Privacy Policy

Overview

KERNSTACK is operated by goto coding.berlin GmbH (we, us), Berlin, Germany. For legal details including our address, see our Imprint.

This policy explains how we process personal data when you use the KERNSTACK website, platform, and related services (Services). Processing is carried out in accordance with the EU General Data Protection Regulation (GDPR) and applicable German law.

Controller and data protection contact

The controller responsible for processing personal data in connection with the Services is goto coding.berlin GmbH. You can reach our data protection contact at data@kernstack.com.

Legal basis for processing

Depending on the activity, we rely on the following legal bases under the GDPR:

• Performance of a contract (Art. 6(1)(b) GDPR) — providing the Services, accounts, authentication, and support you request.
• Compliance with a legal obligation (Art. 6(1)(c) GDPR) — e.g. tax, accounting, and commercial record-keeping where applicable.
• Legitimate interests (Art. 6(1)(f) GDPR) — operating, securing, and improving the Services, preventing abuse and fraud, and limited analytics related to reliability and product quality, where not overridden by your interests or rights.

We do not intend to collect special categories of personal data (for example health data). If you voluntarily include such information in customer content or messages, we process it only as needed to operate the features you use and where a valid legal basis applies.

What we collect

When you create an account or otherwise use the Services, we may process:

• Account data — name, email address, organization name (if provided).
• Authentication data — email and cryptographically hashed password; managed on KERNSTACK systems.
• Customer content — information you or your workloads submit to the platform (which may include personal data depending on what you configure).
• Usage data — API usage, resource consumption, and credit or billing-related usage records.
• Technical and log data — IP addresses, timestamps, browser type, device or application details, and diagnostic information generated during access.
• Payment-related data — processed by our payment provider; we do not store full payment card numbers on KERNSTACK systems.
• Communications — messages you send us (e.g. support requests).

How we use your data

We use personal data to:

• Provide, operate, secure, and maintain the Services
• Authenticate users and prevent abuse or unauthorized access
• Process billing and credit transactions
• Communicate with you about your account, usage, security, and service updates
• Comply with law and enforce our Terms of Service
• Improve reliability and fix issues (including error handling and aggregated statistics where appropriate)

We do not sell your personal data to third parties.

Cookies and similar technologies

Our website may use cookies or similar technologies that are strictly necessary to operate the site (for example, security or load balancing), where applicable. When you load pages that request fonts from Google, your browser may connect to Google’s servers and technical connection data may be processed by Google as described in Google’s documentation and privacy policy.

Security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, or alteration, taking into account the state of the art, implementation cost, and the nature of processing. No method of transmission or storage is completely secure; we work to apply reasonable safeguards in line with industry practice.

Data storage and location

We host KERNSTACK platform and customer workload data on infrastructure located in the European Union and intend to maintain EU data residency for customer workloads and account data processed on the platform. Some website integrations (such as font delivery) may involve providers or networks outside the EU as described below.

Processors and third-party services

We use trusted providers as processors to deliver parts of the Services. They process personal data only on our instructions and under appropriate agreements. Examples include:

• Mollie B.V. — payment processing (Netherlands, EU).
• Google (Fonts) — delivery of font files when you visit our website; may involve processing of connection data by Google.

Where personal data is transferred to countries outside the European Economic Area in connection with such services, we implement safeguards recognized under the GDPR (such as Standard Contractual Clauses approved by the European Commission), to the extent they apply to the relevant processing.

Data retention

We retain personal data only for as long as reasonably necessary for the purposes described in this policy, unless a longer period is required or permitted by law.

• Account and contract data — for the life of your account and for a reasonable period afterward to resolve disputes, enforce agreements, and meet legal and accounting obligations.
• Technical logs — typically for a limited period needed for security, operations, and troubleshooting, unless longer retention is required by law.
• Payment records — as required for tax, accounting, and payment law, and as governed by our agreements with payment providers.

You may request deletion of your account and associated personal data subject to applicable legal retention requirements. During the preview period, actual durability of data stored in the platform may be more limited than in a production-grade service; see Preview status and our Terms of Service.

Your rights

Under the GDPR, where applicable you have the right to access, rectify, erase, restrict processing, data portability, and — where processing is based on legitimate interests — the right to object. If we process personal data based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise your rights, contact data@kernstack.com. You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or where an alleged infringement occurred. For Berlin-based processing, the competent authority is often the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit); other authorities remain available where the GDPR allows.

Automated decision-making

We do not use solely automated decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Children

The Services are not directed at individuals under 16, and we do not knowingly collect personal data from children. If you believe we have received such data, contact data@kernstack.com.

Preview status

KERNSTACK is offered as a preview service. That means the Services may change frequently; operational practices may be updated as we stabilize the product. Your statutory data protection rights under the GDPR still apply. We do not promise production-grade service levels for durability, availability, or retention in the preview beyond what we describe in this policy and our Terms of Service; you use the preview with those limitations in mind.

Changes to this policy

We may update this policy from time to time. The current version is indicated by Last updated at the top of this page. If changes are material, we will provide notice in an appropriate way (for example by email to your account address or a notice in the product), where required by law.

Contact

For general questions about KERNSTACK, contact support@kernstack.com. For data protection matters, use data@kernstack.com.