← KIDGE

Privacy Policy

KIDGE Privacy Policy

Effective Date: March 18, 2026

KIDGE ("we," "us," or "our") is committed to protecting the privacy and security of your professional data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

1. Information We Collect

1.1 Account Information

We collect information you provide when creating an account, such as your name, professional email address, company name, and job title.

1.2 Project Content (User Data)

This includes architectural drawings, BIM models, schedules, and communications uploaded to the Service. While we host this data, you retain full ownership.

1.3 Usage Data

We automatically collect information on how you interact with the Service, including IP addresses, browser types, timestamps of downloads/uploads, and frequency of feature usage to optimize system performance.

1.4 Payment Information

Payment processing is handled securely by Paddle. KIDGE does not store your full credit card or bank account details.

2. How We Use Your Information

2.1 Service Provision

To facilitate project delivery, rendering, and team collaboration.

2.2 Security & Verification

To verify identities, prevent unauthorized access, and monitor for malicious activity (e.g., protecting against DDoS or brute-force attacks).

2.3 Communication

To send system updates, security alerts, and billing notifications.

2.4 Product Improvement

We may use anonymized, de-identified usage patterns to improve our algorithms and platform features. We will never sell your project data to third parties.

3. Data Protection & Security

3.1 Encryption Standards

We utilize industry-standard AES-256 encryption for data at rest and TLS/SSL protocols for data in transit.

3.2 Access Control

Internal access to user data is strictly limited to authorized personnel only when necessary for technical support or security audits.

3.3 Your Responsibility

You are responsible for managing the security of your login credentials and the permission levels granted to your team members/seats.

4. Third-Party Sub-Processors

To deliver a high-availability, enterprise-grade SaaS experience, KIDGE partners with the following service providers who maintain internationally recognized security certifications (such as SOC2 and ISO 27001). These sub-processors are contractually bound to uphold data protection standards consistent with KIDGE's own policies:

  • Data Processing & Storage: Supabase (built on AWS infrastructure) — We utilize Row Level Security (RLS) to ensure strict data isolation between customers, along with AES-256 encryption at rest for all project files and database entries.
  • Platform Deployment & Computing: Vercel — We leverage Vercel's global edge network, which includes TLS/SSL encryption for all data in transit and robust DDoS protection to ensure platform stability.
  • Payment Agency: Paddle — Acting as our Merchant of Record (MoR), Paddle manages global transactions, tax compliance, and maintains PCI DSS Level 1 compliance for secure payment processing.
  • System Monitoring (Planned) — Tools such as Sentry or PostHog may be used solely for real-time error tracking, system health monitoring, and performance optimization to ensure a seamless user experience.

5. Data Retention & Deletion

5.1 Active Subscription

We retain your data for the duration of your active subscription.

5.2 Post-Termination

As specified in our Terms of Service, your data will be retained for a 30-day Grace Period following account closure. After this period, all Project Content will be permanently deleted from our primary production servers.

5.3 Backup Cycles

Residual data may exist in our encrypted backups for up to an additional 60 days before being completely overwritten.

5.4 Account Deletion & Audit Compliance

When you request to delete your account, we will remove your login credentials and anonymize non-essential personal information. However, to comply with tax regulations, accounting standards, and potential legal obligations related to project liability, your real name will be permanently retained on formal project records (such as invoice approvals and drawing annotations) to maintain a complete and accurate audit trail.

6. International Data Transfers

By using KIDGE, you acknowledge that your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws (such as GDPR or local equivalents) through Standard Contractual Clauses or similar legal frameworks.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request the correction or deletion of your personal data (subject to the retention exceptions outlined in Section 5.4).
  • Export your project data in a portable format.
  • Object to or restrict the processing of your data.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or a prominent notice on our platform at least 30 days before the change takes effect.

9. Contact Us

For questions regarding this Privacy Policy or our data practices, please contact our Data Protection team at: support@kidge.io