Krofile GDPR Compliance
Overview
Krofile is committed to compliance with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA). This page explains how we process your data in accordance with GDPR requirements, the legal bases for processing, and how to exercise your rights as a data subject.
Data Controller
Krofile LLC is the data controller for personal data collected through the Krofile platform and website. You can contact our data protection team at privacy@krofile.com for any GDPR-related enquiries.
Legal Bases for Processing
We process your personal data under the following legal bases: Contract, meaning processing necessary to perform our contract with you (providing the Krofile service); Legitimate interests, including analytics to improve our service, security monitoring, and fraud prevention; Consent, covering marketing communications and non-essential cookies (you may withdraw consent at any time); Legal obligation, where required to comply with applicable laws.
Your Rights as a Data Subject
Under GDPR, you have the following rights: Right of access, to request a copy of all personal data we hold about you; Right to rectification, to request correction of inaccurate data; Right to erasure ("right to be forgotten"), to request deletion of your data; Right to restriction, to request that we restrict processing of your data; Right to data portability, to receive your data in a structured, machine-readable format; Right to object, to object to processing based on legitimate interests; Right not to be subject to automated decision-making. To exercise any of these rights, email privacy@krofile.com.
International Data Transfers
Krofile is based in the United States. When we transfer your data outside the EEA, we use appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission. Our infrastructure providers (AWS, Stripe) participate in the EU-US Data Privacy Framework.
Data Retention Under GDPR
We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law. Account data is retained for the duration of your account plus 30 days after deletion. Billing records are retained for 7 years as required by tax law. Analytics data is anonymised after 26 months.
Right to Complain
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority. In the EU, this is typically your national data protection authority. We ask that you contact us first at privacy@krofile.com so we can try to resolve your concern directly.
Data Protection Contact
For GDPR-related enquiries, contact us at privacy@krofile.com. We aim to respond to all requests within 30 days.
Related policies