Privacy Policy
This Privacy Policy (“Policy”) describes how Junnovate Limited, a company incorporated in Ireland (Company Number 784589, VAT Number IE 4416003MH), trading as Kodular, with its registered office at 24A Baggot Street Upper, Dublin, D04 N528, Ireland (“Kodular”, “we”, “us”, or “our”), collects, uses, and protects your personal data when you access or use our Services.
1. Definitions
For the purposes of this Privacy Policy, the following terms shall have the meanings set out below:
- “Controller” means Junnovate Limited, trading as Kodular, the entity that determines the purposes and means of Processing of Personal Data.
- “Data Subject” means an identified or identifiable natural person whose Personal Data is Processed by the Controller.
- “EEA” means the European Economic Area.
- “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation).
- “Personal Data” means any information relating to an identified or identifiable natural person.
- “Processing” means any operation or set of operations performed on Personal Data, whether or not by automated means.
- “Services” means, collectively, Kodular Creator, My Kodular, Kodular Community, Kodular Docs, the Kodular website (www.kodular.io), and all related applications, tools, and services operated by the Controller.
- “Sub-processor” means any third party appointed by the Controller to Process Personal Data on its behalf.
- “You” or “User” means any natural person who accesses or uses the Services.
2. Identity of the Controller
The Controller of your Personal Data is:
Junnovate Limited, trading as Kodular
Company Registration Number: 784589 (Ireland)
VAT Number: IE 4416003MH
Registered Address: 24A Baggot Street Upper, Dublin, D04 N528, Ireland
For privacy-related inquiries, you may contact us at: support@kodular.io
3. Scope and Application
3.1. This Privacy Policy applies to all Personal Data Processed by the Controller in connection with the provision of the Services, including but not limited to: (a) the Kodular Creator application development platform; (b) the My Kodular user dashboard; (c) the Kodular Community forum; (d) the Kodular Docs documentation website; (e) the Kodular website; and (f) all associated authentication, billing, and support services.
3.2. This Privacy Policy does not apply to: (a) any data collected by mobile applications created by Users using the Services, except to the extent that Kodular collects data through its own runtime services as described in the separate App Data Processing Notice; (b) any third-party websites or services linked from the Services; or (c) any data processing activities carried out by Users in their capacity as independent data controllers.
3.3. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. Where Processing is based on consent, your continued use of the Services constitutes your consent to the Processing described herein, which you may withdraw at any time in accordance with Section 11 below.
4. Categories of Personal Data Collected
4.1. Personal Data Provided Directly by the Data Subject
The Controller collects the following categories of Personal Data that you provide directly:
(a) Account Registration Data. When you create a Kodular account, we collect your email address, display name, and, where applicable, your first name, last name, and profile image. Where you register using a third-party authentication provider (Google, GitHub, or Facebook), we receive your name, email address, and profile image from the respective provider.
(b) Authentication Credentials. We collect and store password hashes (for email/password authentication), two-factor authentication secrets and backup codes, and passkey (WebAuthn) credential data including credential IDs, public keys, and device metadata.
(c) Payment Information. When you subscribe to Kodular Premium or activate Kodular Monetize, payment transactions are processed by our third-party payment processor, Stripe. We do not directly collect or store your credit card numbers or bank account details. We receive from Stripe your Stripe customer identifier, subscription status, and invoice records.
(d) Identity Verification Data. To participate in the Kodular Monetize programme, you must complete identity verification (KYC) through our third-party provider, Didit (didit.me). During this process, Didit collects identity documents (such as a passport or national ID card) and biometric data (facial recognition) via their hosted verification flow. Kodular does not receive or store your identity documents or biometric data. We store only the Didit verification session identifier and your verification status (pending, approved, rejected, or expired).
(e) Feedback and Support Data. When you submit feedback or contact support, we collect your email address, name, comments, and any technical error information associated with your report. Support requests submitted via our support portal (support.kodular.io) or email are processed by Freshdesk; see Section 6.9.
(f) Project Data. We collect and store all content you create using Kodular Creator, including project files, component configurations, asset files (images, audio, and other media), and project metadata (name, type, creation date, modification date, build history).
