Privacy
Privacy policy
This policy explains how Kadryn processes personal data in connection with the website, SaaS service, user accounts, support, billing and security.
Last updated : 2026-07-03
- Service
- Kadryn
- Trade name
- Web Novation
- Legal identity of the publisher
- GONFO Nicolas EI
- Privacy contact
- contact@kadryn.com
- Support
- support@kadryn.com
- Governing law
- France
Kadryn’s roles
For data relating to the website, contact requests, user accounts, billing, security and commercial administration of the service, the publisher generally acts as data controller.
For certain data processed in the application at the request of a customer organization, Kadryn may act as a processor. In that case, the customer remains responsible for the data it decides to import, connect, transmit or process through the service.
Data processed
Kadryn may process data necessary to create and administer an account, such as professional identity, email address, organization, role, preferences, login information and security settings.
The service may also process data relating to workspaces, projects, costs, AI providers, models used, alerts, budgets, technical logs, audit logs, enabled integrations and actions performed by authorized users.
Payment data is primarily processed by payment providers. Kadryn retains information necessary to manage subscriptions, billing, usage limits and customer support.
Purposes
Data is processed to provide the service, create and secure accounts, manage organizations, perform requested features, provide support, administer subscriptions, send transactional emails, prevent abuse and maintain service security.
Data may also be used to generate technical or audit logs, measure service performance, improve user experience, comply with legal obligations and defend the publisher’s rights in the event of a dispute.
Legal bases
Depending on the context, processing may be based on the performance of a contract or pre-contractual measures, compliance with a legal obligation, the publisher’s legitimate interest in securing, administering and improving the service, or consent where required.
Where Kadryn acts as processor for a customer organization, processing is carried out on the customer’s instructions under the applicable contractual framework.
Customer data and minimization
Customer organizations must ensure that they transmit to Kadryn only the data necessary to use the service. They remain responsible for the qualification, relevance and lawfulness of the data they connect or import.
Kadryn is designed primarily to process operational and financial metadata relating to AI usage. Users should avoid transmitting sensitive data, secrets, unencrypted keys or unnecessary personal data in prompts, logs, payloads, project names or free-text fields.
Recipients and providers
Data may be accessed by authorized persons involved in operating, supporting, securing, billing or administering the service, within the limits of their responsibilities.
Kadryn may rely on technical providers for hosting, databases, authentication, email delivery, payment, observability, job orchestration and integrations enabled by the customer.
Where providers are located outside the European Economic Area or involve an international transfer, Kadryn implements appropriate contractual and organizational safeguards where required by applicable rules.
Retention periods
Account data is retained for the duration of service use and then deleted or archived according to applicable legal, contractual, accounting, evidentiary or security obligations.
Technical logs, security logs and audit logs are retained for a period proportionate to security, traceability, diagnostic, compliance and evidentiary needs.
Contact, prospecting and support data is retained for a period limited to the management of the request, the business relationship and applicable obligations.
Security
Kadryn implements technical and organizational measures intended to protect data against unauthorized access, loss, alteration, disclosure or accidental destruction.
These measures may include access control, environment separation, logging, encryption where relevant, permission limitation, error monitoring, secret rotation and incident response procedures.
Individual rights
Where the conditions set by applicable rules are met, individuals may request access, rectification, erasure, restriction, objection to processing or portability of their data.
Requests may be sent to the privacy contact listed on this page. A response will be provided within the time limits required by applicable rules.
If you believe your rights are not respected, you may lodge a complaint with the competent supervisory authority.
Cookies
Cookies and similar technologies used by Kadryn are described in the dedicated cookie policy.
Where consent is required, the user’s choices must be capable of being accepted, refused or modified under applicable rules.
Changes to this policy
This policy may be updated to reflect changes to the service, tools used, applicable rules or Kadryn’s organization.
The last updated date identifies the version currently in force.