KREO← Back to site

Privacy Policy

Last updated: June 2026

This document is a template provided for transparency during KREO's public beta and should be reviewed by legal counsel before being relied upon.

1. Who we are

KREO provides a hosted Backend-as-a-Service platform. This policy explains what personal data we process when you use our website, dashboard and APIs, and your rights regarding that data.

2. Data we process

3. How we use data

To provide and secure the Service, authenticate you, meter usage, prevent abuse, process payments, and communicate operational information. We do not sell your personal data.

4. Legal bases

Where the GDPR applies, we rely on performance of our contract with you, our legitimate interests in operating and securing the Service, and consent where required.

5. Security

We apply technical measures including per-tenant database isolation, encryption of secrets at rest (AES-256-GCM), hashed passwords and API keys, MFA/passkeys, IP allowlisting, and audit logging. No system is perfectly secure, but we work to protect your data appropriately.

6. Retention

We keep account and security data for as long as your account is active and as needed to comply with legal obligations. Customer content is retained until you delete it or close your account.

7. Sharing

We share data only with infrastructure and payment sub-processors necessary to run the Service, and where required by law. We do not share customer content with third parties for their own purposes.

8. Your rights

Subject to applicable law, you may access, correct, export or delete your personal data, and object to or restrict certain processing. Contact us to exercise these rights.

9. International transfers

Our infrastructure is hosted in the European Union. Where data is transferred internationally, we use appropriate safeguards.

10. Contact

Privacy questions or requests? Email contact@kreo.work.