Kanbox Privacy policy

Because it is your data, we attach great importance to keeping it confidential. Please read this privacy policy carefully to understand how your personal data is collected, processe, and stored when you use the website https://www.kanbox.io and the Kanbox (app.kanbox.io) platform (hereinafter the "Platform").

Becoming a User of the Platform implies the collection of personal information. In this context, the protection of your data is an absolute priority for Kanbox.

Within the meaning of the regulations applicable to personal data, Kanbox only assumes the role of a subcontractor of the user / organization in the context of the processing of personal data carried out via the Platform.

We reserve the right to modify, supplement or replace the provisions of this Privacy Policy. In the event of a material change, we will post a notice on the Platform relating to the modification of this Privacy Policy.

If you have any complaints or questions regarding this privacy policy, please contact Kanbox.

What personal data do we collect?

Identifying data

To become a User of the Platform, you must provide a certain amount of personal information, such as your name, first name, email, password and, if applicable, a telephone number. Without this minimum information, it will not be possible to create your account. This information is provided either directly or through the Linked In conection.

Payment data

We collect the data necessary to process your payment if you make purchases, such as the number of your payment method (for example, a credit card number) and the security code associated with your payment method.

All payment data is stored by Stripe. You will find the link(s) to their privacy policy.

All personal information you provide to us must be true, complete and accurate, and you must inform us of any changes to such personal information. ‍

When you use the Platform, Kanbox's servers automatically record information created and exchanged using our Services (including date of last visit, features used, language, etc.). ‍

We collect, process and store personal data for the following purposes:

  • When you use the Platform and create a user account, or when your Organization requests the creation of your user account, your personal data will be processed and stored to enable the creation of your user account and to allow you to use the Platform. Your login details may also be used to enable the proper use of the various features of our Platform. This processing of your personal data is thus necessary for the execution of the service contract.
  • As part of the proper administration of the Platform, we may also collect your personal data in order to send you emails regarding your registration on the Platform, newsletters, technical notifications, updates, security alerts. The processing of your personal data is therefore also necessary for the execution of the service contract.
  • We also collect data relating to your use and browsing of the Platform in order to ensure the proper functioning of our Platform (e.g. by delivering a necessary information message following an action carried out when using the Platform). The processing of your personal data is therefore also necessary for the execution of the service contract. ‍

Who will have access to your personal data?

Personal data belonging to you will only be accessible by authorized persons within Kanbox (employees, trainees and freelancers) and for the purposes strictly necessary for their respective missions (mainly the Site's sales department and technical support).

In addition, we may share your personal information with third parties in the following situations:

  • Your personal data will be transmitted to our host located in France, allowing us to provide access to the Platform.
  • Your personal data may also be made available to our external technical service providers who ensure the proper administration of our Platform, including in particular our technical service provider for support, identification of connection logs, email routing, videoconferencing, payment, and billing.

All of the aforementioned service providers will access your personal data in accordance with the contractual conditions signed with our company, in compliance with the applicable regulations on the protection of personal data, and may not derogate from the conditions of this confidentiality policy.

How will your data be hosted?

We take care to secure users' personal data in an adequate and appropriate manner and have taken the necessary precautions to preserve and have our host preserve the security and confidentiality of the data and in particular to prevent them from being modified or communicated to unauthorized persons.

Various physical and electronic procedures have been put in place to ensure the protection of your personal data. In particular, we have implemented data access and segregation controls and processes for pseudonymisation and data encryption within our company.

We also have measures in place to ensure the integrity, availability and resilience of our systems and hosted data. These measures are reviewed periodically to test their effectiveness.

If necessary, any possible security breach will be notified to you in strict compliance with the applicable regulations.

All the personal data we collect is hosted in the European Union.

Your personal data will be kept for as long as necessary for the provision of the Services and functions offered by the Platform and for a period of seven (7) days from the end of the service contract, for any reason whatsoever.

In order to ensure the best functioning of the Platform's services and functionalities, Users are recommended to regularly update the information in their Profile and, consequently, to correct or delete any inaccurate information.

Exercising your rights

In accordance with the European regulations on the protection of personal data, you have the following rights:

  • A right of access enabling you at any time to know whether or not your personal data is or is not processed by our services and, if it is, to have access to said personal data and to the information required by law concerning the way in which said data is processed
  • A right of rectification that allows to request that any inaccuracies concerning your personal data be corrected as soon as possible
  • A right to erasure allowing you to request that your personal data be erased as soon as possible when (i) their retention is no longer necessary for the purposes for which they were collected; (ii) you have objected to the processing and consequently wish them to be erased; (iii) the data have been unlawfully processed; (iv) the data must be erased to comply with a legal obligation under either European Union or French law
  • A right to limit the processing of your personal data (i) when you contest the accuracy of the personal data collected for the time needed to verify its accuracy; (ii) when, following a processing operation established to be non-compliant, you prefer the limitation of the processing operation to the complete erasure of the data (iii) when the personal data is no longer necessary for the purposes of the processing operation but is still necessary for the establishment, exercise or defence of legal claims ; (iv) where you have objected to the processing and would like the processing to be restricted for such time as is necessary to verify whether the legitimate ground invoked is justified
  • A right to portability allowing you to receive your personal data in a structured, commonly used and machine-readable format, or to request that such personal data be transferred to another data controller, provided that this request for portability relates to personal data directly provided by you and concerning you and that this request for portability does not infringe the rights and freedoms of third parties
  • You have the right to object to the processing of your personal data for reasons relating to your particular situation and the processing in question will then be terminated unless there are legitimate and compelling reasons justifying its continuation in accordance with the applicable regulations
  • The right to set guidelines for the storage, deletion, and disclosure of your personal data after your death
  • If the processing of your personal data is based on your consent, you also have the right to withdraw this consent at any time.


Strictly necessary cookies

These cookies are necessary for running our website and cannot be disabled in our systems. They are generally set as a response to actions you have taken that constitute a request for services, such as logging in or filling in forms. You can set your browser to block or be informed of the existence of these cookies, but some parts of the website may be affected. These cookies do not store any personally identifiable information.

Performance cookies

These cookies allow us to determine the number of visits and sources of traffic, in order to measure and improve the performance of our website. They also help us to identify the most/least visited pages and to evaluate how visitors navigate the website. All information collected by these cookies is aggregated and therefore anonymised. If you do not accept these cookies, we will not be informed of your visit to our site.

‍These rights may be exercised by contacting Kanbox directly.

Complaints relating to the use of your personal data may, if necessary, also be addressed to the Commission Nationale de l'Informatique et des Libertés, 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX - FRANCE.