Privacy Notice Platform
Protecting your personal data is a top priority for us — including when using our web-based platform for the creation, administration, and analysis of surveys. In this privacy notice, we explain how we collect, process, and store your personal data when you use the platform, in accordance with the General Data Protection Regulation (GDPR) of the European Union.
Deutsche Fassung: Datenschutz Plattform
When using the platform as an administrator or registered user, we collect the following personal data:
- Name and email address associated with the user account
- Interactions and activities within the platform (e.g. survey creation, login events)
- IP address and timestamps of each action (via audit logs)
- Usage data for behavior analysis (via PostHog)
- Browser and device metadata (e.g. device type, OS, language, optional location)
- Login-related data (e.g. last login, use of two-factor authentication)
We collect your data in the following ways:
- When an account is created (by yourself or assigned by an admin)
- When actively using the platform (logins, survey setup, settings)
- Passively via analytics services such as PostHog (consent-based, see below)
- Automatically via server-side logging (e.g. IP, timestamps, platform actions)
Your personal data is only used for legitimate platform-related purposes, including:
- Providing user access and capabilities (authentication, rights management)
- Enabling personalized platform experiences (e.g. interface settings)
- Improving the platform UX through aggregated analytics (PostHog)
- Ensuring IT security, including logging unauthorized access attempts
- Identifying usability issues or technical faults using analytics and logs
- Fulfilling legal and contractual requirements
We do not use your data for marketing or advertising purposes.
We process your personal data based on the following legal bases under Article 6 of the GDPR:
- Art. 6 (1) (b): To fulfill our contractual obligations related to your user account
- Art. 6 (1) (f): Based on our legitimate interests in platform security, QA, and optimization
- Art. 6 (1) (a): Based on your explicit consent where required (e.g., analytics tools like PostHog)
- Audit logs (including IP addresses) are stored for at least 30 days — or longer depending on organizational retention policies.
- Personal data related to user accounts (e.g., profile, action history) is stored as long as the account is active or required to fulfill legal or contractual obligations.
- When an account is deleted or access is revoked, personal data is either deleted or anonymized unless longer retention is legally required.
We work with trusted subprocessors to ensure secure operation and analysis of the platform:
This platform uses cookies and self-hosted tracking tools (such as PostHog) to measure usage patterns, improve UX, and troubleshoot. These features are activated only after you provide explicit consent, in accordance with Art. 6 (1) (a) GDPR.
You may revoke consent at any time or manage cookie settings via your browser or our platform's consent banner.
Under the GDPR, you have the following rights with respect to your personal data:
- Right of access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to object to processing (e.g. analytics)
- Right to data portability
If you wish to exercise any of these rights, please contact us using the contact information below. We respond to all requests within one month, as legally required.
This privacy notice is reviewed and updated periodically to reflect legal or operational changes. The most current version is always available on our platform.
Last updated: March 25, 2025
If you have any questions or would like to exercise your data subject rights, please contact us as follows:
- Email: datenschutz@kultify.com
- Phone: +49 911 477 116 01
- Address: Kultify GmbH, Lorenzer Platz 5A, Germany
While we encourage you to contact us first with any concerns, you have the right to file a complaint directly with the supervisory authority responsible for Kultify GmbH:
📍 Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de
Website: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
If you're using additional third-party tools or services (e.g., SSO, integrations, APIs, webhooks), let me know and I can include relevant sections to cover them.
Deutsche Fassung: Datenschutz Plattform
What data do we collect?
When using the platform as an administrator or registered user, we collect the following personal data:
- Name and email address associated with the user account
- Interactions and activities within the platform (e.g. survey creation, login events)
- IP address and timestamps of each action (via audit logs)
- Usage data for behavior analysis (via PostHog)
- Browser and device metadata (e.g. device type, OS, language, optional location)
- Login-related data (e.g. last login, use of two-factor authentication)
How do we collect this data?
We collect your data in the following ways:
- When an account is created (by yourself or assigned by an admin)
- When actively using the platform (logins, survey setup, settings)
- Passively via analytics services such as PostHog (consent-based, see below)
- Automatically via server-side logging (e.g. IP, timestamps, platform actions)
What do we use your data for?
Your personal data is only used for legitimate platform-related purposes, including:
- Providing user access and capabilities (authentication, rights management)
- Enabling personalized platform experiences (e.g. interface settings)
- Improving the platform UX through aggregated analytics (PostHog)
- Ensuring IT security, including logging unauthorized access attempts
- Identifying usability issues or technical faults using analytics and logs
- Fulfilling legal and contractual requirements
We do not use your data for marketing or advertising purposes.
Legal basis for data processing
We process your personal data based on the following legal bases under Article 6 of the GDPR:
- Art. 6 (1) (b): To fulfill our contractual obligations related to your user account
- Art. 6 (1) (f): Based on our legitimate interests in platform security, QA, and optimization
- Art. 6 (1) (a): Based on your explicit consent where required (e.g., analytics tools like PostHog)
How long do we store your data?
- Audit logs (including IP addresses) are stored for at least 30 days — or longer depending on organizational retention policies.
- Personal data related to user accounts (e.g., profile, action history) is stored as long as the account is active or required to fulfill legal or contractual obligations.
- When an account is deleted or access is revoked, personal data is either deleted or anonymized unless longer retention is legally required.
Subprocessors involved in platform operations
We work with trusted subprocessors to ensure secure operation and analysis of the platform:
| Subprocessor | Purpose | Processed Data | Location | GDPR Compliance |
|---|---|---|---|---|
| Hetzner Online GmbH | Hosting of platform and backend services | User profiles, audit logs, metadata | Germany | ✅ |
| OVHCloud | Hosting of core databases | User profiles, logs | Germany | ✅ |
| PostHog Inc. | Behavioral analytics (client-side data with consent) | Usage data, possibly IP | EU infrastructure (self-hosted option) | ✅ |
| Crisp IM SAS | Customer support via message/chat interface | Optional email, UI activities | France | ✅ |
Use of Cookies & Analytics
This platform uses cookies and self-hosted tracking tools (such as PostHog) to measure usage patterns, improve UX, and troubleshoot. These features are activated only after you provide explicit consent, in accordance with Art. 6 (1) (a) GDPR.
You may revoke consent at any time or manage cookie settings via your browser or our platform's consent banner.
Your Rights under the GDPR
Under the GDPR, you have the following rights with respect to your personal data:
- Right of access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to object to processing (e.g. analytics)
- Right to data portability
If you wish to exercise any of these rights, please contact us using the contact information below. We respond to all requests within one month, as legally required.
Updates to this Privacy Notice
This privacy notice is reviewed and updated periodically to reflect legal or operational changes. The most current version is always available on our platform.
Last updated: March 25, 2025
How to contact us
If you have any questions or would like to exercise your data subject rights, please contact us as follows:
- Email: datenschutz@kultify.com
- Phone: +49 911 477 116 01
- Address: Kultify GmbH, Lorenzer Platz 5A, Germany
Contacting the Supervisory Authority
While we encourage you to contact us first with any concerns, you have the right to file a complaint directly with the supervisory authority responsible for Kultify GmbH:
📍 Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de
Website: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
If you're using additional third-party tools or services (e.g., SSO, integrations, APIs, webhooks), let me know and I can include relevant sections to cover them.
Updated on: 02/04/2025
Thank you!