We collect and use the following information to provide, improve and protect our "Services":
Account – We collect, and associate with your account, information like your name, email address, phone number, payment info, and physical address. Some of our services let you access your accounts and your information with other service providers.
Services – When you use our Services, we store, process and transmit your files and information related to them (for example, your annotations ). If you give us access to your contacts, we'll store those contacts on our servers for you to use. This will make it easy for you to do things like sharing your stuff, send emails, and invite others to use the Services.
Usage – We collect information from and about the devices you use to access the Services. This includes things like IP addresses, the type of browser and device you use, the web page you visited before coming to our sites, and identifiers associated with your devices. Your devices (depending on their settings) may also transmit location information to the Services.
Cookies & Other Technologies –We use technologies like cookies and pixel tags to provide, improve, protect and promote our Services. For example, cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information. You can set your browser to not accept cookies, but this may limit your ability to use the Services.
We may share information as discussed below, but we won't sell it to advertisers or other third-parties.
Other users – Our Services display information like your name and email address to other users in places like your user profile and sharing notifications. Certain features let you make additional information available to other users.
Other applications. You can also give third parties access to your information and account - for example, via Kami APIs. Just remember that their use of your information will be governed by their privacy policies and terms.
Law & Order – We may disclose your information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of Kami or our users; or (d) protect Kami's property rights.
Stewardship of your data is critical to us and a responsibility that we embrace. We believe that our users' data should receive the same legal protections regardless of whether it's stored on our services or on their home computer's hard drive. We'll abide by our principles when receiving, scrutinizing and responding to government requests for our users' data:
- Be transparent, - Fight blanket requests, - Protect all users, and - Provide trusted services.
Security – We have a team dedicated to keeping your information secure and testing for vulnerabilities. We also continue to work on features to keep your information safe.
Retention – We'll retain the information you store on our Services for as long as we need it to provide you with the Services. If you delete your account, we'll also delete this information. But please note: (1) there might be some latency in deleting this information from our servers and backup storage; and (2) we may retain this information if necessary to comply with our legal obligations, resolve disputes, or enforce our agreements.
If you are using Kami in the European Union, The EU General Data Protection Regulation (GDPR) will set a new standard for how companies use and protect EU citizens’ data. It will take effect from May 2018.
The GDPR requires is that, when any EU personal data is hosted or processed outside of the European Economic Area, it must remain protected to an adequate standard in line with EU law. There are a few ways that Kami achieves this.
First, some of our EU customers' data is processed in New Zealand (where our Headquarters are located). New Zealand is recognized by the EU as a territory that ensures an adequate level of data protection decided by 2013/65/EU: Commission Implementing Decision of 19 December 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by New Zealand (notified under document C(2012) 9557) Text with EEA relevance.
When we hold EU customer data in other territories, like the US, we take other ‘Appropriate Safeguards’ that are prescribed by the GDPR. Specifically, we enter into Data Processing Agreements with Customers who require this. We rely on EU Standard Contractual Clauses (also called Model Clauses) published by the European Commission to protect EU data. These are standard form data export agreements that have been approved by the European Commission as a lawful basis for transferring personal data to non-EEA countries like the USA. Our Data Processing Agreement is available to sign upon request.
To comply with EU data protection laws around international data transfer, we have verified that our US-based cloud hosting providers have self-certified under the E.U.-U.S. Privacy Shield framework. The EU-US Privacy Shield is a framework negotiated and agreed by the European Commission and U.S. Department of Commerce as a lawful way of transferring personal data. No action is required on our customers’ part to benefit from the protection of this framework.
- AWS has self-certified under the EU-US Privacy Shield. AWS also announced compliance with the CISPE Code of Conduct. The CISPE Code of Conduct helps cloud customers assess how their cloud infrastructure provider complies with its data protection obligations under the GDPR.
- Google has committed to applying the Privacy Shield’s principles and safeguards to EU-U.S. transfers of personal data. Google’s certificate will soon be accessible here.