Privacy Policy

Katon Technologies Ltd. (“Katon,” “we,” “us,” or “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our mobile applications, websites, and consulting services.

This policy is designed to comply with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR). If you are a resident of the UK or EU, you have specific rights regarding your personal data as outlined in this policy.

Data Controller: Katon Technologies Ltd. is the data controller responsible for your personal data.

2.1 Information you provide to us

We collect information that you voluntarily provide to us, including:

• Account information: Name, email address, password, company name, and profile information when you create an account
• Contact information: Name, email, phone number, and message content when you contact us
• Payment information: Billing address and payment details (processed securely by third-party payment processors)
• User content: Any data, files, or content you upload or create using our services
• Communications: Information you provide when you communicate with our support team or participate in surveys

2.2 Information we collect automatically

When you use our services, we automatically collect certain information:

• Usage data: Information about how you interact with our services, including features used, pages viewed, and time spent
• Device information: Device type, operating system, browser type, IP address, and unique device identifiers
• Location data: Approximate location based on IP address (we do not collect precise geolocation without your consent)
• Cookies and similar technologies: Data collected through cookies, web beacons, and similar tracking technologies (see Section 8)
• Log data: Server logs, error reports, and diagnostic information

2.3 Information from third parties

We may receive information about you from third parties, such as:

• Authentication services (e.g., Google, Microsoft) if you choose to sign in through them
• Analytics providers and advertising partners
• Publicly available sources

We process your personal data for the following purposes, based on the lawful bases described:

3.1 To provide and maintain our services

• Create and manage your account
• Deliver the services you requested
• Process payments and fulfill orders
• Provide customer support

Lawful basis: Performance of a contract (Article 6(1)(b) UK/EU GDPR)

3.2 To improve and develop our services

• Analyze usage patterns and trends
• Develop new features and products
• Conduct research and testing
• Troubleshoot technical issues

Lawful basis: Legitimate interests (Article 6(1)(f) UK/EU GDPR) — improving our services and user experience

3.3 To communicate with you

• Send service-related updates and notifications
• Respond to your inquiries and requests
• Send marketing communications (with your consent)
• Provide technical support

Lawful basis: Performance of a contract (for service communications); Consent (for marketing); Legitimate interests (for support)

3.4 For security and fraud prevention

• Protect against fraud, abuse, and security threats
• Enforce our Terms of Service
• Investigate and prevent illegal activities

Lawful basis: Legitimate interests (Article 6(1)(f) UK/EU GDPR) — protecting our business and users

3.5 For legal compliance

• Comply with legal obligations
• Respond to lawful requests from authorities
• Protect our legal rights

Lawful basis: Legal obligation (Article 6(1)(c) UK/EU GDPR); Legitimate interests

We do not sell your personal data. We may share your information in the following circumstances:

4.1 Service providers

We share data with third-party service providers who perform services on our behalf, including:

• Cloud hosting providers (e.g., AWS, Google Cloud, Azure)
• Payment processors (e.g., Stripe, PayPal)
• Analytics services (e.g., Google Analytics)
• Customer support tools
• Email and communication platforms

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Business transfers

If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change.

4.3 Legal requirements

We may disclose your information if required by law or in response to valid legal processes, such as court orders or subpoenas.

4.4 With your consent

We may share your information with third parties when you have given us explicit consent to do so.

Your personal data may be transferred to and processed in countries outside the UK and European Economic Area (EEA), including the United States, where our servers and service providers are located.

When we transfer personal data outside the UK/EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Binding Corporate Rules or other approved mechanisms

You have the right to request information about the safeguards we use for international transfers.

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods depend on the type of data and purpose:

• Account data: Retained while your account is active and for a reasonable period after deletion (typically 30–90 days) for backup and legal purposes
• Usage data: Typically retained for 12–24 months
• Payment data: Retained as required by tax and accounting laws (typically 6–7 years)
• Marketing data: Retained until you withdraw consent or we no longer have a legitimate interest

After the retention period, we securely delete or anonymize your personal data.

If you are a resident of the UK or EU, you have the following rights under the UK GDPR and EU GDPR:

7.1 Right of access

You have the right to request a copy of the personal data we hold about you.

7.2 Right to rectification

You have the right to request that we correct inaccurate or incomplete personal data.

7.3 Right to erasure (“right to be forgotten”)

You have the right to request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.

7.4 Right to restriction of processing

You have the right to request that we restrict processing of your personal data in certain circumstances.

7.5 Right to data portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

7.6 Right to object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

7.7 Right to withdraw consent

Where we process your data based on consent, you have the right to withdraw that consent at any time.

7.8 Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority, such as the UK Information Commissioner's Office (ICO) or your local EU data protection authority.

To exercise your rights, contact us at: contact@katontechnologies.com

We will respond to your request within one month, as required by law.

We use cookies and similar tracking technologies to collect and store information about your interactions with our services.

8.1 Types of cookies we use

• Essential cookies: Required for the operation of our services (e.g., authentication, security)
• Analytics cookies: Help us understand how users interact with our services (e.g., Google Analytics)
• Functional cookies: Remember your preferences and settings
• Marketing cookies: Used to deliver relevant advertising (only with your consent)

8.2 Managing cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our services. You can also opt out of analytics cookies through tools like the Google Analytics Opt-out Browser Add-on.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response and breach notification procedures

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Our services are not intended for children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the “Last Updated” date
• Sending you an email notification (for significant changes)

Your continued use of our services after such changes constitutes your acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer
Email: contact@katontechnologies.com
General inquiries: hello@katontechnologies.com

UK Supervisory Authority
Information Commissioner's Office (ICO)
Website: ico.org.uk