Privacy Policy
Last updated: May 12, 2026
1) Who We Are (Data Controller)
ELITE-TECH (“Elite-Tech”, “we”, “us”) is the controller for the processing described in this policy. Company identifiers: SIREN 839 542 917 (RCS Créteil), VAT FR95839542917. For any privacy questions or to exercise your rights, contact us via the Contact page or at contact@kcmhub.io.
2) Data We Collect
- Technical & usage data: basic logs produced when you browse our website (e.g., IP address, browser, pages viewed, timestamps) for security and diagnostics.
- Contact form data: your name, professional email, and message content. We also record the date/time of submission and your consent choice.
- Checkout & subscription data: when you subscribe to a paid plan, we collect your email, full name or company name, company domain (optional), country, VAT number (optional, for EU B2B), customer type (individual or company), and your acceptance of the Terms and this Privacy Policy. Payment credentials (card number, CVC) are entered directly into Stripe and are never received or stored by us (see Section 14).
- Analytics data: when you consent, we use Google Analytics 4 to measure aggregated audience and usage metrics (see Section 4 and Section 12).
- License validation data: KCM is on-premise software. Once installed on your infrastructure,
your KCM instance periodically contacts
api.kcmhub.ioto validate the license key and expiration. We receive only: the license identifier, the KCM version, the timestamp of the call, and the IP address of the calling server (logged for abuse prevention). No Kafka data, no user data, and no configuration is transmitted during this call. - Support-related content (only if you choose to share it): screenshots and text descriptions you send when contacting support. You are responsible for redacting personal data before sharing. We treat shared material as confidential and delete it once your support ticket is closed (see Terms, Section 14).
3) Purposes & Legal Bases
- Operate and secure the website (legitimate interests).
- Respond to contact/support requests (legitimate interests or pre-contractual steps at your request).
- Comply with legal obligations (where applicable).
- Improve KCM via aggregated, non-identifying analytics (legitimate interests).
4) Processors (Sub-processors)
We use trusted service providers acting as processors under a data processing agreement. In particular:
- Tally – contact form submissions. According to Tally’s documentation, submissions are stored within the European Union. Tally acts as our data processor.
- Stripe Payments Europe, Ltd. (Ireland) – payment processing, subscription management, invoicing, and tax calculation (Stripe Tax). Data may be transferred to Stripe, Inc. (USA) with appropriate safeguards. See Section 14 and Stripe’s privacy notice.
- Google Ireland Ltd / Google LLC – Google Analytics 4 (audience measurement). Loaded only after your consent via the consent management platform. Data may be transferred to the USA under appropriate safeguards (Standard Contractual Clauses, Data Privacy Framework). See Google’s privacy policy.
- consentmanager.net (CONSENTMANAGER AB, Sweden) – consent management platform that collects and stores your cookie/tracking consent choices. Operates under contract necessity and legal obligation (ePrivacy / GDPR Art. 7).
- Google reCAPTCHA v3 (Google Ireland Ltd / Google LLC) – fraud and abuse prevention on the Tools page when you submit the archetype generator form. reCAPTCHA collects hardware and software information (e.g., device and application data) and sends it to Google to compute a risk score. Legal basis: our legitimate interest in preventing abuse and protecting the service. Data may be transferred to the USA under appropriate safeguards. See Google’s privacy policy.
- YouTube (Google Ireland Ltd / Google LLC) – we embed a demo video on the homepage using
the privacy-enhanced mode (
youtube-nocookie.com). No cookies are set by YouTube until you click play; once you interact with the player, YouTube/Google may set cookies and collect viewing data subject to their own privacy policy. - Hosting & infrastructure – our web hosting and security providers process technical/operational data strictly to provide the service.
- Email delivery – if you request an email reply, your email provider and ours will necessarily process your email address and message.
5) Where We Store Data
We seek to store and process personal data within the EU/EEA whenever possible. Contact form submissions collected via Tally are stored in the EU. If an international transfer is required (for example, email routing), we rely on appropriate safeguards (see Section 8).
