Kapeeto OG Privacy Policy

• 1. Who We Are

  This Privacy Policy explains how Kapeeto OG (“we”, “us”, “our”) processes personal data when you use our platform.

  • Company: Kapeeto OG
  • Address: Herzgasse 69/1/10, 1100 Vienna, Austria
  • Contact: legal@kapeeto.com
  • Website: https://kapeeto.ai
  • Data Controller: Kapeeto OG (registered in Austria)
• 2. Your Rights Under GDPR

  As a data subject under GDPR, you have the right to:

  • Access your personal data
  • Request correction or deletion
  • Object to processing or restrict processing
  • Request data portability
  • Withdraw consent at any time
  • Lodge a complaint with your local data protection authority

  To exercise these rights, contact us at legal@kapeeto.com.

• 3. What Data We Collect

  We collect the following data:

  3.1 Account & Identity Data

  • Name, email address, account credentials

  3.2 Platform Usage Data

  • Course interactions, progress data, responses to questions or modules, uploads, and messages

  3.3 Technical Data

  • IP address, browser type, device information, session duration, logs

  3.4 Payment & Billing Information

  • Managed by Stripe. We do not store full credit card numbers.

  3.5 AI-Generated Interactions

  • Prompts, course data, and outputs generated via our AI system (OpenAI)
• 4. Why We Collect Data (Lawful Bases)

  We collect and process data to:

  Purpose	Legal Basis
  Provide and improve platform features	Performance of contract
  Process payments and subscriptions	Legal obligation / contract
  Generate AI-based course content	Legitimate interest
  Analyze learning behavior and outcomes	Legitimate interest
  Respond to legal requests	Legal obligation
  Prevent fraud and misuse	Legitimate interest
  Send notifications and updates	Consent / Contract

• 5. Who Has Access to Your Data

  We do not sell your data. We only share data with:

  Recipient	Purpose	Legal Safeguards
  OpenAI, L.L.C.	AI model processing	Standard Contractual Clauses (SCCs), DPA
  Stripe, Inc.	Payment processing	DPA, SCCs
  Hostinger International Ltd.	Cloud hosting	EU-based, DPA in place

  We have signed Data Processing Agreements (DPAs) with all our subprocessors and reviewed their GDPR compliance.

• 6. How Long We Store Data

  We retain personal data only as long as necessary:

  • User account data: as long as the account is active or until deletion request
  • Course data: for 36 months after last login
  • Payment data: for 7 years (legal obligation)
• 7. How We Protect Your Data

  We implement industry-leading security measures:

  • Regular encrypted backups
  • HTTPS and SSL for all data transmission
  • Role-based access controls
  • Infrastructure protected by Hostinger security protocols
  • Data minimization and pseudonymization
• 8. International Data Transfers

  Your data may be processed outside the EU (e.g. by OpenAI or Stripe in the US). In such cases, we rely on:

  • Standard Contractual Clauses (SCCs)
  • Verified DPAs
  • Appropriate technical safeguards
• 9. Use of Cookies and Analytics

  We use functional and performance cookies. No marketing or third-party advertising cookies are placed without your consent. You can manage cookie preferences via your browser.

• 10. Minors

  Our platform is not intended for use by individuals under 16 without parental consent. If we discover such data, we will delete it immediately.

• 11. Data Subject Requests

  To make a request about your personal data, email us at legal@kapeeto.com with your name and request description. We respond within 30 days.

• 12. Changes to This Policy

  We may update this Privacy Policy to reflect legal or platform changes. You will be notified by email and/or via our platform. The latest version is always available at https://kapeeto.ai/privacy-policy.