Skip to content

Privacy Policy

Last updated: June 25, 2026

This Privacy Policy explains how ARK Consulting processes personal data when you use the KikiDoc service, including the website, API, customer portal, MCP server, and related documentation (the "Service").

Controller Details

ARK Consulting Jasminowa 6b/59 05-825 Grodzisk Mazowiecki Poland NIP: 8381725246

Email: [email protected]

For account, billing, usage, and operational data relating to the operation of the Service, KikiDoc acts as a data controller.

For Customer Content submitted by customers through the Service, KikiDoc generally acts as a data processor on behalf of its customers.

If you are located in the EEA or UK, personal data is processed in accordance with the GDPR and UK GDPR, as applicable.

1. Data We Collect

Account Data

When you create an account, we collect:

  • Email address
  • Securely hashed password
  • Organization name
  • Team membership and role information

API Keys

We store API keys in a secure form. The full API key is displayed only once at creation and is stored only in masked and/or derived form thereafter.

Usage and Metering Data

To provide, secure, and bill for the Service, we collect:

  • API request timestamps
  • API key identifiers
  • Usage counts and quota consumption
  • Subscription and plan status

Customer Content

We process the HTML, templates, data, URLs, and generated documents submitted through the Service ("Customer Content") solely for the purpose of providing the Service.

Technical Data

We collect technical and security-related information including:

  • IP address
  • Request metadata
  • Error logs
  • Security and audit logs

This information is used for security, abuse prevention, debugging, and operation of the Service.

Payment Data

Payments are handled by our payment provider. We do not collect or store full payment card details.

Purpose Legal Basis (GDPR)
Provide the Service, render documents, and deliver results Performance of a contract
Authenticate users and secure accounts Legitimate interests
Prevent abuse, fraud, and unauthorized access Legitimate interests
Meter usage, enforce quotas, and bill paid plans Performance of a contract
Send transactional emails (verification, password reset, invitations) Performance of a contract; legitimate interests
Maintain, troubleshoot, improve, and secure the Service Legitimate interests
Comply with legal obligations and enforce our Terms Legal obligation; legitimate interests

We do not sell personal data.

We do not use Customer Content to train machine-learning models.

3. Service Providers and Sharing

We use third-party service providers to operate and support the Service.

Provider Purpose Notes
Fly.io Application hosting and compute Frankfurt, Germany
Neon Managed PostgreSQL database EU region (Frankfurt)
Cloudflare DNS, CDN, proxying, object storage (R2), documentation hosting Global infrastructure
Lemon Squeezy Merchant of Record, payments, billing, invoicing, tax handling Operates under its own privacy policy
Resend Transactional email delivery mail.kikidoc.dev

Some service providers may process personal data outside the EEA or UK.

Where international transfers occur, we rely on appropriate safeguards under applicable data protection laws, including Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other lawful transfer mechanisms.

We may also disclose information:

  • where required by law;
  • to comply with legal processes;
  • to protect the rights, safety, users, or security of the Service;
  • in connection with a merger, acquisition, financing, or business transfer.

4. Customer Content Processing and Retention

Rendering

Customer Content is processed transiently to generate requested outputs.

We do not inspect Customer Content beyond what is reasonably necessary to render documents, secure the Service, troubleshoot issues, and prevent abuse.

Stored Artifacts

When signed-URL delivery is used:

  • generated files are stored with our storage provider;
  • download URLs are time-limited (default expiration: 1 hour);
  • stored artifacts are automatically deleted 24 hours after creation through storage lifecycle rules.

Stored Templates

Templates saved by customers remain available until deleted by the customer or the account is removed.

Bring-Your-Own Storage

Where customers configure their own storage bucket:

  • credentials are encrypted at rest;
  • credentials are never displayed back after storage;
  • credentials are used solely to provide the configured integration.

5. Customer Responsibility for Uploaded Data

You are responsible for ensuring that you have a lawful basis to submit any personal data, documents, HTML, templates, URLs, or other content to the Service.

Where Customer Content contains personal data, you are responsible for providing any required notices, obtaining any required consents, and complying with applicable privacy and data protection laws.

KikiDoc processes such content solely for the purpose of providing the Service in accordance with your instructions.

6. Data Retention

We retain account, subscription, and usage data for as long as necessary to provide the Service and comply with legal, tax, accounting, fraud prevention, security, and contractual obligations.

When an account is deleted, personal data is deleted or anonymized within 30 days, except where longer retention is required by law or legitimate business obligations.

Certain records may be retained for longer periods where required for tax, accounting, fraud prevention, security, dispute resolution, legal claims, or regulatory compliance.

7. Your Rights

Subject to applicable law, including the GDPR, you may have the right to:

  • access your personal data;
  • correct inaccurate data;
  • request deletion of data;
  • restrict processing;
  • object to processing;
  • receive a portable copy of your data;
  • withdraw consent where consent is the legal basis for processing.

To exercise these rights, contact:

[email protected]

We may need to verify your identity before fulfilling a request.

We encourage you to contact us first so that we can attempt to resolve any privacy concerns directly.

You also have the right to lodge a complaint with a supervisory authority. In Poland, the competent authority is the President of the Personal Data Protection Office (UODO).

8. Cookies

The customer portal uses a single strictly necessary authentication cookie (an HttpOnly session token) required to keep users logged in.

We do not use advertising cookies or third-party tracking cookies.

If analytics or additional cookies are introduced in the future, this policy and any required cookie notice will be updated accordingly.

9. Security

We implement reasonable technical and organizational measures designed to protect personal data, including:

  • encryption in transit using HTTPS/TLS;
  • hashed passwords;
  • encryption of sensitive stored credentials;
  • scoped API keys;
  • access controls;
  • security monitoring and logging.

No method of transmission or storage is completely secure. While we work to protect personal data, we cannot guarantee absolute security.

Where required by law, we will notify affected users and relevant authorities of qualifying personal data breaches.

10. Data Processing Addendum

Where required by applicable data protection laws, KikiDoc will make available a Data Processing Addendum (DPA) governing the processing of personal data contained within Customer Content.

11. Children

The Service is not directed to children and is not intended for anyone under 18 years of age.

We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time.

If material changes are made, we will provide reasonable notice by email, through the Service, or both.

The "Last updated" date at the top of this policy will indicate when the latest revision became effective.

13. Contact

Privacy questions, GDPR requests, or other data protection inquiries may be sent to:

[email protected]

Controller:

ARK Consulting Jasminowa 6b/59 05-825 Grodzisk Mazowiecki Poland NIP: 8381725246