1. Who we are

Kendr is an SEO client management tool operated by Jodana LLC ("we", "us", "our"). Our registered address is in the United Kingdom. If you have any questions about this policy, contact us at support@getkendr.com.

2. What data we collect

We collect the following categories of personal data:

• Account data: your email address and name, provided when you sign up.
• Billing data: payment information processed by Stripe. We do not store card details — Stripe handles all payment data directly.
• Usage data: the client records, service plans, keywords, backlinks, and other content you create inside the app.
• Google data: if you connect a Google account, we store OAuth tokens and the Search Console / GA4 data fetched on your behalf. This data is used solely to display analytics within your account.
• Error and diagnostic data: error reports collected via Sentry, which may include browser type, OS, and the page where an error occurred. No passwords or payment details are included.

3. How we use your data

We use the data we collect to:

• Provide, operate, and improve the Kendr service.
• Process payments and manage your subscription.
• Sync Google Search Console and GA4 analytics data on your behalf.
• Send transactional emails (e.g. password reset, billing receipts) — we do not send marketing emails without your consent.
• Diagnose and fix errors in the application.

4. Legal basis for processing (UK/EU users)

We process your personal data on the following legal bases under UK GDPR:

• Contract: processing necessary to provide the service you've signed up for.
• Legitimate interests: error monitoring and service improvement, where these interests are not overridden by your rights.
• Consent: where you have explicitly connected a Google account or opted into specific features.

5. Data storage and transfers

Your data is stored on Supabase (PostgreSQL database hosted in the US West region) and processed by the following sub-processors:

• Supabase — database and authentication (US)
• Netlify — application hosting (US)
• Stripe — payment processing (US)
• Sentry — error monitoring (US)
• Google — OAuth and analytics data (subject to Google's Privacy Policy)

Where data is transferred outside the UK/EEA, we rely on standard contractual clauses or adequacy decisions to ensure appropriate protections are in place.

6. Data retention

We retain your account data for as long as your account is active. If you delete your account, all associated data (clients, plans, analytics, API keys, and tokens) is permanently deleted within 30 days. Stripe may retain billing records for longer as required by law.

7. Data security and protection mechanisms

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures include:

• Encryption in transit: all data transmitted between your browser and our service is encrypted using TLS (HTTPS).
• Encryption at rest: personal data stored in our database is encrypted at rest by our infrastructure providers.
• Access controls: access to personal data is restricted to authorised systems and personnel only, on a need-to-know basis.
• Authentication: user accounts are protected by secure authentication mechanisms. We encourage the use of strong, unique passwords.
• Data minimisation: we only collect and retain the minimum personal data necessary to provide the service.
• Privacy by design: data protection considerations are built into the development and operation of our service from the outset, in accordance with Article 25 of the UK GDPR.
• Sub-processor standards: we only work with third-party processors who maintain appropriate security standards and are bound by data processing agreements.

While we take all reasonable steps to protect your data, no method of transmission or storage is 100% secure. If you have concerns about the security of your data, please contact us at support@getkendr.com.

9. Special category (sensitive) data

We do not intentionally collect or process any special category data as defined under Article 9 of the UK GDPR. This includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning a person's sex life or sexual orientation.

If you believe you have submitted any such data to us, please contact us at support@getkendr.com and we will delete it promptly.

10. Data breach notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (the Information Commissioner's Office in the UK) within 72 hours of becoming aware of the breach, in accordance with our obligations under UK GDPR Article 33.

Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, in accordance with UK GDPR Article 34, providing details of the breach and the steps we are taking to address it.

11. Your rights

If you are based in the UK or EU, you have the following rights regarding your personal data:

• Access: request a copy of the data we hold about you.
• Rectification: ask us to correct inaccurate data.
• Erasure: request deletion of your data. You can also delete your account directly from Settings → Danger zone.
• Portability: request your data in a machine-readable format.
• Objection: object to processing based on legitimate interests.
• Restriction: ask us to limit how we use your data while a dispute is resolved.
• Complaint: lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data lawfully.

To exercise any of these rights, email us at support@getkendr.com. We will respond within 30 days.

12. Cookies

Kendr uses only functional cookies necessary to keep you logged in (session tokens via Supabase Auth). We do not use advertising or tracking cookies.

13. Third-party integrations

When you connect third-party services (Google, Ahrefs, keyword.com, ClickUp), data is exchanged between Kendr and those services under their respective privacy policies. We only request the permissions necessary to provide the features you use.

14. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or by displaying a notice in the app. The "Last updated" date at the top of this page reflects the most recent revision.

15. Contact

For any privacy-related questions or requests, contact us at support@getkendr.com.