KODA PM

Privacy Policy

How KODA PM protects and processes your personal data.

Commitment

KODA PM, published by Kitzuné Security, is committed to protecting the privacy of its users. This policy describes what data we collect, why we collect it, and how we protect it.

Data collected

  • Account data: name, email address (required for account creation and magic link authentication).
  • Project data: projects, budgets, RAID, milestones, contacts, messages — the data you enter in KODA PM to manage your projects.
  • Usage data: login logs, pages visited — used solely for service operation and security.

Processing purposes

  • Service operation: authentication, project management, report generation, Kody AI assistant.
  • Security: anomaly detection, unauthorized access prevention, logging.
  • Communication: responding to your contact or support requests. No unsolicited marketing emails.

Hosting and security

  • Hosting: Railway EU West (Amsterdam, Netherlands) — European Union.
  • Database: PostgreSQL encrypted at rest and in transit.
  • File storage: Cloudflare R2 — European Union.
  • Authentication: magic link + 2FA TOTP. No passwords stored.

Data sharing

KODA PM does not sell, rent, or share any personal data with third parties for commercial or advertising purposes. Your project data is never used to train AI models. The only subprocessors are those necessary for service operation (hosting, transactional email delivery).

Cookies

KODA PM does not use any third-party cookies for advertising or tracking. Only strictly necessary session cookies for service operation are used. No third-party analytics tools are integrated.

Your rights

Under the GDPR (EU Regulation 2016/679), you have the following rights:

  • Right of access: obtain a copy of your personal data.
  • Right to rectification: correct inaccurate data.
  • Right to erasure: delete your account and all your data.
  • Right to data portability: receive your data in a structured format.
  • Right to object: object to a specific processing.

To exercise these rights, contact us at .

Data retention

Your data is retained as long as your account is active. Upon account deletion, all your data is erased within 30 days. Security logs are kept for a maximum of 12 months.

Updates

This policy may be updated. The last modification date is shown below. In case of substantial changes, you will be notified by email.

Last updated: April 2026