(g) Community Data. When you use Kodular Community, we collect your username, email address, profile information (bio, avatar), posts, topics, replies, likes, and other content you create. The forum also records your reading activity, notification preferences, and badge achievements.
(h) OAuth Consent Data. When you authorise third-party applications to access your Kodular account via OAuth, we record the application identifier, the scopes you authorised, and the timestamp of your consent.
4.2. Personal Data Collected Automatically
When you access or use the Services, the following Personal Data is collected automatically:
(a) Session and Device Data. Each authenticated session records your IP address, browser user agent string, session creation timestamp, and session expiry. We use this data for security purposes, including the detection of unauthorised account access.
(b) IP Geolocation Data. When a login from a new device is detected, we resolve your IP address to an approximate geographic location (city, region, country) using a third-party geolocation service. This data is included in new-device login notification emails sent to you.
(c) Usage Analytics. We use Google Analytics 4 on the Kodular website and within Kodular Creator to collect anonymised usage data, including pages visited, features used, session duration, and interactions with the platform. Google Analytics may set cookies on your device as described in our Cookie Policy.
(d) Operational Telemetry. We collect server-side operational metrics, logs, and distributed traces via OpenTelemetry. This telemetry includes HTTP request metadata (method, path, status code, latency), application error logs, and performance metrics. This data is used exclusively for service reliability, debugging, and performance monitoring.
(e) Bot Detection Data. We use Google reCAPTCHA v3 on authentication forms (sign-up, sign-in, password reset) to distinguish human users from automated bots. reCAPTCHA collects device and browser data as described in Google’s Privacy Policy.
4.3. Personal Data Obtained from Third-Party Sources
(a) Social Authentication Providers. When you authenticate via Google, GitHub, or Facebook, we receive your name, email address, and profile image from the respective provider, subject to the permissions you grant during the authentication flow.
(b) Gravatar. We generate an MD5 hash of your email address and query the Gravatar service operated by Automattic, Inc. to retrieve a publicly associated profile image. Gravatar receives only the MD5 hash, not your plaintext email address.
5. Purposes and Legal Bases for Processing
Pursuant to Article 6(1) of the GDPR, we Process your Personal Data on the following legal bases:
5.1. Performance of a Contract (Article 6(1)(b) GDPR)
We Process your Personal Data as necessary for the performance of the contract between you and the Controller for the provision of the Services, including:
(a) Creating and managing your user account; (b) Providing access to Kodular Creator and related development tools; (c) Storing and managing your projects and associated files; (d) Processing payments for Kodular Premium subscriptions and Kodular Monetize activation; (e) Managing advertising revenue, balances, and payouts through the Kodular Monetize programme; (f) Operating the Kodular Community forum; (g) Providing customer support in response to your inquiries.
5.2. Legitimate Interests (Article 6(1)(f) GDPR)
We Process your Personal Data where necessary for the legitimate interests pursued by the Controller, provided that such interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include:
(a) Service security and fraud prevention: Recording session IP addresses and user agents, detecting new device logins, rate-limiting authentication requests, and verifying human users via reCAPTCHA;
(b) Service reliability and performance: Collecting operational telemetry (metrics, logs, traces) to monitor, debug, and improve the Services;
(c) Service improvement: Analysing aggregated usage patterns through Google Analytics to understand how Users interact with the Services.
5.3. Consent (Article 6(1)(a) GDPR)
We Process certain Personal Data on the basis of your consent, which you may withdraw at any time:
(a) Non-essential cookies and tracking technologies: As described in our Cookie Policy, we obtain your consent before placing non-essential cookies on your device;
(b) Marketing communications: Where applicable, we obtain your consent before sending promotional communications.
5.4. Legal Obligation (Article 6(1)(c) GDPR)
We Process your Personal Data where necessary to comply with a legal obligation to which the Controller is subject, including:
(a) Retaining financial and billing records as required by Irish tax law; (b) Responding to lawful requests from law enforcement or regulatory authorities; (c) Complying with applicable data protection laws, including responding to data subject rights requests.
