KyoskGo
Back to Home

Privacy Policy

Last updated: April 2026

1. Information We Collect

We collect information you provide directly when creating an account, including your name, email address, and password (stored securely using bcrypt hashing). When you operate a business on our platform, we also collect business details such as name, description, location, and contact information.

We automatically collect certain technical information including IP addresses, browser user agent strings, and timestamps for security auditing purposes.

2. How We Use Your Information

  • To provide and maintain our service
  • To process orders and transactions
  • To send you important account notifications
  • To maintain security audit logs (required for compliance)
  • To send marketing communications (only with your explicit consent)

3. Data Retention

We retain your personal data for as long as your account is active. Audit logs are retained for a minimum of 6 years for compliance purposes. When you delete your account, all personal data is permanently removed except where retention is required by law.

4. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

  • Right of Access — You can request a copy of your personal data
  • Right to Rectification — You can update your information via Account Settings
  • Right to Erasure — You can delete your account and all associated data
  • Right to Data Portability — You can export your data in JSON format
  • Right to Withdraw Consent — You can withdraw marketing consent at any time

To exercise any of these rights, visit your Account Settings page.

5. Cookies

We use essential cookies required for the site to function, including session authentication cookies and CSRF protection tokens. Non-essential cookies are only set with your explicit consent.

6. Security

We implement industry-standard security measures including encrypted passwords, CSRF protection, Content Security Policy headers, HTTPS enforcement, and comprehensive audit logging of security-relevant events.

7. Data Processors & Sub-processors

We share personal data with the following third-party processors as necessary to provide our service:

  • Stripe, Inc. (United States) — subscription billing and payment processing. Stripe processes payment card data on our behalf under their own PCI-DSS certification. See Stripe's Privacy Policy.
  • Razorpay Software Pvt. Ltd. (India) — payment processing for applicable regions. See Razorpay's Privacy Policy.
  • OpenStreetMap Foundation — map tile rendering for location display. Map tiles are loaded from OpenStreetMap servers, which may collect technical data as described in their privacy policy.
  • Cloud infrastructure provider — hosting and data storage. All data is stored within data centres subject to appropriate contractual and legal safeguards.
  • Email delivery provider — transactional email (account verification, receipts, notifications). Only the email address and message content required to deliver each email are shared.

Enterprise customers and data controllers who process personal data on behalf of their end users may request our full Data Processing Addendum (DPA), which details sub-processor obligations, security measures, and breach notification procedures.

8. International Data Transfers

Some sub-processors are located outside the European Economic Area (EEA). Where personal data is transferred internationally, we ensure appropriate safeguards are in place — including Standard Contractual Clauses (SCCs) or reliance on adequacy decisions — as required by GDPR Chapter V.

9. Public profiles, QR scans, and analytics

Business listings hide exact addresses, map coordinates, direct phone numbers, WhatsApp, social links, and payment instructions unless a vendor explicitly enables each option before publishing. QR code scans use hashed identifiers with short retention. Product analytics run only with consent where required and exclude personal identifiers from event payloads. See our Cookie Policy for details.

10. Contact

For data protection inquiries, visit our Support page. For data access, export, or deletion requests, use the self-service tools in your Account Settings.