Privacy Policy
Effective Date: February 24, 2026
This Privacy Policy explains how Veezio Solutions s.r.o. ("Company", "we", "us", or "our") collects, uses, shares, and protects your personal data when you use the Kice platform at kice.app and my.kice.app (the "Service").
We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Data Controller & Contact
The data controller responsible for your personal data is:
2. Data We Collect
2.1 Account Data
When you create an account, we collect your first name, last name, email address, and a hashed password. If you sign in with Google or GitHub, we receive your name and email address from the provider. We do not receive or store your Google or GitHub password.
2.2 Workspace & Project Data
Data you create within the Service, including projects, tasks, time entries, comments, chat messages, and team member assignments.
2.3 Client Data (Invoicing)
Information about your clients that you enter for invoicing purposes: email addresses, first names, last names, company names, phone numbers, addresses, and tax identification numbers.
2.4 Files & Attachments
Files you upload to projects. These are stored on MinIO, a self-hosted object storage system running on our Railway infrastructure.
2.5 Git Integration Data
When you connect a GitHub, GitLab, or Bitbucket account, we store OAuth access tokens (encrypted) and sync repository metadata, pull request information, and commit data. We do not access, read, or store your source code.
2.6 Payment Data
Payments are processed by Stripe. We receive a Stripe customer ID and subscription status from Stripe. We do not collect, store, or have access to your full credit card or bank account numbers. All payment data is handled directly by Stripe.
2.7 Usage & Technical Data
Basic technical information necessary to operate the Service, including IP addresses, browser type, operating system, and general interaction logs for performance monitoring and troubleshooting.
3. How We Use Your Data
We use your personal data to:
- Provide and maintain the Service — account creation, authentication, project management, time tracking, invoicing, team collaboration, and file storage.
- Process payments — manage subscriptions and billing through Stripe.
- Enable integrations — connect your Git repositories and synchronize relevant metadata.
- Communicate with you — send transactional emails (account verification, password resets, billing notifications, workspace invitations) and respond to support requests.
- Ensure security and prevent abuse — protect against fraud, unauthorized access, and violations of our Terms of Service.
- Comply with legal obligations — fulfill tax, regulatory, or law enforcement requirements.
We do not use your data for profiling, automated decision-making, or targeted advertising.
4. Legal Bases for Processing (GDPR)
We process your personal data under the following legal bases:
- Performance of a Contract (Art. 6(1)(b) GDPR) — processing necessary to provide the Service you requested (account management, project features, billing).
- Legitimate Interests (Art. 6(1)(f) GDPR) — securing and improving the Service, preventing fraud, and troubleshooting technical issues. Our legitimate interests do not override your fundamental rights and freedoms.
- Consent (Art. 6(1)(a) GDPR) — where required, such as for optional communications. You may withdraw consent at any time.
- Legal Obligation (Art. 6(1)(c) GDPR) — processing required for tax compliance, regulatory reporting, or responding to lawful requests.
5. Third-Party Service Providers
We share personal data only with the following categories of service providers, solely to the extent necessary to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Railway | Application hosting & database infrastructure | All Service data (encrypted at rest and in transit) |
| PostgreSQL (on Railway) | Primary database | Account, workspace, project, and invoicing data |
| MinIO (on Railway) | Object storage for file uploads | Files and attachments you upload |
| Stripe | Payment processing | Billing information (handled directly by Stripe) |
| Resend | Transactional email delivery | Email address, name (for sending emails) |
| SSO authentication | OAuth tokens; Google shares your name and email with us | |
| GitHub | SSO authentication & Git integration | OAuth tokens; profile info, repo metadata, PRs, commits |
| GitLab / Bitbucket | Git integration | OAuth tokens, repo metadata, PRs, commits |
We do not sell your personal data. We do not share data for cross-context behavioral advertising.
6. Cookies & Tracking
The Service uses essential cookies strictly necessary for authentication and session management. We do not use third-party tracking cookies, advertising cookies, or analytics trackers.
7. Data Security
We implement reasonable technical and organizational measures to protect your data, including:
- Encryption in transit (TLS/HTTPS) for all communications.
- Encryption at rest for database and file storage.
- Passwords stored in hashed form (never in plaintext).
- OAuth tokens stored encrypted.
- Access controls limiting data access to authorized personnel and systems only.
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Data Retention
- Active accounts: We retain your personal data for as long as your Account is active or as needed to provide the Service.
- Account deletion: Upon account deletion, we remove your personal data from active systems. Database backups containing your data may persist for up to 30 days before being permanently purged.
- Legal retention: We may retain certain data for longer periods where required by applicable law (e.g., tax records, billing history).
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate or incomplete data.
- Erasure — request deletion of your personal data ("right to be forgotten").
- Restriction — request that we limit the processing of your data.
- Data Portability — receive your data in a structured, commonly used, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw Consent — withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at support@kice.app. We will respond within 30 days (or sooner as required by applicable law).
If you are located in the EU/EEA, you have the right to lodge a complaint with your local supervisory authority. In the Czech Republic, this is the Office for Personal Data Protection (UOOU).
10. Children
The Service is not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe that a child under 16 has provided us with personal data, please contact us at support@kice.app, and we will take steps to delete such data promptly.
11. International Data Transfers
Your data is processed and stored on Railway infrastructure. This may involve transfers to servers located outside your country of residence, including outside the EU/EEA. Where such transfers occur, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Adequacy decisions, where the destination country provides an adequate level of data protection.
12. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Art. 33. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay (GDPR Art. 34).
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective Date" at the top of this page and notify you by email or by posting a prominent notice within the Service at least 14 days before the changes take effect.
14. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us at: