Legal
Privacy policy
How Soekan Design, LLC handles personal information collected through kbpd.ai. Data controller identity, purposes, lawful basis, retention, your rights.
Plain-language frame
The short version.
These launch pages make the purchase boundary inspectable before payment: what you can use, what stays protected, how purchase support works, and which hosted services are not included unless a separate offer says so.
Last updated: 2026-06-28
Plain-English summary. These terms are provided so buyers can understand the purchase, license, return, and privacy boundary before payment. If a signed agreement applies to your organization, that signed agreement controls.
Who we are
kbpd.ai is operated by Soekan Design, LLC, a limited-liability company with its principal place of business at 11239 SW Capitol Hwy, Portland, OR 97219. For all data-protection purposes, Soekan Design, LLC is the data controller of personal information collected through this site.
Contact: [email protected].
What we collect
- Email address — when you submit the starter-kit signup form, request support, or purchase a license.
- Name — optional, when you supply it during purchase or email capture.
- Payment metadata — the payment provider collects payment-card data directly; we receive only the order confirmation details needed for delivery, support, tax, and dispute records. We never see your card number.
- IP address + user-agent — recorded transiently in server logs and rate-limit buckets; retained no longer than 30 days.
- Cookie preferences — your choices on the consent banner, stored in a first-party cookie named
kbpd_ccfor up to 365 days.
We do not collect special-category data (race, religion, health, etc.). We do not knowingly collect data from anyone under 16.
Why we collect it
- Deliver the starter kit — your email is required to send starter-kit access. Lawful basis: performance of contract (GDPR Art. 6(1)(b)).
- Process payments — the payment provider needs payment data to settle the purchase. Lawful basis: performance of contract.
- Send service emails — order confirmations, access help, and license-update notices. Lawful basis: performance of contract.
- Send marketing emails — only if you opt in via the consent banner or by subscribing to a list. Lawful basis: consent (GDPR Art. 6(1)(a)). You can withdraw at any time.
- Operational analytics — only if you opt in. Lawful basis: consent.
- Comply with legal obligations — tax records, dispute resolution. Lawful basis: legal obligation (GDPR Art. 6(1)(c)).
Who we share it with
We use a small set of processors. Each one is bound by a data-processing agreement (DPA) before any personal data flows to them.
- Stripe, Inc. — payment processing. Stripe privacy notice.
- Resend, Inc. — transactional + marketing email delivery, plus the email-capture audience. Resend privacy notice.
- Cloudflare, Inc. — secure file delivery, CDN, and DDoS protection. Cloudflare privacy notice.
- Vercel, Inc. — site and application hosting. Vercel privacy notice.
- Neon, Inc. — database hosting for purchase and site records. Neon privacy notice.
We do not sell or rent personal information. We do not transfer personal data outside of services we have a DPA with.
International transfers
Most processors above are US-based. Where we transfer personal data of EU/EEA/UK residents outside the EEA/UK, the transfer is covered by Standard Contractual Clauses (EU) and/or the UK International Data Transfer Addendum.
How long we keep it
- Purchase records — 7 years (tax + dispute resolution).
- Access emails — are time-limited or can be replaced by support. Purchase records are retained only as needed for delivery support, tax, dispute, and legal obligations.
- Free-tier signups — until you unsubscribe, then erased within 30 days.
- Server logs — 30 days, then purged.
- Consent preferences — 365 days, or until you reset them.
Your rights
Under GDPR / UK GDPR / CCPA (and equivalents), you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Erase your data ("right to be forgotten")
- Restrict or object to processing
- Data portability (receive your data in a structured, machine-readable format)
- Withdraw consent at any time, where consent was the lawful basis
- Lodge a complaint with your supervisory authority
Email [email protected] with your request. We respond within 30 days. We may ask you to verify your identity before fulfilling the request.
Cookies
See the consent banner (open it again anytime via the footer link) for granular control over functional, analytics, and marketing cookies. The strictly-necessary category cannot be disabled because the site cannot run without it.
Changes to this policy
Material changes are surfaced via an updated "Last updated" date at the top of this page and, where appropriate, an email to active customers and subscribers. Continued use of the site after a change implies acceptance.
Complaints
If you are in the EU/EEA and believe we have mishandled your data, you may complain to your national data-protection supervisory authority. If you are in the UK, the supervisory authority is the Information Commissioner’s Office (ICO, ico.org.uk).
Need clarification?