Privacy Policy
Last updated: 18 March 2026
Contents
- 1. Who We Are
- 2. Information We Collect
- 3. How We Use Your Information
- 4. Legal Basis for Processing (GDPR)
- 5. Cookies and Similar Technologies
- 6. Information Sharing and Disclosure
- 7. Data Retention
- 8. International Data Transfers
- 9. Your Rights Under GDPR
- 10. Your Rights Under CCPA (California)
- 11. Data Security
- 12. Children's Privacy
- 13. Changes to This Policy
- 14. Contact & Data Protection Officer
1. Who We Are
Kancoding is a digital agency providing web design, development, cybersecurity, branding, and related services. Our website is kancoding.com.
For the purposes of data protection law, Kancoding is the data controller of the personal information described in this policy. You can contact us at support@kancoding.com.
2. Information We Collect
We collect personal information in the following ways:
Information You Provide Directly
- Contact form: name, email address, company name, and message content.
- Account registration: name, email address, and password (stored as a cryptographic hash — we never store plaintext passwords).
- Google Sign-In: name, email address, and profile picture provided by Google.
- Client portal profile: company name, phone number, address, ABN/business number, and website.
- Support tickets: the content of messages you submit.
Information Collected Automatically
- Log data: IP address, browser type, operating system, pages visited, and timestamps.
- Cookies and local storage: see our Cookie Policy for details.
Information From Third Parties
When you sign in with Google, we receive the profile information described above. This is subject to Google's own Privacy Policy.
3. How We Use Your Information
We use the personal information we collect to:
- Respond to your enquiries and provide customer service.
- Create and manage your client portal account.
- Deliver the services you have requested.
- Send transactional emails (e.g. account verification, support ticket updates).
- Send service-related announcements where you have not opted out.
- Improve the website and our services through analytics.
- Protect the security of our systems and detect fraud.
- Comply with legal obligations.
We will never use your personal information for automated decision-making or profiling that has a significant effect on you without your explicit consent.
4. Legal Basis for Processing (GDPR)
If you are located in the European Union, European Economic Area, or the United Kingdom, we process your personal information on the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Performance of a contract (Art. 6(1)(b)) |
| Responding to contact form enquiries | Legitimate interests / Pre-contractual steps (Art. 6(1)(b) & (f)) |
| Delivering purchased services | Performance of a contract (Art. 6(1)(b)) |
| Security and fraud prevention | Legitimate interests (Art. 6(1)(f)) |
| Analytics and website improvement | Consent (Art. 6(1)(a)) where cookies are used |
| Legal obligations (e.g. accounting records) | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interests, we have balanced those interests against your rights and determined that they do not override your fundamental privacy rights.
5. Cookies and Similar Technologies
We use cookies and similar technologies to operate our website. For a full explanation of the cookies we set, their purposes, and how to manage them, please read our Cookie Policy. You can update your cookie preferences at any time via the Cookie Settings link in the footer.
6. Information Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:
- Service providers: trusted third-party vendors who help us operate the website and deliver our services (e.g. email delivery, database hosting). These parties are contractually obligated to protect your data and may not use it for their own purposes.
- Legal requirements: if required to do so by law or in response to valid legal process (e.g. a court order or government request).
- Protection of rights: to protect the rights, property, or safety of Kancoding, our clients, or others.
- Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.
Current sub-processors relevant to data storage include: Turso (database, hosted in AWS AP Northeast 1) and the provider hosting our web application.
7. Data Retention
We retain personal information for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required by law.
- Account data: retained for the life of your account, and for up to 2 years after account deletion to comply with legal obligations.
- Contact enquiries: retained for up to 2 years.
- Support tickets and messages: retained for the duration of your account plus 1 year.
- Log data: retained for up to 90 days.
- Cookie consent records: retained for 12 months.
To request deletion of your data before the retention period expires, please contact us at support@kancoding.com.
8. International Data Transfers
Our primary database is hosted in the AWS AP Northeast 1 (Tokyo) region. If you access our website from the EU/EEA or UK, your data may be transferred to and processed in a country that does not have equivalent data protection laws.
Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or we rely on an adequacy decision where applicable.
9. Your Rights Under GDPR (EU/EEA/UK)
If you are located in the EU, EEA, or UK, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:
- Right of access: request a copy of the personal data we hold about you.
- Right to rectification: request correction of inaccurate or incomplete data.
- Right to erasure (right to be forgotten): request deletion of your personal data, subject to legal retention requirements.
- Right to restriction of processing: request that we limit how we use your data in certain circumstances.
- Right to data portability: receive your data in a structured, machine-readable format and transmit it to another controller.
- Right to object: object to processing based on legitimate interests, including for direct marketing.
- Rights related to automated decision-making: not to be subject to solely automated decisions that produce legal or similarly significant effects.
- Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting lawfulness of prior processing.
You also have the right to lodge a complaint with your local data protection authority (e.g. the ICO in the UK, or your national DPA in the EU) if you believe your rights have been infringed.
10. Your Rights Under CCPA (California Residents)
If you are a resident of California, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you the following rights:
- Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.
- Right to Delete: request that we delete personal information we have collected from you, subject to certain exceptions.
- Right to Correct: request correction of inaccurate personal information we hold about you.
- Right to Opt-Out of Sale / Sharing: we do not sell your personal information, nor do we share it for cross-context behavioural advertising. There is nothing to opt out of at this time.
- Right to Limit Use of Sensitive Personal Information: we do not use sensitive personal information beyond what is necessary to provide the services you requested.
- Right to Non-Discrimination: we will not discriminate against you for exercising any of your CCPA rights.
Categories of Personal Information Collected (Last 12 Months)
| Category | Examples | Collected? |
|---|---|---|
| Identifiers | Name, email address, IP address | Yes |
| Personal information (Cal. Civ. Code § 1798.80(e)) | Name, address, telephone number | Yes (if provided) |
| Commercial information | Services purchased | Yes |
| Internet / network activity | Browsing history on our website | Yes (logs) |
| Geolocation data | Approximate location from IP | Indirectly |
| Professional / employment info | Company name, role | If provided |
| Sensitive personal information | Government IDs, financial data | No |
11. Data Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. These measures include:
- Transmission of data over HTTPS (TLS encryption).
- Passwords stored as cryptographic hashes (bcrypt) — we never store plaintext passwords.
- Role-based access controls for our systems.
- CSRF and XSS protection measures.
- Comprehensive HTTP security headers (HSTS, CSP, etc.).
No method of transmission over the internet is 100% secure. If you suspect a security incident affecting your data, please notify us immediately at support@kancoding.com.
12. Children's Privacy
Our website and services are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information without parental consent, please contact us and we will take steps to remove that information.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the date at the top of this page and, where appropriate, notify you by email or by displaying a prominent notice on our website.
We encourage you to review this policy periodically to stay informed about how we protect your information.
14. Contact & Data Protection Officer
For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:
Kancoding
Email: support@kancoding.com
Subject line: Privacy Request (for GDPR) or CCPA Request (for California residents).
If you are in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority. A list of EU DPAs can be found at edpb.europa.eu.