6. Recipients and Disclosures of Personal Data
We disclose your Personal Data to the following categories of recipients:
6.1. Infrastructure and Hosting Providers
| Provider | Data Disclosed | Purpose | Location |
|---|---|---|---|
| Hetzner Online GmbH | All platform data | Cloud hosting | DE, FI |
| netcup GmbH | Logs, metrics, traces | Monitoring | DE |
| PagerDuty | Alert names, metric labels, error context | Incident alerting | EU |
| Amazon Web Services | Event data, user IDs, subscriptions | Backend services | EU |
| Google Cloud Platform | Creator application runtime | App Engine hosting | EU |
| Wasabi Technologies | Project and user files | Object storage | EU |
6.2. Authentication Providers
| Provider | Data Disclosed | Purpose |
|---|---|---|
| Google LLC | OAuth credentials, scopes | Google Sign-In |
| GitHub, Inc. | OAuth credentials, scopes | GitHub Sign-In |
| Meta Platforms, Inc. | OAuth credentials, scopes | Facebook Sign-In |
6.3. Payment and Payout Processors
| Provider | Data Disclosed | Purpose |
|---|---|---|
| Stripe, Inc. | Email, customer ID, subscriptions | Payment processing |
| Trolley (PaymentRails) | User ID, recipient ID, amounts | Creator payouts |
6.4. Identity Verification
| Provider | Data Disclosed | Purpose |
|---|---|---|
| Didit (didit.me) | Email, user ID | Identity verification (KYC) for Monetize eligibility |
Didit collects identity documents and biometric data (facial recognition) directly through their hosted verification flow. Kodular does not receive or store these documents or biometric data; we receive only a session identifier and verification status.
6.5. Advertising and Monetisation
| Provider | Data Disclosed | Purpose |
|---|---|---|
| Google Ad Manager | Email, publisher name | Ad network account creation and revenue management |
6.6. Analytics and Security Providers
| Provider | Data Disclosed | Purpose |
|---|---|---|
| Google LLC (Analytics) | Anonymised usage data | Usage analytics |
| Google LLC (reCAPTCHA) | Device/browser signals | Bot detection |
| CrowdSec | IP addresses | DDoS protection and IP reputation |
| Automattic (Gravatar) | MD5 hash of email | Profile image |
| ipinfo.io | IP address | App event geolocation |
| Cookie-Script.com | Cookie preferences | Consent management |
6.7. Email Delivery
| Provider | Data Disclosed | Purpose |
|---|---|---|
| Amazon SES | Email addresses, message content | Transactional emails |
6.8. Content Delivery Providers
| Provider | Data Disclosed | Purpose |
|---|---|---|
| Google LLC (Fonts) | IP, user agent | Font delivery |
| jsDelivr (Volentio JSD) | IP, user agent | JS library delivery |
6.9. Customer Support
| Provider | Data Disclosed | Purpose |
|---|---|---|
| Freshworks (Freshdesk) | Email, name, support ticket content | Customer support ticket management |
6.11. Other Disclosures
We may also disclose your Personal Data: (a) to comply with applicable law, regulation, legal process, or governmental request; (b) to enforce our Terms of Service and other agreements; (c) to protect the rights, property, or safety of the Controller, our Users, or others; (d) in connection with a merger, acquisition, reorganisation, or sale of assets, in which case the acquiring entity will be bound by the terms of this Privacy Policy.
6.12. Data Processing Agreements. In accordance with Article 28 of the GDPR, we have entered into Data Processing Agreements (DPAs) with all Sub-processors who process Personal Data on our behalf. The following Sub-processors make their data processing terms publicly available:
- Stripe: stripe.com/legal/dpa
- Google Cloud / Analytics: cloud.google.com/terms/data-processing-addendum
- Google Fonts: business.safety.google/controllerterms
- Amazon Web Services: aws.amazon.com/compliance/data-processing-addendum
- Didit: didit.me/terms/business
- Wasabi: wasabi.com/legal/data-processing-addendum
- Cookie Script: cookie-script.com/gdpr-compliance
- Automattic (Gravatar): automattic.com/privacy
- Freshworks (Freshdesk): freshworks.com/data-processing-addendum
- jsDelivr (Volentio JSD): jsdelivr.com/documents/data-processing-agreement.pdf
- Trolley: trolley.com/terms-eu
- ipinfo.io: ipinfo.io/terms-of-service
- PagerDuty: pagerduty.com/dpa
DPAs with Hetzner, netcup, CrowdSec, and other Sub-processors are available upon request. Business users who require a DPA for their own GDPR processor compliance may request one by contacting support@kodular.io.
7. International Data Transfers
7.1. Your Personal Data is primarily stored and processed within the European Union. Our primary infrastructure is in Germany and Finland (Hetzner), with backend services in the EU (AWS) and monitoring in Germany (netcup).
7.2. Certain Sub-processors and services operate outside the EEA. Where Personal Data is transferred from the EEA, the United Kingdom, or Switzerland to a country that has not received an adequacy decision from the European Commission, we implement appropriate safeguards in accordance with Chapter V of the GDPR, including the European Commission’s Standard Contractual Clauses (SCCs).
7.3. The following Sub-processors located outside the EEA receive Personal Data:
| Sub-processor | Location | Safeguard |
|---|---|---|
| Google LLC (APIs) | US | EU-U.S. DPF; SCCs |
| Google Ad Manager | US | EU-U.S. DPF; SCCs |
| Didit (didit.me) | US | SCCs |
| Stripe, Inc. | US | EU-U.S. DPF; SCCs |
| Trolley (PaymentRails) | Canada | EU adequacy decision |
| GitHub, Inc. | US | EU-U.S. DPF; SCCs |
| Meta Platforms, Inc. | US | EU-U.S. DPF; SCCs |
| Automattic (Gravatar) | US | EU-U.S. DPF; SCCs |
| CrowdSec | US | SCCs |
| ipinfo.io | US | SCCs |
| Freshworks (Freshdesk) | US | EU-U.S. DPF; SCCs |
| PagerDuty | EU | EU-U.S. DPF; SCCs |
7.4. The following Sub-processors operate within the EEA and do not require additional transfer safeguards:
| Sub-processor | Location |
|---|---|
| Amazon Web Services | EU |
| Amazon SES | EU |
| Google Cloud Platform | EU |
| Wasabi Technologies | EU |
| Hetzner Online GmbH | EU |
| netcup GmbH | EU |
| jsDelivr (Volentio JSD) | EU (Poland) |
| Cookie-Script.com | EU (Lithuania) |
7.5. Our Monetize service additionally ingests anonymised app event data in the following AWS regions for latency optimisation: us-west-2 (Oregon), ap-south-1 (Mumbai), ap-southeast-1 (Singapore), and sa-east-1 (Sao Paulo).
8. Data Retention
8.1. We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.
8.2. The following specific retention periods apply:
| Data Category | Retention Period |
|---|---|
| User account data | Duration of account + 30 days |
| Project data | Duration of account |
| Community posts | Duration of account |
| Sessions | 7 days (auto-expire) |
| Verification tokens / OTPs | 5 minutes (auto-expire) |
| App event data (S3) | 365 days, then deleted |
| Operational logs | 30 days |
| Operational metrics | 90 days |
| Payment and billing records | As required by tax law |
| Google Analytics data | Default GA retention settings |
8.3. Upon expiry of the applicable retention period, Personal Data is securely deleted or anonymised. Backup copies may persist for up to 90 days following deletion from primary systems.
9. Data Security
9.1. The Controller implements appropriate technical and organisational measures to protect Personal Data against unauthorised access, alteration, disclosure, or destruction, including:
(a) Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS/HTTPS.
(b) Encryption at rest: Database storage and backup systems employ encryption at rest.
(c) Authentication security: Passwords are stored using cryptographic hashing. We support two-factor authentication (TOTP), passkeys (WebAuthn), and magic link authentication.
(d) Access controls: Administrative access to production systems requires authenticated credentials. Admin impersonation of user accounts is logged and auditable.
(e) DDoS protection: Our ingress infrastructure employs CrowdSec for attack mitigation.
(f) Rate limiting: Authentication endpoints are rate-limited (500 requests per 60 seconds per IP on OAuth token endpoints; 100 requests per 60 seconds on discovery endpoints).
(g) Automated certificate management: TLS certificates are managed via Let’s Encrypt with automatic renewal.
