Effective Date: February 26, 2025

Last Updated: April 7, 2026

1. INTRODUCTION

Kantalat (“we” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Workflow Automation Platform (“Service”).

By using the Service, you agree to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. INFORMATION WE COLLECT
2.1 Information You Provide to Us

Account information:

  • Name, email address, phone number
  • Company name and business details
  • Billing address and payment information
  • Profile photo and bio

Content you create:

  • Workflow configurations, automation logic, and Node settings
  • Data and documents processed through your Workflows
  • Credentials and API keys for Third-Party Services (stored encrypted)
  • Workflow templates you choose to share publicly

Communications:

  • Support tickets and requests
  • Feedback and survey responses
  • Emails with our team
2.2 Automatically Collected Information

Usage data:

  • Pages viewed and features used
  • Time spent on the platform
  • Click patterns and navigation paths
  • Workflow execution logs and performance metrics
  • Credit usage and consumption

Device information:

  • IP address and browser type
  • Operating system and device type
  • Screen resolution and language preferences
  • Unique device identifiers

Cookies and tracking technologies:

  • Session cookies for authentication
  • Analytics cookies for usage tracking
  • Preference cookies for settings
  • Targeting cookies for platform improvement (with consent)
2.3 Information from Third Parties

Connected platforms and integrations:

  • Access tokens and API credentials for Third-Party Services you connect
  • Webhook payloads and trigger data from connected services
  • Performance and execution data from connected services

Payment processors:

  • Transaction status and payment confirmations
  • Fraud prevention data
  • Payment history
3. HOW WE USE YOUR INFORMATION
3.1 To Provide and Improve the Service
  • Create and manage your account
  • Process payments and manage subscriptions
  • Execute your Workflow automations and process data between connected services
  • Provide execution logs, analytics, and performance insights
  • Respond to support requests
  • Improve platform features and user experience
3.2 To Personalize Your Experience
  • Remember your preferences and settings
  • Suggest relevant features and Workflow templates
  • Customize dashboard layout
  • Provide tailored recommendations
3.3 To Communicate With You
  • Send transactional emails (receipts, confirmations, execution alerts)
  • Provide service updates and announcements
  • Send product-related communications (with your consent)
  • Request feedback and conduct surveys
  • Alert you to account activity or security events
3.4 For Security & Fraud Prevention
  • Verify your identity
  • Detect and prevent unauthorized access
  • Monitor suspicious activity
  • Comply with legal obligations
  • Enforce our Terms and Conditions
3.5 For Analytics & Research
  • Analyze usage patterns and trends
  • Measure platform performance
  • Conduct A/B testing
  • Generate aggregate statistics
3.6 For Platform Growth & User Acquisition
  • Display targeted platform-related promotions based on user preferences and behavior
  • Measure the effectiveness of platform outreach
  • Re-engage users who have previously visited the platform
  • Promote new features and service updates
4. DATA PROCESSED THROUGH YOUR WORKFLOWS

When you build and run Workflows, data is transmitted between the Platform and connected Third-Party Services. You are the data controller for data processed through your Workflows. Kantalat acts as a data processor on your behalf.

You are responsible for:

  • Ensuring you have a lawful basis to process any personal data through your Workflows
  • Obtaining all required consents from individuals whose data is processed
  • Complying with applicable data protection laws (GDPR, CCPA, etc.) for your Workflow data
  • Reviewing the privacy policies of all Third-Party Services connected to your Workflows

We process Workflow data only to the extent necessary to execute your automations and operate the Platform. We do not use data transmitted through your Workflows for our own purposes beyond Platform operation.

Third-Party Service providers have their own privacy policies. We recommend reviewing the privacy policies of any Third-Party Service you connect, including but not limited to:

  • Any external API provider you integrate
  • Cloud storage, CRM, communication, or other SaaS tools you connect
5. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information. We may share your information in the following circumstances:

5.1 With Service Providers

We share data with trusted third parties who help us operate the Service:

  • Cloud hosting: Google Cloud, EC2 (infrastructure)
  • Payment processing: Our approved payment processor(s) (Merchant of Record)
  • Analytics: Google Analytics (usage tracking)
  • Email services: Spaceship (communications)

All providers are bound by data processing agreements and confidentiality commitments.

5.2 With Connected Platforms

When you connect Third-Party Services to your Workflows:

  • We interact with those platforms only as directed by your Workflow configuration
  • We transmit only the data necessary to execute your Workflows
  • We comply with each platform’s API terms and data policies
5.3 For Legal Compliance

We may disclose information when required by law:

  • To respond to subpoenas, court orders, or legal process
  • To protect our rights, property, or safety
  • To investigate fraud or security issues
  • To comply with government requests
5.4 Business Transfers

In the event of a merger, acquisition, or sale, your information may be transferred to the new entity. You will be notified of any such transfer. The new entity must respect this Privacy Policy.

5.5 With Your Consent

We may share information with other parties when you explicitly consent, including integration with third-party tools you authorize, and content sharing for case studies (with anonymization).

