Articles on: Security, Privacy and Compliance

Privacy Notice Platform

Protecting your personal data is a top priority for us — including when using our web-based platform for the creation, administration, and analysis of surveys. In this privacy notice, we explain how we collect, process, and store your personal data when you use the platform, in accordance with the General Data Protection Regulation (GDPR) of the European Union.


Deutsche Fassung: Datenschutz Plattform


What data do we collect?


When using the platform as an administrator or registered user, we collect the following personal data:


  • Name and email address associated with the user account
  • Interactions and activities within the platform (e.g. survey creation, login events)
  • IP address and timestamps of each action (via audit logs)
  • Usage data for behavior analysis (via PostHog)
  • Browser and device metadata (e.g. device type, OS, language, optional location)
  • Login-related data (e.g. last login, use of two-factor authentication)


How do we collect this data?


We collect your data in the following ways:


  • When an account is created (by yourself or assigned by an admin)
  • When actively using the platform (logins, survey setup, settings)
  • Passively via analytics services such as PostHog (consent-based, see below)
  • Automatically via server-side logging (e.g. IP, timestamps, platform actions)


What do we use your data for?


Your personal data is only used for legitimate platform-related purposes, including:


  • Providing user access and capabilities (authentication, rights management)
  • Enabling personalized platform experiences (e.g. interface settings)
  • Improving the platform UX through aggregated analytics (PostHog)
  • Ensuring IT security, including logging unauthorized access attempts
  • Identifying usability issues or technical faults using analytics and logs
  • Fulfilling legal and contractual requirements


We do not use your data for marketing or advertising purposes.



We process your personal data based on the following legal bases under Article 6 of the GDPR:


  • Art. 6 (1) (b): To fulfill our contractual obligations related to your user account
  • Art. 6 (1) (f): Based on our legitimate interests in platform security, QA, and optimization
  • Art. 6 (1) (a): Based on your explicit consent where required (e.g., analytics tools like PostHog)


How long do we store your data?


  • Audit logs (including IP addresses) are stored for at least 30 days — or longer depending on organizational retention policies.
  • Personal data related to user accounts (e.g., profile, action history) is stored as long as the account is active or required to fulfill legal or contractual obligations.
  • When an account is deleted or access is revoked, personal data is either deleted or anonymized unless longer retention is legally required.


Subprocessors involved in platform operations


We work with trusted subprocessors to ensure secure operation and analysis of the platform:


Subprocessor

Purpose

Processed Data

Location

GDPR Compliance

Hetzner Online GmbH

Hosting of platform and backend services

User profiles, audit logs, metadata

Germany

OVHCloud

Hosting of core databases

User profiles, logs

Germany

PostHog Inc.

Behavioral analytics (client-side data with consent)

Usage data, possibly IP

EU infrastructure (self-hosted option)

Crisp IM SAS

Customer support via message/chat interface

Optional email, UI activities

France

Use of Cookies & Analytics


This platform uses cookies and self-hosted tracking tools (such as PostHog) to measure usage patterns, improve UX, and troubleshoot. These features are activated only after you provide explicit consent, in accordance with Art. 6 (1) (a) GDPR.


You may revoke consent at any time or manage cookie settings via your browser or our platform's consent banner.


Your Rights under the GDPR


Under the GDPR, you have the following rights with respect to your personal data:


  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to object to processing (e.g. analytics)
  • Right to data portability


If you wish to exercise any of these rights, please contact us using the contact information below. We respond to all requests within one month, as legally required.


Updates to this Privacy Notice


This privacy notice is reviewed and updated periodically to reflect legal or operational changes. The most current version is always available on our platform.


Last updated: March 25, 2025


How to contact us


If you have any questions or would like to exercise your data subject rights, please contact us as follows:



Contacting the Supervisory Authority


While we encourage you to contact us first with any concerns, you have the right to file a complaint directly with the supervisory authority responsible for Kultify GmbH:


📍 Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de
Website: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm


If you're using additional third-party tools or services (e.g., SSO, integrations, APIs, webhooks), let me know and I can include relevant sections to cover them.

Updated on: 02/04/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!