This policy describes how personal data is processed when you use KivLoft. The controller is:
Marcin ZawadaPoland
Contact: legal@kivloft.com
1. Data we process
- Account: Supabase user identifier, email received from Google, public name, avatar URL, role, account status and acceptance timestamps.
- Activity: downloads, reviews, comments, forum posts, reports, favourites and administrative actions.
- Security and technical: session cookies, request time, error logs, abuse signals and short-lived download events. Infrastructure providers may process IP address and user-agent data in their logs.
- Communications: messages and evidence you send in support, legal or infringement requests.
2. Purposes and legal bases
- Providing accounts, files, community features and requested support: performance of the service agreement.
- Fraud prevention, service security, moderation and legal-claim protection: legitimate interests, balanced against user rights.
- Responding to valid legal requests and preserving required records: compliance with legal obligations.
KivLoft does not use advertising, a newsletter, behavioural analytics or non-essential analytics cookies.
3. Google sign-in
Google authenticates you and sends the profile fields permitted by the configured OAuth scopes. KivLoft requests only basic identity scopes needed for sign-in. Google processes data under its own terms and privacy information.
4. Processors and recipients
KivLoft uses Cloudflare for hosting, security and email routing; Supabase for authentication, database and storage; and Google for sign-in. These providers process data only as needed to provide their services. Community content is visible to other visitors as determined by its visibility settings.
5. International transfers
Providers may process data outside the European Economic Area. Where required, the relevant provider's contractual safeguards or other lawful transfer mechanism applies.
6. Retention
- Account data: while the account remains active, then deleted or anonymised when no longer needed unless retention is required for a legal claim or legal obligation.
- Comments, reviews and forum posts: until removed, anonymised or no longer needed to operate or defend the service.
- Security, download and error records: only for the period reasonably necessary for security, troubleshooting and abuse investigations; longer only where a specific investigation or legal obligation requires it.
- Legal acceptances and rights declarations: for the period needed to prove the applicable agreement and defend claims.
7. Cookies and local processing
The service uses strictly necessary session and security cookies only. Browser tools such as the image converter process selected files locally and do not upload them. KivLoft does not use advertising, newsletter, analytics or personalisation cookies.
8. Your rights
Subject to applicable law, you may request access, correction, deletion, restriction, portability or objection, and may withdraw consent without affecting earlier lawful processing. You may also complain to the competent supervisory authority. Requests can be sent to legal@kivloft.com; identity may need to be verified.
9. Automated decisions
KivLoft does not make decisions producing legal or similarly significant effects solely by automated means. Automated abuse signals may prioritise manual review.
10. Age requirement
KivLoft is intended only for people aged 18 or over. The operator does not knowingly create accounts for or collect personal data from anyone under 18.
11. Security
Measures include least-privilege database rules, private storage, time-limited download links, OAuth, security headers, input limits and audit records. No system is risk-free; suspected incidents should be reported promptly.
12. Changes and contact
Changes are identified by version and date. Privacy questions and rights requests may be sent to legal@kivloft.com.