This Privacy Policy explains how Kandorly ("Kandorly", the "Service") collects, uses, and protects personal data. It forms part of our Terms & Conditions. For the feedback and reviewer/reviewee data you put into the Service, we act as a data processor on your behalf - those terms are set out in our Data Processing Agreement.
Kandorly is operated by the Kandorly team ("we", "us", "our"). Kandorly is currently in pre-launch; our full legal seller details will be published here before checkout is enabled. For personal data relating to your own account and use of the Service, we are the data controller. You can reach us about privacy at info@kandorly.com.
We collect the following categories of personal data:
We use personal data to provide and secure the Service, to process payments, to send service-related and feedback-workflow emails (such as feedback invitations and reminders), to respond to your enquiries, and to comply with our legal obligations. Under the GDPR, our legal bases are:
We keep cookies to a minimum. We use privacy-friendly, cookieless analytics, and only after you consent through the cookie banner. We do not set analytics cookies before you consent, we do not use advertising trackers, and we do not sell personal data. You can change or withdraw your consent at any time using the cookie controls on the site.
Privacy is designed into the Service. When feedback is collected, it is confidential to the manager, who acts as the trusted mediator. Specifically:
We do not represent feedback as anonymous; it is confidential to the manager. We never log feedback text together with reviewer identity.
We do not sell personal data. We share it only with service providers who help us run Kandorly, under contracts that require them to protect it - including our cloud hosting and database provider, our authentication provider, our payment processor (Paddle), and our email provider. We may also disclose personal data where required by law or to protect our rights, users, or the Service. A current list of sub-processors is available on request at info@kandorly.com.
Where personal data is transferred outside the European Economic Area or the UK, we rely on an appropriate safeguard, such as the European Commission's Standard Contractual Clauses (and the UK Addendum where relevant), to ensure your data receives an equivalent level of protection.
We keep personal data only for as long as needed for the purposes described above, or as required by law (for example, to meet accounting obligations). When we no longer need it, we delete or anonymise it. For data we process on your behalf, retention and deletion follow your instructions and our DPA.
Subject to applicable law, you have the right to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent at any time. You also have the right to lodge a complaint with your local data-protection authority. To exercise any of these rights, email info@kandorly.com. If your request relates to feedback data we process on behalf of a manager or organisation, we may direct it to that customer as the controller of that data.
Questions about this Privacy Policy or how we handle your data? Email us at info@kandorly.com and a real person will get back to you, usually within one working day.