Privacy Policy

Last updated: May 12, 2026

1) Who We Are (Data Controller)

ELITE-TECH (“Elite-Tech”, “we”, “us”) is the controller for the processing described in this policy. Company identifiers: SIREN 839 542 917 (RCS Créteil), VAT FR95839542917. For any privacy questions or to exercise your rights, contact us via the Contact page or at contact@kcmhub.io.

2) Data We Collect

3) Purposes & Legal Bases

4) Processors (Sub-processors)

We use trusted service providers acting as processors under a data processing agreement. In particular:

5) Where We Store Data

We seek to store and process personal data within the EU/EEA whenever possible. Contact form submissions collected via Tally are stored in the EU. If an international transfer is required (for example, email routing), we rely on appropriate safeguards (see Section 8).

6) Retention

7) Security

We apply organizational and technical measures designed to protect your data (access controls, encryption in transit, least-privilege practices). No method is 100% secure, but we continuously improve our posture.

8) International Transfers

We do not intend to transfer your contact form data outside the EU/EEA. If certain processing (e.g., email delivery paths or infrastructure failovers) results in a transfer, we use appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) or an equivalent lawful mechanism.

8 bis) On-premise nature of KCM and Data Processing roles

KCM is licensed on-premise software. You deploy and operate KCM on your own infrastructure, and ELITE-TECH does not have access to the Kafka data, configurations, audit logs, or user accounts handled by your KCM instance. For that data, you remain the sole controller (and, where applicable, processor) and ELITE-TECH is not a data processor.

ELITE-TECH may act as a limited processor only in the specific case where you choose to share material containing personal data with our support team (e.g., unredacted logs). The scope, obligations, and retention for that limited processing are set out in Section 14 of our Terms of Service. A standalone signable DPA covering that limited scope is available on request at dpa@kcmhub.io.

9) Sharing

We do not sell personal data. We only share it with processors listed above or when required by law or to defend our legal rights.

10) Your Rights

Subject to applicable law, you may have the right to access, rectify, erase, object to or restrict processing, and port your data. You also have the right to define directives regarding your data after death where applicable. To exercise your rights, contact us via the Contact page or at contact@kcmhub.io. We may ask you to verify your identity.

11) Supervisory Authority

If you are located in the EU, you also have the right to lodge a complaint with your local supervisory authority. In France, this is the CNIL.

12) Cookies & Third-Party Assets

Strictly necessary cookies are used to operate the website and the consent management platform (consentmanager.net), and by Stripe to secure payment processing on the checkout page. These cookies do not require your consent (Article 82 of the French Data Protection Act, ePrivacy Directive).

Analytics cookies (Google Analytics 4) are non-essential and are only set after you give your consent via the consent banner. You can withdraw or change your consent at any time by reopening the consent management panel from the cookie settings link displayed by the banner. Until you consent, no Google Analytics identifier is set and no analytics data is sent.

If third-party assets are loaded from external providers (e.g., web fonts from Google Fonts, CDN scripts), those providers will necessarily receive your IP address to deliver the asset. Where feasible, we self-host or minimize third-party calls.

For a full, up-to-date list of cookies and trackers used on this site, please open the consent management panel from any page.

13) Updates

We may amend this policy from time to time. The most recent version is always published on this page.

14) Payments (Stripe)

When you purchase KCM, we use Stripe to process your payment. We share with Stripe only the data required to perform the transaction, such as your name or company name, email, billing address, VAT number (if provided), country, IP address, amount and currency, and order/subscription references. We receive from Stripe payment status and limited payment instrument details (e.g., brand and last 4 digits), invoice identifiers and subscription identifiers. We do not receive or store full card numbers or CVC codes.

Roles & legal bases. Stripe acts as our processor for payment processing; for certain activities (e.g., fraud prevention, regulatory compliance), Stripe may act as an independent controller. Processing is based on contract necessity (to take payment and provide the service), legitimate interests (fraud prevention and service security), and legal obligation (accounting and tax compliance).

International transfers. Payments are handled by Stripe Payments Europe (Ireland). Data may be transferred to Stripe, Inc. (USA) with appropriate safeguards (e.g., Standard Contractual Clauses). See Stripe’s privacy notice for details.

Retention. We keep subscription metadata (Stripe customer, subscription, invoice IDs, lifecycle events like renewals and cancellations) for the life of the subscription and for a short operational period thereafter (up to 36 months). Accounting records (including invoices) are retained for the period required by law (which can be up to 10 years).

Stripe Cookies (Strictly Necessary)

Stripe may set strictly necessary cookies to enable secure payment processing and fraud prevention. These cookies are essential for the payment service and do not require consent. For details, see Stripe Privacy Policy.