top of page

Kabaido Privacy Policy

Effective date: 11 January 2026

This Privacy Policy explains how Kabaido (“Kabaido”, “we”, “us”) collects, uses, shares, and protects personal information when you visit kabaido.com, create an account, request a demo, or use our services (the “Services”). It is written to support common transparency requirements in the UK, EU/EEA, and the United States (including key state privacy laws).

1) Who we are (Data Controller)

Kabaido is the controller for personal information we collect about visitors, prospects, and users of our website and Services.

Controller contact:

If you use Kabaido on behalf of a business, we may process certain data on your organisation’s behalf (see “Customer Data” below).

2) Personal information we collect

We collect information in these categories:

A. Information you provide

  • Contact details: name, email, phone, company, job title

  • Account details: login credentials (stored securely), preferences

  • Commercial/transaction info: subscription plan, billing contact details, invoices (payments are handled by our payment providers; we typically do not store full card details)

  • RFQ / quoting inputs you submit: product requirements, specifications, notes, attachments you upload, and other business information you enter into the platform

  • Support communications: messages, emails, meeting notes, and requests

B. Information collected automatically

  • Usage data: pages viewed, clicks, features used, referral URLs

  • Device/connection data: IP address, browser type, device identifiers, approximate location (from IP), timestamps, log files

  • Cookies and similar technologies: see “Cookies” below

C. Information from others

  • Integrations and service providers: if you connect third-party tools (e.g., CRM/ERP), we may receive data you authorise through those connections.

Sensitive information: Please do not submit sensitive personal information (e.g., health, biometric, government IDs). If it appears in content you upload, we process it only as necessary to provide the Services and protect the platform.

3) How we use personal information

We use personal information to:

  • Provide, operate, secure, and improve the Services

  • Create and manage accounts, authenticate users, and maintain user settings

  • Process subscriptions, billing, and customer administration

  • Respond to enquiries, requests, demos, and support tickets

  • Send service communications (e.g., security notices, updates, transactional messages)

  • Send marketing communications where permitted (you can opt out anytime)

  • Analyse performance, troubleshoot, and prevent fraud/abuse

  • Comply with legal obligations and enforce our terms

4) Legal bases (UK/EU/EEA)

Where UK GDPR / EU GDPR applies, we rely on:

  • Contract: to provide the Services you request

  • Legitimate interests: to secure and improve our Services, prevent fraud, and communicate with business customers (balanced against your rights)

  • Consent: for certain cookies/marketing where required

  • Legal obligation: to comply with laws, tax/accounting rules, and lawful requests

5) Cookies and analytics

We use cookies and similar technologies for:

  • Essential site functionality and security

  • Preferences and performance

  • Analytics (understanding how the site and product are used)

  • Marketing/advertising (where enabled)

Where required (e.g., UK/EU), we ask for consent for non-essential cookies. You can manage cookies via our Cookie Settings (insert link/location) or your browser settings.

6) How we share personal information

We share personal information only as needed:

  • Service providers (processors): hosting, analytics, customer support, email delivery, CRM, payment processing, and security tools (bound by contractual confidentiality and data protection terms)

  • Business transfers: if we’re involved in a merger, acquisition, financing, or sale of assets

  • Legal and safety: to comply with law, respond to lawful requests, protect rights, prevent fraud/abuse, and enforce agreements

  • With your direction: when you choose to connect integrations or request us to share information

We do not “sell” personal information in the ordinary sense. If we ever engage in activities considered “sale” or “sharing” under certain U.S. state laws (e.g., cross-context behavioural advertising), we will provide the required opt-out mechanism.

7) International data transfers

If you access the Services from the UK/EU/EEA, your information may be transferred to and processed in countries outside your region. Where required, we use appropriate safeguards such as adequacy decisions and/or Standard Contractual Clauses (and the UK addendum where relevant), plus additional security measures.

8) Data retention

We retain personal information only as long as necessary for:

  • The purposes described in this policy

  • Contract performance and account administration

  • Legal, tax, accounting, and compliance obligations

  • Security, fraud prevention, and dispute resolution

Retention periods depend on the type of data and how it’s used. You can request deletion as described below.

9) Security

We use administrative, technical, and organisational measures designed to protect personal information. No method of transmission or storage is 100% secure, but we work to prevent unauthorised access, disclosure, or misuse.

10) Your rights

UK/EU/EEA rights (where applicable)

You may have the right to:

  • Access your data

  • Correct inaccurate data

  • Delete data

  • Restrict or object to processing

  • Data portability

  • Withdraw consent (where processing is based on consent)

  • Lodge a complaint with your local data protection authority (e.g., the UK ICO)

U.S. state privacy rights (where applicable)

Depending on your state and how the law applies, you may have rights to:

  • Know/access the personal information we hold about you

  • Correct inaccuracies

  • Delete certain personal information

  • Opt out of certain processing (e.g., targeted advertising, or “sale/sharing” as legally defined)

  • Non-discrimination for exercising privacy rights

  • In some cases, limit the use of “sensitive” personal information (if applicable)

How to exercise rights: email (insert privacy email). We may need to verify your identity and/or authority (for business accounts). If an authorised agent is used, we may request proof of authorisation.

11) Customer Data (business users)

If your organisation uploads or submits information into Kabaido as part of using the Services (e.g., RFQs, customer contacts, specifications) (“Customer Data”), your organisation may be the controller and Kabaido may act as a processor/service provider for that Customer Data. In that case:

  • We process Customer Data to provide the Services under our customer agreement

  • Your organisation is responsible for providing required notices and obtaining permissions from its end users/customers

12) Children

Kabaido is not directed to children and we do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we will take appropriate steps to delete it.

13) Changes to this policy

We may update this Privacy Policy from time to time. We’ll post the updated version on this page and change the “Effective date”. If changes are material, we will take additional steps as required (e.g., notice in-product).

14) Contact

For privacy requests or questions, contact:Email: hello@kabaido.com

bottom of page