• Understand data processing activities
• Verify data accuracy

5.2 RIGHT TO CORRECTION

• Update inaccurate or incomplete information
• Supplement existing data
• Ensure data reliability

5.3 RIGHT TO DELETION

• Request complete data erasure
• Invoke "right to be forgotten"
• Limitations may apply for legal compliance

5.4 RIGHT TO DATA PORTABILITY

• Receive data in structured, machine-readable format
• Transfer data to another service provider

5.5 RIGHT TO RESTRICT PROCESSING

• Limit specific data processing activities
• Pause data usage under certain conditions

6. THIRD-PARTY DATA SHARING

6.1 AUTHORIZED THIRD PARTIES

• Payment processors
• Cloud service providers
• Customer support platforms
• Analytics services
• Legal and regulatory authorities

6.2 SHARING PRINCIPLES

• Minimal data sharing
• Contractual data protection requirements
• No selling of personal information
• Transparent disclosure of sharing practices

7. INTERNATIONAL DATA TRANSFERS

7.1 CROSS-BORDER DATA FLOW

• Transfers to countries with adequate protection
• Standard contractual clauses
• Encryption during transit
• Compliance with international data transfer regulations

8. COOKIES AND TRACKING

8.1 COOKIE TYPES

• Strictly necessary cookies
• Performance cookies
• Functional cookies
• Marketing cookies

8.2 COOKIE MANAGEMENT

• User consent required
• Ability to modify cookie preferences
• Detailed cookie declaration

9. MARKETING COMMUNICATIONS

9.1 COMMUNICATION TYPES

• Product updates
• Educational content
• Special offers
• Research invitations

9.2 CONSENT MANAGEMENT

• Explicit opt-in required
• Easy opt-out mechanism
• No unsolicited communications

10. CHILDREN'S PRIVACY

Services not intended for minors

11. UPDATES TO PRIVACY POLICY

• Policy may be updated periodically
• Users notified of significant changes
• Continued use implies acceptance of updated policy

12. PRIVACY CONTACT

• Dedicated privacy email: privacy@AddKPI.com
• Data Protection Officer contact
• Detailed communication channels

13. GOVERNING JURISDICTION

• Primary jurisdiction: England and Wales
• Applicable data protection laws
• Dispute resolution mechanisms