6) Retention
- Contact form submissions: retained for up to 12 months after last activity related to your request, then deleted or anonymized.
- Technical logs: retained for up to 12 months for security and diagnostics, unless a longer period is required by law or to investigate incidents.
7) Security
We apply organizational and technical measures designed to protect your data (access controls, encryption in transit, least-privilege practices). No method is 100% secure, but we continuously improve our posture.
8) International Transfers
We do not intend to transfer your contact form data outside the EU/EEA. If certain processing (e.g., email delivery paths or infrastructure failovers) results in a transfer, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) or an equivalent lawful mechanism.
8 bis) On-premise nature of KCM and Data Processing roles
KCM is licensed on-premise software. You deploy and operate KCM on your own infrastructure, and ELITE-TECH does not have access to the Kafka data, configurations, audit logs, or user accounts handled by your KCM instance. For that data, you remain the sole controller (and, where applicable, processor) and ELITE-TECH is not a data processor.
ELITE-TECH may act as a limited processor only in the specific case where you choose to share material containing personal data with our support team (e.g., unredacted logs). The scope, obligations, and retention for that limited processing are set out in Section 14 of our Terms of Service. A standalone signable DPA covering that limited scope is available on request at dpa@kcmhub.io.
9) Sharing
We do not sell personal data. We only share it with processors listed above or when required by law or to defend our legal rights.
10) Your Rights
Subject to applicable law, you may have the right to access, rectify, erase, object to or restrict processing, and port your data. You also have the right to define directives regarding your data after death where applicable. To exercise your rights, contact us via the Contact page or at contact@kcmhub.io. We may ask you to verify your identity.
11) Supervisory Authority
If you are located in the EU, you also have the right to lodge a complaint with your local supervisory authority. In France, this is the CNIL.
12) Cookies & Third-Party Assets
Strictly necessary cookies are used to operate the website and the consent management platform (consentmanager.net), and by Stripe to secure payment processing on the checkout page. These cookies do not require your consent (Article 82 of the French Data Protection Act, ePrivacy Directive).
Analytics cookies (Google Analytics 4) are non-essential and are only set after you give your consent via the consent banner. You can withdraw or change your consent at any time by reopening the consent management panel from the cookie settings link displayed by the banner. Until you consent, no Google Analytics identifier is set and no analytics data is sent.
If third-party assets are loaded from external providers (e.g., web fonts from Google Fonts, CDN scripts), those providers will necessarily receive your IP address to deliver the asset. Where feasible, we self-host or minimize third-party calls.
For a full, up-to-date list of cookies and trackers used on this site, please open the consent management panel from any page.
13) Updates
We may amend this policy from time to time. The most recent version is always published on this page.
14) Payments (Stripe)
When you purchase KCM, we use Stripe to process your payment. We share with Stripe only the data required to perform the transaction, such as your name or company name, email, billing address, VAT number (if provided), country, IP address, amount and currency, and order/subscription references. We receive from Stripe payment status and limited payment instrument details (e.g., brand and last 4 digits), invoice identifiers and subscription identifiers. We do not receive or store full card numbers or CVC codes.
Roles & legal bases. Stripe acts as our processor for payment processing; for certain activities (e.g., fraud prevention, regulatory compliance), Stripe may act as an independent controller. Processing is based on contract necessity (to take payment and provide the service), legitimate interests (fraud prevention and service security), and legal obligation (accounting and tax compliance).
International transfers. Payments are handled by Stripe Payments Europe (Ireland). Data may be transferred to Stripe, Inc. (USA) with appropriate safeguards (e.g., Standard Contractual Clauses). See Stripe’s privacy notice for details.
Retention. We keep subscription metadata (Stripe customer, subscription, invoice IDs, lifecycle events like renewals and cancellations) for the life of the subscription and for a short operational period thereafter (up to 36 months). Accounting records (including invoices) are retained for the period required by law (which can be up to 10 years).
Stripe Cookies (Strictly Necessary)
Stripe may set strictly necessary cookies to enable secure payment processing and fraud prevention. These cookies are essential for the payment service and do not require consent. For details, see Stripe Privacy Policy.