Privacy Policy

Last updated: 7 March 2026

1. Who We Are

KitTracker ("we", "us", "our") is an event asset management service. We are the data controller for personal data processed through the Service. Contact us at hello@kittracker.app.

2. Data We Collect

We collect the following categories of data:

  • Account data: name, email address, password (hashed), and OAuth tokens if you sign in with Google.
  • Event and inventory data: event names, item descriptions, loan records, and borrower details you enter into the Service.
  • Usage data: pages visited, actions taken, IP address, browser type, and device information collected via server logs.
  • Payment data: billing name and address. Card details are processed directly by our payment provider and are never stored by us.

3. How We Use Your Data

  • To provide, maintain, and improve the Service
  • To process payments and manage your subscription
  • To send transactional emails (account confirmation, password reset, receipts)
  • To respond to support requests
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

4. Legal Basis for Processing (UK GDPR)

  • Contract: processing necessary to deliver the Service you signed up for.
  • Legitimate interests: security, fraud prevention, and service improvement.
  • Legal obligation: compliance with applicable laws.
  • Consent: where you have opted in to marketing communications.

5. Data Sharing

We do not sell your data. We share data only with trusted sub-processors necessary to operate the Service, including:

  • Neon (database hosting) — stores your account and event data on servers in the EU.
  • Vercel (hosting) — serves the application and may log request metadata.
  • Payment provider — processes card payments; subject to their own privacy policy.

6. Data Retention

We retain your account data for as long as your account is active. If you close your account, we delete your personal data within 30 days unless we are required to retain it by law (e.g. financial records for 7 years). Anonymised, aggregated data may be retained indefinitely.

7. Your Rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Restrict or object to processing
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, email us at hello@kittracker.app. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use strictly necessary cookies to maintain your session. We do not currently use analytics or advertising cookies. If this changes, we will update this policy and seek your consent where required.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.