This Privacy Policy explains how kdevelopment.nl (“we”, “us”, “our”) processes personal data
when you use our Form Builder service (the “Service”).
We are established in the Netherlands and apply the EU GDPR.
1) Roles under GDPR
- For your account and billing data (e.g., username, email, purchases), we act as the data controller.
- For data collected through forms you create (your respondents’ submissions), you are the data controller and we act as your data processor.
You must provide a suitable privacy notice to your respondents and ensure you have a lawful basis for processing their data.
2) Data we collect
- Account data: username, email, hashed password, role, timestamps.
- Service usage: forms you create, configuration, feature assignments, submission counts.
- Form submissions (processor): content your respondents submit. Fields you mark as “Sensitive (encrypt)” are stored encrypted at rest.
- Billing & payments: purchase metadata, feature credits/packs, transaction identifiers. Card/bank details are handled by PayPal (we never see full card data).
- Logs & security: server logs (IP, User-Agent, timestamps, request URL, HTTP status), CSRF tokens, rate-limit counters, abuse/anti-fraud signals.
- Trial IP: to enforce one free combo trial per IP, we store your IP in binary form and a trial expiry timestamp. This is not used for tracking or marketing.
- Cookies: essential cookies only (session ID); no third-party tracking cookies.
3) Why we process your data (lawful bases)
- Contract (Art. 6(1)(b) GDPR): to create your account, run the Service, provide support, and deliver purchased features (view/email packs).
- Legitimate interests (Art. 6(1)(f)): service security, fraud/abuse prevention (including IP for trials), troubleshooting, and product improvement.
- Legal obligations (Art. 6(1)(c)): tax/audit records for payments.
4) Sharing & recipients
- Hosting: our infrastructure provider (e.g., Strato or equivalent) stores databases and files needed for the Service.
- Email delivery: system emails (e.g., verification, notifications) are sent via our mail infrastructure.
- Payments: PayPal acts as an independent controller for payment data. We receive transaction IDs/status only.
- Legal: authorities or auditors when required by law.
We do not sell personal data.
5) International transfers
Some providers (e.g., PayPal) may process data outside the EEA. Where applicable,
transfers rely on appropriate safeguards such as Standard Contractual Clauses.
6) Retention
- Account & service data: kept while your account is active and a short period after deletion for backups and dispute handling.
- Payment records: kept up to 10 years to comply with tax and accounting rules.
- Form submissions (processor): kept until you delete the form or submission, or your account is deleted.
- Trial IP entries: kept up to 12 months after trial expiry to prevent repeated claims.
- Server logs: typically rotated within 90 days unless needed longer for security or legal reasons.
7) Your rights
You have rights to access, rectify, erase, restrict, object, and port your personal data.
For respondent data submitted to your forms, please contact the form owner (you) directly.
For your account/billing data, contact us at info@kdevelopment.nl.
You can also lodge a complaint with the Dutch DPA (Autoriteit Persoonsgegevens).
8) Security
We apply administrative, technical, and organizational measures, including encryption in transit and encryption at rest
for fields flagged as “Sensitive (encrypt)”. No system can be 100% secure, but we continuously improve our safeguards.
9) Children
The Service is not directed to children under 16. If you believe we’ve collected data from a child, contact us to remove it.
10) Changes
We may update this policy. We’ll post changes here and adjust the “Effective date”.
Material changes may be notified via email or in-app.
11) Contact
kdevelopment.nl
Email: info@kdevelopment.nl