Privacy policy

Effective Date: July 7th 2025
Last Updated: July 7th 2025

1. Data controller

This Privacy Policy describes how Lionel Rudaz, located at Chemin des Côtes 76, 1020 Renens, Switzerland (“we,” “us,” or “our”) collects, uses, and protects your personal data when you use Kaiju (“Service”).

2. Data we collect

2.1 Account information

• Email address (for account creation and communication)
• User identification data
• Subscription and billing information

2.2 Jira integration data

• Links to your Jira users, issues, and releases
• Important: We do not store actual Jira content, only references to access your data through Jira's API
• Jira workspace connection tokens (encrypted)

2.3 Usage data

• Service usage patterns and feature interactions
• Technical data necessary for service operation
• Error logs and performance metrics

2.4 Payment information

• Payment processing is handled by Stripe
• We do not store credit card information on our servers
• We retain transaction records for billing purposes

3. How we use your data

3.1 Service provision

• Provide and maintain the Kaiju service
• Connect to and retrieve data from your Jira workspace
• Process your subscription and billing
• Provide customer support

3.2 Communication

• Send service-related notifications
• Respond to your inquiries and support requests
• Notify you of important service updates

3.3 Service improvement

• Analyze usage patterns to improve our service
• Troubleshoot technical issues
• Develop new features and functionality

4. Data storage and security

4.1 Data location

• Application hosted on Vercel servers in Western Europe
• Database hosted on Supabase servers in Western Europe
• All data processing occurs within the European Union

4.2 Security measures

• Data encryption in transit and at rest
• Regular security audits and updates
• Access controls and authentication protocols
• Secure API connections to Jira

5. Data sharing

5.1 Third-Party services

• Stripe: Payment processing (subject to Stripe's privacy policy)
• Jira/Atlassian: API access to your Jira data (subject to Atlassian's privacy policy)

5.2 No data sales

• We do not sell, rent, or trade your personal data
• We do not share data with advertisers or marketing companies
• We do not use your data for purposes other than providing our service

6. Data retention

6.1 Active accounts

• Account data retained while your subscription is active
• Jira connection data maintained for service functionality

6.2 Trial accounts

• Trial data remains accessible after trial period ends
• No automatic deletion of trial data

6.3 Cancelled accounts

• All personal data immediately deleted upon account cancellation
• Billing records retained as required by Swiss law (typically 10 years)

7. Your rights under GDPR and Swiss data protection law

7.1 Access rights

• Request access to your personal data
• Receive a copy of your data in a portable format

7.2 Correction and deletion

• Correct inaccurate personal data
• Request deletion of your personal data (“right to be forgotten”)

7.3 Processing rights

• Object to processing of your personal data
• Restrict processing under certain circumstances
• Withdraw consent where processing is based on consent

7.4 Data portability

• Request transfer of your data to another service
• Receive your data in a structured, machine-readable format

8. International data transfers

• All data processing occurs within the European Union
• No transfers to countries outside the EU/EEA
• Stripe may process payment data according to their international transfer policies

9. Cookies and tracking

• We use essential cookies for service functionality
• No tracking or analytics cookies are currently used
• Session cookies for authentication and user experience

10. Data breaches

• We will notify you within 72 hours of discovering any data breach
• We will report breaches to relevant authorities as required by law
• We maintain incident response procedures and regular security monitoring

11. Children's privacy

• Kaiju is not intended for users under 16 years of age
• We do not knowingly collect data from children under 16
• If you believe we have collected data from a child, contact us immediately

12. Changes to this policy

• We may update this Privacy Policy from time to time
• Material changes will be communicated via email
• Continued use after notification constitutes acceptance of changes

13. Legal basis for processing

• Contract Performance: Processing necessary to provide our service
• Legitimate Interest: Service improvement and fraud prevention
• Consent: Where you have provided specific consent
• Legal Obligation: Compliance with applicable laws

14. Contact information

14.1 Data protection inquiries

For questions about this Privacy Policy or to exercise your rights:

• Email: Contact us
• Address: Lionel Rudaz, Chemin des Côtes 76, 1020 Renens, Switzerland

14.2 Response time

• We respond to privacy-related inquiries within 2 working days
• Complex requests may take up to 30 days as permitted by law

15. Supervisory authority

If you have concerns about our data processing, you may contact the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local data protection authority.