← Back to sign in

Draft policy

Privacy Policy

Last updated: April 22, 2026 · Service URL and contacts TBD

Draft — not legal advice. Have counsel review before you rely on this with customers. Contact emails and representative addresses are not final.

1. Who we are

Controller: Kennz Choice (“we,” “us,” “our”). This policy describes processing for the Kennz Choice web application and related services (the “Service”). The production Service URL will be listed here when available.

2. Contact & EU/UK representatives

Privacy contact: [to be published]. When available, use the address published on this page for privacy requests.

If you are in the EEA, UK, or Switzerland and we are required to appoint a representative under applicable law, representative contact details will be published here when appointed. A postal address for legal notices (or representative address) will be added when available.

3. Data we process

  • Account & sign-in (Google OAuth): identifiers and profile details from Google (for example name, email, Google user ID) depending on what Google returns and what we store; session and token data needed to keep you signed in and call Google APIs.
  • Google Business Profile / API data: locations and related metadata and operational data available through Google APIs, including under scopes you approve (such as business.manage and typical OpenID / email / profile scopes).
  • Data you submit: configuration and content you add in the Service.
  • Technical & security data: IP address, device/browser type, timestamps, diagnostic logs, and abuse-prevention signals.
  • Audit logs: records of certain actions (which may include user identifiers, tenant/workspace identifiers, timestamps, and action metadata) for security, compliance, and troubleshooting.

4. Purposes & legal bases (EEA/UK/Switzerland)

We process personal data to provide and secure the Service, comply with law, and improve reliability.

Where GDPR / UK GDPR applies, we rely on contract, legitimate interests (balanced against your rights—for example security and audit logging), legal obligation, and consent where required (for example non-essential cookies or analytics, if used).

5. Recipients & subprocessors

We use hosting and IT providers and other vendors to run the Service. A list of material subprocessors will be published or provided on request when finalized. We do not sell personal data as defined under many U.S. state laws.

6. International transfers

If personal data is processed in countries without an adequacy decision, we use appropriate safeguards such as Standard Contractual Clauses and the UK Addendum / IDTA as applicable, plus supplementary measures where required.

7. Retention & security

We retain data as long as needed to provide the Service and meet legal obligations. Specific retention windows will be documented as the product matures. We implement appropriate technical and organizational measures; no system is perfectly secure.

8. Your rights

Depending on your location, you may have rights to access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with a supervisory authority (for the UK, the ICO at ico.org.uk). To exercise rights, contact the privacy email once published.

9. Google

Google processes data under its own policies: policies.google.com/privacy. We receive Google-related data only as authorized through Google’s consent and scopes.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect their personal data.

11. Changes

We will post updates here and change the “Last updated” date. Material changes may require additional notice where required by law.

See also our Terms of Service.