9.2. Notwithstanding the foregoing, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially reasonable means to protect your Personal Data, we cannot guarantee its absolute security.
9.3. Data Breach Notification. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Irish Data Protection Commission within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected Data Subjects without undue delay, as required by Article 34 of the GDPR. Notification will be made via email to the address associated with your account, or by prominent notice on the Services where individual notification is not feasible.
10. Automated Decision-Making and Profiling
10.1. The Controller does not engage in automated decision-making that produces legal effects concerning you or similarly significantly affects you, within the meaning of Article 22 of the GDPR.
10.2. The Controller does employ automated systems for the limited purposes of: (a) bot detection via Google reCAPTCHA on authentication forms; (b) rate limiting of API requests based on IP address; and (c) trust level assignment on Kodular Community, where Discourse automatically assigns trust levels (0-4) based on reading activity, posting frequency, and community interactions, which may affect your ability to upload files, post links, edit wiki posts, or flag content. These automated processes do not produce legal effects or similarly significantly affect you beyond the adjustment of platform capabilities based on your participation history.
11. Rights of Data Subjects
11.1. Subject to applicable law, you have the following rights with respect to your Personal Data:
(a) Right of access (Article 15 GDPR): You have the right to obtain confirmation as to whether your Personal Data is being processed and, where that is the case, to request access to the Personal Data.
(b) Right to rectification (Article 16 GDPR): You have the right to obtain the rectification of inaccurate Personal Data.
(c) Right to erasure (Article 17 GDPR): You have the right to obtain the erasure of your Personal Data where one of the grounds set out in Article 17(1) applies.
(d) Right to restriction of processing (Article 18 GDPR): You have the right to obtain the restriction of Processing in the circumstances set out in Article 18(1).
(e) Right to data portability (Article 20 GDPR): You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
(f) Right to object (Article 21 GDPR): You have the right to object to Processing based on legitimate interests, including profiling based on those provisions.
(g) Right to withdraw consent (Article 7(3) GDPR): Where Processing is based on consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of Processing based on consent before its withdrawal.
11.2. How to exercise your rights. You may exercise these rights by contacting us at support@kodular.io. We are developing self-service tools for data export and account deletion within the My Kodular dashboard. In the interim:
- Account deletion: Contact support@kodular.io. You must delete all projects from your account before requesting account deletion.
- Data export: Contact support@kodular.io
We will respond to your request within 30 days of receipt. Where requests are complex or numerous, this period may be extended by a further 60 days, in which case we will inform you of the extension within the initial 30-day period.
11.3. Community Forum: Anonymisation upon Account Deletion. Kodular Community is powered by Discourse. When you request deletion of your Kodular account, your Community account is anonymised rather than fully deleted. This means:
(a) Your username is replaced with a randomly generated anonymous identifier (e.g., “anon12345678”);
(b) Your email address, profile information (bio, location, website), and IP addresses are permanently removed;
(c) Your posts, topics, and replies are preserved but attributed to the anonymous identifier, ensuring that community discussions remain coherent and complete;
(d) Private messages, likes, bookmarks, and other engagement data associated with your account are removed or disassociated;
(e) If your posts contain personal information within the content itself (e.g., you shared your name or contact details in a post), that content may remain even after anonymisation. You may request manual review and redaction of such content by contacting support@kodular.io.
We retain anonymised community content pursuant to GDPR Article 17(3)(a), which provides an exception to the right of erasure for the exercise of the right to freedom of expression and information. Full deletion of all posts may be available for accounts with minimal posting history, at our discretion.
11.4. Right to lodge a complaint. You have the right to lodge a complaint with a supervisory authority. The lead supervisory authority for the Controller is:
Data Protection Commission (An Coimisiun um Chosaint Sonrai) 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland Website: www.dataprotection.ie
12. Children’s Privacy
12.1. The Services are not directed to, and are not intended for use by, individuals under the age of sixteen (16). We do not knowingly collect Personal Data from individuals under the age of 16.
12.2. If we become aware that we have collected Personal Data from an individual under the age of 16, we will take steps to delete that data promptly. If you believe that a child under 16 has provided us with Personal Data, please contact us at support@kodular.io.
