This Privacy Policy explains how Solèy Technologies Ltd. collects, uses, and protects personal data in connection with the Kontab Service.
1. Categories of data we collect
Depending on how you use Kontab, we may process the following categories of information:
- Account and identity data — for example, name, email address, authentication credentials, role, and settings associated with your user account.
- Business and accounting records — data you upload, import, or create in the Service (for example, ledgers, invoices, contacts, attachments, and related operational records).
- Subscription and billing status — information about your plan, seat entitlements, and payment status as reported by our payment provider (not full payment card details stored by Kontab; see section 2).
- Support communications — messages you send us (for example, through in-app support or email), including content needed to respond to your request.
- Usage and log data — for example, IP address, device and browser information, authentication and session data, timestamps, and operational logs used to run and secure the Service.
- AI interaction data — where you use AI-powered features, content you submit for processing and related metadata needed to provide those features (see section 7).
2. Payment data
Kontab does not directly store full payment card details (such as complete card numbers, CVV, or full magnetic stripe equivalent data) on its own systems. Payment information is collected and processed by Paddle or another authorized payment provider, which receives payment details directly from you or your bank/card network as part of checkout.
Kontab receives confirmation of payment status, subscription identifiers, and related billing metadata from the payment provider as needed to operate accounts and entitlements. The payment provider’s use of payment data is governed by its own terms and privacy notice.
3. Ownership of your business data
You retain ownership of your business records and content. Kontab processes that information only to provide and improve the Service, as described in this Policy, and does not acquire ownership of your underlying accounting or financial records.
4. How we use data
We use data to:
- operate and provide the Service
- deliver accounting functionality
- communicate with users
- maintain security and integrity
- comply with legal obligations
5. Data sharing
We do not sell personal or financial data.
We may share data with:
- service providers and subprocessors that help us run the Service (see section 6)
- authorities where legally required
6. Subprocessors and categories of providers
We use trusted third parties to host, secure, and deliver the Service. They process data only as instructed and as needed for their role. Examples of categories and named providers (which may change over time) include:
- Cloud hosting and database — for example, Supabase and Vercel for application hosting, storage, and related infrastructure.
- Authentication — for example, Supabase Auth for sign-in and session management.
- Email delivery — for example, Resend and/or Postmark for transactional and operational email.
- Payment processing — for example, Paddle when acting as merchant of record or payment provider, or another authorized processor we may use from time to time.
- AI features — where enabled, Anthropic (for example, the Claude API) may process customer content submitted to AI features to generate responses or outputs (see section 7).
Data is shared only as necessary to provide the Service.
7. AI processing
Certain features may process user-submitted content using AI systems (including cloud APIs such as Anthropic’s Claude) to provide functionality you request—for example, in-app assistance or document-oriented workflows where those features are available and enabled for your account.
Data is used to deliver the requested features in accordance with this Policy.
Outputs are generated automatically and should not be relied upon as professional, tax, or legal advice.
8. Aggregated and de-identified data
We may generate aggregated, de-identified statistical information for analytical purposes.
Such data:
- does not identify individuals or businesses
- does not include raw financial records
- is processed to prevent re-identification
9. Data security
We implement safeguards including:
- encryption in transit
- access controls
- system monitoring and logging
No system is completely secure.
10. Data retention and deletion
We retain data for as long as needed to provide the Service and for legitimate business and legal purposes.
Cancelling a subscription does not automatically delete your business accounting data. Access to paid features may end in line with your plan, but records may remain in the Service until you take further action or submit a request consistent with our processes.
You may request deletion or export of your data where applicable. Deletion requests are handled through Support and controlled workflows (for example via the contact details at the end of this Policy). We may retain certain information where required for legal, regulatory, tax, or accounting retention obligations, or where necessary to resolve disputes and enforce our agreements—even after a deletion request—only to the extent permitted by law.
Deletion may not result in immediate removal of all copies (for example, backups or logs), and some data may persist for a limited period consistent with our security and operations practices.
11. Your rights
You may:
- request access to your data
- request correction
- request deletion (subject to retention requirements)
- request export of available data
12. International transfers
Kontab is operated from Saint Lucia, but the Service relies on providers that may process and store data in countries other than Saint Lucia. By using Kontab, you acknowledge that your information may be transferred to and processed in those locations by authorized subprocessors. Where required, we implement appropriate safeguards designed to protect personal data in line with this Policy and applicable law.
13. Cookies
We use cookies and similar technologies for:
- authentication
- session management
- core functionality
- security and abuse prevention
14. Children's Privacy
The Service is not intended for individuals under 18.
15. Changes
We may update this Privacy Policy from time to time. If we make material changes, we will provide advance notice through the Service and/or by email (using the address associated with your account) before the effective date, where practicable. Your continued use of Kontab after the effective date of the updated Policy constitutes acceptance of the revised terms. If you do not agree, you should stop using the Service before the effective date.
16. Governing Law
This policy is governed by the laws of Saint Lucia.
17. Contact
Solèy Technologies Ltd.
Cas En Bas
Gros Islet
Saint Lucia
Email: support@kontab.net