Skip to content
Karolina
Esc
navigateopen⌘Jpreview
On this page

Data Privacy

Data Privacy

How Karolina handles and protects your data.

Data Collection

What We Collect

Data Type Examples
Account Data Company info, contacts, MRR
Activity Data Emails, meetings, support tickets
Usage Data Product interactions, feature usage
Communication Email content, chat messages

How We Use It

Use Purpose
Service delivery Provide our services
Improvements Product development
Analytics Usage insights
Security Fraud prevention

Data Storage

Storage Location

Region Location
US AWS us-east-1
EU AWS eu-west-1

Encryption

Layer Standard
In transit TLS 1.3
At rest AES-256
Backups AES-256

Retention

Data Type Retention Period
Account data While active
Activity logs 2 years
Audit logs 7 years
Deleted accounts 30 days

Data Access

Who Can Access

Role Access Level
Your users Your organization data only
Karolina engineers System access, limited, logged
Third parties None without consent

Access Controls

Control Description
Authentication SSO, MFA required
Authorization Role-based permissions
Audit logging All access logged
Encryption Data encrypted

Your Rights

Data Portability

Export your data:

  1. Go to SettingsOrganization
  2. Click Export Data
  3. Select format and data
  4. Download

Data Deletion

Request data deletion:

  1. Contact [email protected]
  2. Verify ownership
  3. Data deleted within 30 days

Account Deletion

Delete your account:

  1. Go to SettingsProfile
  2. Click Delete Account
  3. Confirm action
  4. Account and data deleted

Compliance

Certifications

Certification Status
SOC 2 Type II
GDPR
CCPA

GDPR Compliance

Your rights under GDPR:

Right Description
Access View your data
Rectification Correct errors
Erasure Delete your data
Restriction Limit processing
Portability Export your data
Objection Stop processing

Security Practices

Employee Access

Practice Description
Background checks Required for all
Security training Annual mandatory
Access reviews Quarterly
Least privilege Minimum needed

Infrastructure Security

Measure Description
Firewalls Network segmentation
DDoS protection CloudFlare
Vulnerability scans Weekly automated
Penetration testing Annual
Incident response 24/7 on-call

Subprocessors

Third-party services we use:

Processor Purpose Data Shared
AWS Cloud hosting All
Stripe Payments Billing only
SendGrid Email Transactional
Slack Notifications Alerts only

Contact

Privacy questions:

Updates

We update this policy periodically. Last updated: March 2024.

Last updated on July 14, 2026

Was this page helpful?