13. Supplemental Notice for California Residents (CCPA/CPRA)
13.1. If you are a California resident, the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 (collectively, “CCPA”) provide you with additional rights regarding your Personal Data.
13.2. Categories of Personal Information Collected. In the preceding twelve (12) months, we have collected the following categories of personal information as defined by the CCPA:
| CCPA Category | Collected |
|---|---|
| Identifiers (name, email, IP, account ID) | Yes |
| California Customer Records (name, payment info) | Yes |
| Internet or electronic network activity | Yes |
| Geolocation data (approximate, from IP) | Yes |
| Professional or employment information | No |
| Education information | No |
| Biometric information | Yes (via Didit for KYC; not stored by Kodular) |
| Inferences | No |
| Sensitive personal information (credentials, biometric via Didit) | Yes |
13.3. No Sale or Sharing. We do not sell your personal information, and we have not sold personal information in the preceding twelve (12) months. We do not share your personal information for cross-context behavioural advertising purposes.
13.4. Global Privacy Control (GPC). We honour Global Privacy Control signals transmitted by your browser. When we detect a GPC signal, we treat it as a valid opt-out request under applicable US state privacy laws, including the CCPA/CPRA, Colorado Privacy Act, Connecticut Data Privacy Act, and other state laws that recognise GPC.
13.5. Your CCPA Rights. You have the right to: (a) know what personal information we collect, use, and disclose; (b) request deletion of your personal information; (c) correct inaccurate personal information; (d) opt out of the sale or sharing of personal information (not applicable, as we do not sell or share); (e) limit the use of sensitive personal information; (f) not be discriminated against for exercising your rights.
13.6. To exercise your CCPA rights, contact us at support@kodular.io.
14. Supplemental Notice for Brazilian Residents (LGPD)
14.1. If you are a resident of Brazil, the Lei Geral de Protecao de Dados (LGPD) provides you with additional rights regarding your Personal Data.
14.2. In addition to the rights described in Section 11, you have the right to: (a) confirmation of the existence of Processing; (b) access to your data; (c) correction of incomplete, inaccurate, or outdated data; (d) anonymisation, blocking, or deletion of unnecessary or excessive data; (e) data portability; (f) deletion of data processed with your consent; (g) information about public and private entities with which your data has been shared; (h) information about the possibility of denying consent and the consequences thereof; (i) revocation of consent.
14.3. The Controller processes your Personal Data on the following legal bases under the LGPD: (a) consent; (b) compliance with a legal or regulatory obligation; (c) execution of a contract; (d) legitimate interests of the Controller; (e) credit protection (where applicable).
14.4. To exercise your LGPD rights, contact us at support@kodular.io. We will respond to LGPD requests within 15 days as required by Brazilian law.
15. Supplemental Notice for Canadian Residents (PIPEDA)
15.1. If you are a resident of Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) provides you with rights regarding your Personal Data.
15.2. We collect, use, and disclose your personal information only for purposes that a reasonable person would consider appropriate in the circumstances. We obtain your consent for the collection, use, and disclosure of your personal information, except where permitted or required by law.
15.3. You have the right to: (a) access your personal information held by us; (b) challenge the accuracy and completeness of your personal information; (c) withdraw consent to the continued collection, use, or disclosure of your personal information, subject to legal or contractual restrictions; (d) file a complaint with the Office of the Privacy Commissioner of Canada.
15.4. Certain payout data is processed by Trolley (PaymentRails, Inc.), based in Canada, for the purpose of facilitating Kodular Monetize creator payouts.
15.5. To exercise your PIPEDA rights, contact us at support@kodular.io.
16. Changes to This Privacy Policy
16.1. We may update this Privacy Policy from time to time to reflect changes in our Processing activities, legal requirements, or operational practices. We will notify you of material changes by email or by prominent notice on the Services at least thirty (30) days before the changes take effect.
16.2. Your continued use of the Services after the effective date of any updated Privacy Policy constitutes your acceptance of the revised Privacy Policy.
16.3. We encourage you to review this Privacy Policy periodically.
17. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data Processing practices, please contact us:
Junnovate Limited, trading as Kodular
24A Baggot Street Upper, Dublin, D04 N528, Ireland
Email: support@kodular.io