5.6 Aggregate Data

We may publicly share aggregated, anonymized data for industry reports, usage statistics, and research publications. This data cannot identify individual users.

6. DATA SECURITY
6.1 Security Measures
  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access controls: Role-based access, multi-factor authentication
  • Credential storage: API keys and credentials encrypted at rest using secure secret management
  • Network security: Firewalls, intrusion detection, DDoS protection
  • Regular audits: Penetration testing, security assessments
  • Compliance: GDPR
6.2 Data Backups
  • Automatic daily backups
  • Geographically redundant storage
  • 30-day retention for deleted data
  • Disaster recovery procedures
6.3 Employee Access
  • Background checks for all employees
  • Data access on a need-to-know basis
  • Security training and awareness programs
  • Confidentiality agreements
6.4 Incident Response

In the event of a data breach:

  • We will investigate and contain the incident immediately
  • Affected users will be notified within 72 hours
  • We will report to relevant authorities as required
  • We will provide remediation support
6.5 Your Responsibilities

You are responsible for:

  • Keeping your password and API credentials secure
  • Logging out of shared devices
  • Reporting suspicious activity promptly
  • Using strong, unique passwords and enabling two-factor authentication
  • Regularly reviewing and revoking Third-Party Service authorizations that are no longer needed
7. YOUR PRIVACY RIGHTS
7.1 Access & Portability

You have the right to access your personal data, download your data in a machine-readable format (JSON, CSV), and request a copy of your data.

7.2 Correction & Updates

You may update your account information at any time, correct inaccurate data, and complete incomplete data.

7.3 Deletion

You may request deletion of your account and all associated data, or specific information. Note: We may retain certain data to comply with legal requirements (e.g., payment records for tax purposes).

7.4 Objection & Restriction

You may object to processing for direct outreach purposes, restrict the processing of your data, and opt out of profiling and automated decision-making.

7.5 Withdrawal of Consent

You may withdraw consent for product-related communications (unsubscribe link in emails), cookie tracking (browser settings), and any other processing based on consent.

7.6 Filing a Complaint

If you are unsatisfied with our data practices, contact our Data Protection Officer at cs@kantalat.com, or file a complaint with your local data protection authority.

7.7 How to Exercise Your Rights

Email: cs@kantalat.com

Subject: “Privacy Rights Request – [Your Request Type]”

We will respond within 30 days.

8. COOKIES & TRACKING
8.1 What Are Cookies

Cookies are small text files stored on your device. We use cookies for authentication and security, preferences and settings, analytics and performance, and platform improvement (with consent).

8.2 Types of Cookies We Use

Essential cookies (Always active):

  • Session authentication, security features, load balancing. Cannot be disabled as they are required for the Service.

Performance cookies (Optional):

  • Google Analytics

Functional cookies (Optional):

  • Language preferences, dashboard layout, theme selection. Remember your preferences.

Targeting cookies (Optional):

  • Used only with your consent to improve platform outreach and re-engagement
8.3 Managing Cookies

Control cookies through the cookie consent banner (on first visit), Settings > Privacy > Cookie Preferences, or your browser settings.

8.4 Do Not Track

We respect Do Not Track (DNT) signals. When DNT is enabled, we disable non-essential cookies and limit data collection to essential functions.

8.5 Third-Party Cookies

Payment processors and analytics providers may set their own cookies. We recommend reviewing their privacy policies.

9. CHILDREN’S PRIVACY

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, contact us immediately at cs@kantalat.com. We will delete the information within 30 days and terminate the account.

10. DATA RETENTION
10.1 Account Data
  • Active accounts: Retained while account is active
  • Inactive accounts: Reviewed after 90 days following last login
  • Deleted accounts: Permanently deleted from the date of deletion
10.2 Workflow & Execution Data
  • Workflow configurations: Retained while account is active
  • Execution logs: Retained for 90 days by default (configurable on higher plans)
  • Deleted Workflows and data: Permanently deleted from the date of deletion
10.3 Payment Data
  • Payment records: 7 years (tax law compliance)
  • Invoice history: Available in your account indefinitely
  • Payment methods: Until removed or account deleted
10.4 Log Data
  • Access logs: 30 days
  • Error logs: 30 days
10.5 Analytics Data
  • Aggregate data: Indefinitely (anonymized)
  • Individual usage data: 2 years
11. UPDATES TO THIS POLICY
11.1 Policy Changes

We may update this Privacy Policy from time to time. Changes will be posted on this page with a new “Last Updated” date, notified on the platform for material changes, and take effect 10 to 30 days after posting.

11.2 Material Changes

For material changes affecting your rights, we will provide prominent notice and may require re-acceptance. You may decline by deleting your account.

12. CONTACT US

For privacy-related questions:

  • Email: cs@kantalat.com
  • Subject: “Privacy Request – [Your Topic]”
Acknowledgment

By using Kantalat, you acknowledge that you have read, understood and agree to this Privacy Policy.