This Privacy Policy describes how Trapalanda LLC (“Kiban”, “we”, “us”, or “our”) collects, uses, and shares information in connection with your use of our website at kiban.dev and the Kiban Business Operating System software (collectively, the “Service”). By using the Service, you agree to the collection and use of information described in this policy.
1. Information We Collect
Account information. When you create a Kiban account or purchase a license, we collect your email address, name, and billing address. Payment card details are processed directly by our payment processors (Stripe, Lemon Squeezy, or Mercado Pago) and are never stored on our servers.
Usage data. We collect information about how you interact with the Service: pages viewed, CLI commands run (without arguments), and feature adoption. This data is aggregated and used to improve the product.
Technical data. We collect your IP address, browser type, operating system, and referrer URL for security and fraud prevention. IP addresses are hashed before long-term storage.
Communications. If you contact us by email or submit a support ticket, we retain the content of that communication to resolve your request and improve our support quality.
2. How We Use Your Information
We use the information we collect to:
- Deliver and maintain the Kiban BOS software and related services.
- Process your license purchase and manage your subscription.
- Send transactional emails (purchase confirmation, license key delivery, security alerts).
- Respond to your support requests and feedback.
- Detect, investigate, and prevent fraudulent or unauthorized activity.
- Improve our products based on aggregated, anonymized usage patterns.
- Comply with applicable laws and legal obligations.
We do not use your personal data for behavioral advertising or sell it to any third party under any circumstances.
3. Data Storage and Security
Your account data is stored in Supabase (PostgreSQL hosted on AWS). Supabase is SOC 2 Type II certified. All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Backups are retained for 30 days and stored in a separate AWS region.
Access to production databases is restricted to named engineers with MFA-enforced access. We conduct access reviews quarterly.
4. Third-Party Services
We share your data with the following service providers only to the extent necessary to operate the Service:
We do not use Google Analytics, Facebook Pixel, or any third-party behavioral tracking scripts on kiban.dev.
5. GDPR and Your Rights
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights regarding your personal data:
- Access. Request a copy of all personal data we hold about you.
- Rectification. Request correction of inaccurate or incomplete data.
- Erasure. Request deletion of your personal data (subject to legal retention obligations).
- Portability. Receive your data in a machine-readable format.
- Objection. Object to processing based on legitimate interests.
- Restriction. Request that we restrict processing in certain circumstances.
To exercise any of these rights, email privacy@kiban.dev. We will respond within 30 days.
6. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain it for legal or tax purposes (typically 7 years for billing records).
7. Cookies
We use a minimal set of cookies. See our Cookie Policy for details. We do not use advertising or tracking cookies.
8. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by email to registered users at least 14 days before they take effect. The “Effective date” at the top of this page will always reflect the most recent version.
9. Contact
Questions or concerns about this Privacy Policy should be directed to: