Privacy Policy
Information about how Kawa collects, uses, stores, and protects personal data within the Platform.
Última actualización: 27 abril 2026 · v1.0
Antes de publicar esta página en producción, completa los campos marcados con [•] y revisa el texto final con asesoramiento legal si lo necesitas.
1Identity of the data controller
The controller responsible for processing personal data is:
Kawa
Hereinafter, the “Platform” or the “Controller”.
Note: complete the legal details before publication:
Legal name: [•]
Tax ID / VAT number: [•]
Registered address: [•]
Contact email: [•]
2Purpose of data processing
Personal data collected through Kawa will be processed for the following purposes:
- ·Manage user registration and access to the Platform.
- ·Enable the use of features (management of events, decisions, actions, and risks).
- ·Process and store user-generated content.
- ·Support the organization and operational follow-up of professional activities.
- ·Provide AI-based features for structuring and analyzing information.
- ·Manage integrations with external services (Google Calendar, Microsoft Calendar).
- ·Improve user experience and service performance.
- ·Ensure security and prevent misuse.
3Legal basis for processing
Data processing is based on:
- ·Performance of a contract: providing the service requested by the user.
- ·User consent: in the case of integrations or specific features.
- ·Legitimate interest: service improvement, security, and fraud prevention.
- ·Compliance with legal obligations, where applicable.
4Types of data collected
Kawa may collect the following categories of data:
Identification data
- ·First and last name.
- ·Email address.
Account data
- ·Access credentials (stored in secure/encrypted format).
- ·Preferences and settings.
User-generated content
- ·Notes.
- ·Decisions, actions, and risks.
- ·Uploaded documents (files, text, PDF, etc.).
- ·Information entered manually into the Platform.
Usage data
- ·Activity within the application.
- ·Action history.
- ·System logs.
Integration data
- ·Information from Google Calendar or Microsoft Calendar (if the user connects those accounts).
Technical data
- ·IP address.
- ·Browser type.
- ·Device.
- ·Session information.
5Data retention
Data will be retained:
- ·While the user maintains an active account.
- ·For the time necessary to provide the service.
- ·For the periods required by legal obligations.
- ·Until the user requests deletion.
Once the relationship ends, data may remain blocked for the legally required periods.
6Disclosure of data to third parties
Data may be disclosed to third parties only when necessary for:
- ·Providing the service (technology providers).
- ·Compliance with legal obligations.
- ·Requests from competent authorities.
Personal data will never be sold to third parties.
7International data transfers
Kawa may use providers located outside the European Economic Area (EEA), including technology and artificial intelligence services.
In such cases:
- ·The existence of Standard Contractual Clauses (SCCs) or other appropriate legal mechanisms will be ensured.
- ·Measures will be adopted to guarantee a level of protection equivalent to that required by the GDPR.
This may include services from cloud, email, analytics, or artificial intelligence providers.
8User rights
Users may exercise the following rights:
- ·Access to their personal data.
- ·Rectification of inaccurate data.
- ·Erasure (“right to be forgotten”).
- ·Objection to processing.
- ·Restriction of processing.
- ·Data portability.
To exercise these rights, you may contact: [contact email]. You also have the right to lodge a complaint with the supervisory authority (AEPD in Spain).
9Data security
Kawa adopts appropriate technical and organizational measures to ensure:
- ·Data confidentiality.
- ·Information integrity.
- ·Service availability.
These measures include, among others: data encryption, access control, system monitoring, and security best practices.
10Use of third-party services
To provide the service, Kawa may rely on third-party providers such as:
- ·Cloud infrastructure.
- ·Email delivery services.
- ·Analytics tools.
- ·Artificial intelligence services.
These providers act as data processors and comply with contractual obligations regarding data protection.
11Use of artificial intelligence
The Platform may use artificial intelligence systems to:
The user acknowledges and accepts that:
- ·Analyze content entered by the user.
- ·Extract decisions, actions, and risks.
- ·Generate suggestions or structure information.
- ·Content entered may be processed by these systems.
- ·The user is responsible for not entering especially sensitive or confidential data without appropriate safeguards.
- ·Kawa does not guarantee the complete accuracy of AI-generated results.
12Multi-user environments
In team environments:
- ·Information may be visible to other authorized users within the same organization.
- ·The user is responsible for the information they share.
- ·Kawa is not responsible for misuse by other team members.
13User responsibility
The user guarantees that:
- ·The data provided is accurate.
- ·They are authorized to enter third-party data.
- ·They will not enter illegal or especially sensitive information without a legal basis.
Kawa will not be responsible for improper processing of data entered by the user.
14Cookies
Kawa may use technical and analytics cookies.
For more information, please consult the corresponding Cookies Policy.
15Policy changes
Kawa reserves the right to modify this Privacy Policy to adapt it to legal developments or changes in the service.
Users will be informed in the event of relevant changes.
16Contact
For any questions related to this Privacy Policy or the processing of data:
Email: [●]