Privacy Policy

KohiCorp ("we", "us", "our") is an API monitoring and error tracking service registered in the Netherlands (KVK: 42006840). When your organization sends data through our SDKs, your organization is the data controller and KohiCorp acts as data processor. For account data we collect directly (email, billing), KohiCorp is the controller. Data processing terms are set out in Section 4 of our Terms of Service.

We collect information you provide and information generated through your use of the Services.

We use data to provide monitoring, error tracking, dashboards, alerts, and AI insights; to authenticate users and prevent abuse; to process payments; to improve the Services; and to comply with legal obligations.

Where GDPR applies, we rely on: performance of a contract, legitimate interests (security, fraud prevention, improvement), legal obligation, and consent where required.

KohiCorp uses AI to summarize monitoring data, explain anomalies, and assist with troubleshooting. We do not use Customer Data from any workspace to train general-purpose models. Any future data-sharing controls will be opt-in.

We share data only when needed to operate the Services. Our sub-processors include: Hetzner (infrastructure hosting, Germany), Stripe (payment processing, USA/Ireland), Cloudflare (security and CAPTCHA, USA), Google (OAuth authentication, USA), and Amazon SES (email delivery, EU). All sub-processors are bound by contractual confidentiality and data protection obligations. We may disclose data when required by law or to protect rights and safety.

Monitoring telemetry: Free plan 14 days, Pro plan 90 days, then automatically deleted. Error tracking data: Free plan 7 days, Pro plan 90 days. AI assistant conversations: retained until account deletion. Alert history: 90 days. Dashboard configurations: retained until account deletion. Sessions: 30 days. Account and billing records: retained as required by Dutch tax law (up to 7 years). You may request deletion of personal data at any time, subject to legal retention obligations.

We protect data with encryption in transit, access controls, and security monitoring. No system is perfectly secure, but we work to reduce risk and respond quickly to incidents. In the event of a qualifying data breach, we will notify the relevant authorities and affected individuals as required by applicable law.

Under GDPR (EEA/UK), you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to withdraw consent at any time. You may lodge a complaint with the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl) or your local supervisory authority.

Under CCPA/CPRA (California), you have rights to know, delete, correct, and opt out. We do not sell personal information.

To exercise any rights, email [email protected].

We use strictly necessary cookies to operate the Services. No analytics or tracking cookies are used.

Data may be processed outside your country. Where required, we use contractual safeguards for lawful transfers. DPA terms including transfer mechanisms are available on request.

We may update this policy from time to time. Material changes will be communicated by notice or email. The Services are not directed to children under 13.

For privacy questions or to exercise your rights: [email protected]. For general support: [email protected].