This Privacy Policy explains how Yezholov Kyrylo, sole proprietor operating as Korrero ('we', 'us', or 'our'), collects, uses, and protects your personal information.
We only collect information about you that help us identify you, to communicate with you, or make our Service better.
We collect information from several sources: information that you provided to us, information we collected automatically from your interactions with the Service, and from third parties.
When you register for a Korrero account, we require your full name and email address. We also require you to create a password, which we store in a secure, hashed format (meaning we can never see your actual password). You may also voluntarily choose to upload a Profile Picture (Avatar) to personalize your account. We collect this information to create your account, identify you within the Service, and communicate important service-related notices to you (like password resets or billing notifications).
Our Service allows you to create projects to manage your notifications. We store the project names you create and the secure API keys we generate for those projects. If you invite other team members to a project, we process the email address you provide to send the invitation. To facilitate collaboration, once a team member has joined your project, their name, email address, and Profile Picture (Avatar) will be visible to you and other members within that project's team management view.
As a core part of our service, we process the data you send through our API. This includes the content of the notifications themselves and any associated media files you upload or link to. We process this data solely on your behalf and according to your instructions, which are to deliver it to your specified channels. You are the Data Controller for this information and are responsible for its content.
When you use our service, we collect data about your activity. This includes analytics on your notifications, such as impressions, clicks, and Click-Through Rate (CTR). We collect this information to display it to you on your analytics dashboard and to help us understand how our Service is performing, allowing us to improve it.
Like most websites and services, our servers automatically collect technical information when you access or use our console or API. This includes your IP address, browser type and version, operating system, and the date and time of your interactions. We use this log data for the legitimate interests of securing our Service, preventing abuse, diagnosing technical problems, and ensuring stability. These logs are retained for a fixed period of 90 days.
We use Paddle as our official Merchant of Record to handle all subscription payments and invoicing. When you choose to upgrade to a paid plan, we securely pass your email address and a unique Korrero user identifier to Paddle to initiate the checkout process. You provide your payment details directly to Paddle's secure checkout page. We do not receive or store this sensitive payment information. After a successful payment, Paddle provides us with confirmation details, such as your name, country of residence, and which plan you purchased.
We offer the ability to sign up and log in using third-party authentication services ("OAuth"), such as Google or other providers we may support in the future. If you choose to use one of these services, you authorize that service to share certain information with us. We will receive information like your identifier, name, email address, and profile picture from the provider to create and authenticate your Korrero account. We do not receive your password from these third-party services.
Under the General Data Protection Regulation (GDPR), we must have a valid legal reason, known as a lawful basis," to use and process your personal information. We rely on the following lawful bases to run the Korrero service:
This is our primary reason for processing your data. When you sign up for Korrero, you are entering into a contract with us to provide you with a notification service. We use your data to fulfill this contract, which includes:
We use some data for legitimate business purposes to maintain, secure, and improve our service. We only do this when our interest is not overridden by your fundamental rights and freedoms. These purposes include:
For any activities that are not essential to providing the core service, we will always ask for your consent first. This includes:
We are committed to keeping your personal data safe and private. We do not sell your personal information to anyone.
However, to provide, secure, and operate the Korrero service, we rely on a small number of trusted third-party companies that act as our "sub-processors." These companies are contractually bound to protect the data we share with them and are prohibited from using it for any other purpose.
| Service Provider | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Hosting of our servers, database, and file storage | Germany / Finland, EU |
| Cloudflare | Security (Web Firewall, DDoS Protection) & Performance (CDN) | Global / US |
| Paddle | Payment Processing (as our Merchant of Record) | Ireland / US |
| Google (OAuth, SMTP) | Client Authentication & Transactional Email Delivery | US |
| Google Analytics | Website & Service Usage Analytics | US |
Data Transfers: Some of our sub-processors are based outside of the European Union (EU), primarily in the United States. When you use our Service, this may involve transferring your personal data to these locations. We ensure these transfers are legal and that your data remains protected to the same high standard as required by GDPR.
We are committed to the principle of storage limitation and will only keep your personal data for as long as it is necessary to fulfill the purposes we collected it for, as described in this policy, or to comply with legal and regulatory obligations.
Your Account Information, Project Data, and Notification Content are retained for as long as your Korrero account is active. The indefinite storage and archiving of your notification history is a core feature of the Service that we provide to you.
As our client, you are the Data Controller for this information and are responsible for its lifecycle. You can and should use our built-in features to manually delete any or all your notification data at any time.
If you choose to delete your account, all personal data associated with it (including your profile, projects, and notification history) will be permanently deleted from our active systems within a reasonable period.
We retain Technical Log Data, which includes your IP address and information about your interactions with our service, for a fixed period of 90 days. This data is used for security analysis and debugging purposes. After 90 days, these logs are automatically and permanently deleted.
Please note that we may be required to retain some information for a longer period to comply with our legal or regulatory responsibilities. For example, we may need to keep basic transactional records provided by Paddle for several years to comply with financial and tax laws in the EU.
If you are a resident of the European Economic Area (EEA), you have important rights over your personal data under the General Data Protection Regulation (GDPR). We are committed to upholding these rights.
We have built tools to help you easily exercise your rights:
For any other requests, or if you need assistance, please contact us directly by emailing [email protected]. We will respond to your request within 30 days, as required by law.
While we hope to resolve any concerns you have directly, you have the right to lodge a complaint with your local data protection authority if you believe your privacy rights have been infringed.
As we are based in Lithuania, our lead supervisory authority is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija). You can find their contact details on their website.
We take our responsibility to protect your data very seriously and have implemented a range of appropriate technical and organizational measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, or disclosure.
Important Note: While we have implemented robust security measures, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
The security of your account also depends on you. You are responsible for keeping your account password confidential by using a strong, unique password.
Regarding API Keys: Our service provides public API keys for each project. This key is designed to be used in public-facing applications (such as websites or mobile apps) to retrieve notification data for that specific project. These keys are read-only and are scoped to a single project.
It is your sole responsibility as our client to ensure that any notifications you make accessible via this public API key do not contain any sensitive, private, or confidential information. By design, any data retrievable by this key should be considered publicly accessible. You are in full control of the data you choose to expose through this mechanism.
We use cookies and similar tracking technologies to help operate and improve our Service, perform analytics, and remember your preferences. For more detailed information about the cookies we use, why we use them, and how you can manage your cookie settings, please see our dedicated Cookie Policy.
Your consent for non-essential cookies is managed through the cookie consent banner presented to you when you visit our site.
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.
We will notify you of any changes by posting the new Privacy Policy on this page. We will also update the "Last Updated" date at the top of this policy. For any significant changes, we will provide a more prominent notice, such as by sending you an email notification to the address associated with your account. You are advised to review this Privacy Policy periodically for any changes.
If you have any questions, concerns, or requests regarding this Privacy Policy, your data rights, or our data protection practices, please do not hesitate to contact us.
Email: [email protected]
Data Controller: Kyrylo Yezholov (sole proprietor)
Location: Lithuania
© 2025 Korrero. All rights reserved.