When you use the Kite platform, we collect certain information necessary to provide and improve our services. This includes:

• IP addresses and geographic location data for analytics and security purposes
• Usage logs including API calls, timestamps, and request metadata
• API keys and authentication tokens you generate through our dashboard
• Account information including email address, company name, and billing details
• Technical data such as browser type, device information, and session duration

We retain this data only for as long as necessary to provide our services and comply with legal obligations. Most operational logs are automatically purged after 90 days.

Your content belongs to you. We process your video files solely for the purposes of transcoding, storage, and delivery. We claim no ownership over your content.

Video data is processed in our secure infrastructure and is encrypted both in transit (TLS 1.3) and at rest (AES-256). We do not access, view, or analyze the content of your videos except:

• When explicitly authorized by you for support purposes
• When required by law enforcement with valid legal process
• For automated abuse detection (e.g., CSAM hash matching as required by law)

Upon account termination, all video content is deleted within 30 days. You may request immediate deletion at any time through your dashboard or by contacting support.

We work with trusted third-party providers to deliver our services. These subprocessors are bound by strict data processing agreements and are GDPR compliant:

A complete list of subprocessors is available upon request. We notify customers of any material changes to this list with 30 days advance notice.

Kite is fully compliant with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws. As a user, you have the right to:

• Access: Request a copy of all personal data we hold about you
• Rectification: Correct any inaccurate personal data
• Erasure: Request deletion of your personal data ('right to be forgotten')
• Portability: Export your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to certain types of data processing

To exercise any of these rights, please contact us at privacy@gooick.com. We will respond to all requests within 30 days.

For enterprise customers, we offer Data Processing Agreements (DPAs) and can provide additional compliance documentation upon request.

We implement industry-leading security measures to protect your data:

• End-to-end encryption for all data in transit using TLS 1.3
• AES-256 encryption for all data at rest
• SOC 2 Type II certified infrastructure
• Regular third-party penetration testing and security audits
• Multi-factor authentication (MFA) available for all accounts
• Role-based access control (RBAC) for team management
• 24/7 security monitoring and incident response

In the event of a data breach, we will notify affected users within 72 hours as required by GDPR. Our security team can be reached at security@gooick.com.

If you have any questions about this Privacy Policy or our data practices, please contact us: