Privacy Policy
Last updated: June 2026
1. Who we are
KREO provides a hosted Backend-as-a-Service platform. This policy explains what personal data we process when you use our website, dashboard and APIs, and your rights regarding that data.
2. Data we process
- Account data — name, email, organisation, hashed password, and authentication factors (TOTP/passkey identifiers).
- Usage & security data — request metering, IP addresses, user agents and audit events used to operate and secure the Service.
- Billing data — handled by our payment processor; we store a customer reference and plan, not full card details.
- Customer content — the data you choose to store in your database. We process it only to provide the Service.
3. How we use data
To provide and secure the Service, authenticate you, meter usage, prevent abuse, process payments, and communicate operational information. We do not sell your personal data.
4. Legal bases
Where the GDPR applies, we rely on performance of our contract with you, our legitimate interests in operating and securing the Service, and consent where required.
5. Security
We apply technical measures including per-tenant database isolation, encryption of secrets at rest (AES-256-GCM), hashed passwords and API keys, MFA/passkeys, IP allowlisting, and audit logging. No system is perfectly secure, but we work to protect your data appropriately.
6. Retention
We keep account and security data for as long as your account is active and as needed to comply with legal obligations. Customer content is retained until you delete it or close your account.
7. Sharing
We share data only with infrastructure and payment sub-processors necessary to run the Service, and where required by law. We do not share customer content with third parties for their own purposes.
8. Your rights
Subject to applicable law, you may access, correct, export or delete your personal data, and object to or restrict certain processing. Contact us to exercise these rights.
9. International transfers
Our infrastructure is hosted in the European Union. Where data is transferred internationally, we use appropriate safeguards.
10. Contact
Privacy questions or requests? Email contact@kreo.work.