Privacy Policy

Kernel Data Solutions ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our synthetic data generation software and services.

Your Source Data is Private: We do NOT collect, access, or store your source databases or the data you process through our software. All data processing occurs locally on your infrastructure. This policy covers only the metadata and account information we collect to provide our service.

1. Data Controller

The data controller responsible for your personal data is:

Kernel Data Solutions

L9, 11
68159 Mannheim
Germany

Email: support@kerneldatasolutions.com

2. Information We Collect

Personal Data

We collect the following personal information:

Account Information: Name, email address, company name, job title.
Billing Information: Billing address, payment method details (processed securely by our payment processor).
Contact Data: Phone number (if provided), support communication history.

Usage Data

Software Usage Metrics: Features used, frequency of use, job configurations (without actual data values).
Performance Data: Error logs, crash reports, performance metrics.
Technical Information: IP address, device type, operating system, browser type, software version.

What We Do NOT Collect

Your source database connection strings or credentials.
The actual data from your databases (original or synthetic).
Schema details beyond what's necessary for error reporting.
Any personally identifiable information from your processed datasets.

3. How We Use Your Information

We use your personal data for the following purposes under GDPR Article 6:

Performance of Contract (Art. 6(1)(b) GDPR)

Providing and maintaining the software service.
Processing your subscription and payments.
Providing customer support.
Managing your account and authentication.

Legitimate Interests (Art. 6(1)(f) GDPR)

Improving software performance and user experience.
Analyzing usage patterns to develop new features.
Detecting and preventing fraud or security threats.
Sending service-related notifications and updates.

With Your Consent (Art. 6(1)(a) GDPR)

Sending marketing communications (you may opt out at any time).
Participating in beta programs or user research.

Legal Obligation (Art. 6(1)(c) GDPR)

Complying with tax and accounting requirements.
Responding to legal requests and preventing illegal activity.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

Service Providers

Payment Processors: To process subscription payments (e.g., Stripe).
Cloud Hosting: To host our website and services (servers located in EU).
Email Services: To send transactional emails and support communications.
Analytics Tools: To understand usage patterns (with anonymization where possible).

All service providers are contractually bound to GDPR-compliant data processing agreements.

Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our legal rights.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to this Privacy Policy.

5. International Data Transfers

Your data is primarily stored and processed within the European Union. If data is transferred outside the EU, we ensure adequate safeguards are in place through:

Standard Contractual Clauses (SCCs) approved by the European Commission.
Adequacy decisions for countries deemed to provide adequate data protection.
Certification under approved frameworks (e.g., EU-U.S. Data Privacy Framework).

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Account Data: Duration of your subscription plus 30 days after cancellation.
Billing Records: 7 years to comply with German tax law (§ 147 AO).
Usage Logs: 90 days, unless required for security investigations or legal compliance.
Support Communications: 3 years from the last interaction.
Marketing Consent: Until you withdraw consent or 2 years of inactivity.

After the retention period, data is securely deleted or anonymized.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right to Access (Art. 15 GDPR)

Request a copy of your personal data we hold.

Right to Rectification (Art. 16 GDPR)

Correct inaccurate or incomplete personal data.

Right to Erasure (Art. 17 GDPR)

Request deletion of your personal data (subject to legal retention requirements).

Right to Restriction (Art. 18 GDPR)

Limit how we use your personal data.

Right to Data Portability (Art. 20 GDPR)

Receive your data in a structured, machine-readable format.

Right to Object (Art. 21 GDPR)

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent (Art. 7(3) GDPR)

Withdraw consent for processing at any time (where consent is the legal basis).

Right to Lodge a Complaint

File a complaint with your local data protection authority or the German supervisory authority:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg

Lautenschlagerstraße 20
70173 Stuttgart
Germany

To exercise any of these rights, contact us at support@kerneldatasolutions.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Encryption: Data in transit (TLS 1.3) and at rest (AES-256).
Access Controls: Role-based access and multi-factor authentication.
Regular Audits: Security assessments and penetration testing.
Incident Response: Procedures to detect and respond to data breaches.
Employee Training: Regular privacy and security training for staff.

In the event of a data breach affecting your personal data, we will notify you and the relevant authorities within 72 hours as required by GDPR.

9. Cookies and Tracking

We use cookies and similar technologies for:

Essential Cookies: Required for authentication and service functionality.
Analytics Cookies: To understand usage patterns (with your consent).
Preference Cookies: To remember your language and settings.

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect software functionality.

10. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If we discover we have collected data from a child, we will delete it immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through the software at least 30 days before they take effect. Your continued use after changes take effect constitutes acceptance of the updated policy.