Privacy · Effective May 17, 2026
What we collect, what we never collect, who sees what, and how to ask us to change or delete it.
Account information you give us (name, email, workspace role), workflow records the platform produces (requests, holds, quotes, contracts, invoices, settlements, messages, audit-log entries), profile fields you publish, and operational logs needed to run the system (request IDs, timestamps, IP addresses on rate-limit checks). We collect what the platform needs to do its job — nothing extra.
We do not embed third-party tracking pixels in public pages or in your workspace. We do not run marketing analytics on the public site. We do not collect device fingerprinting beyond what is necessary to detect abuse. We do not buy contact data and we do not enrich your records from external providers.
To run the workflow you signed up for — show you the right dashboards, deliver notifications, calculate fees, settle invoices. To protect the platform from fraud and abuse. To meet our own audit and compliance obligations. To respond when you ask us for help.
You and your workspace teammates. The counterparty of each engagement sees only what is needed to do business on that engagement — public profile fields, the request/hold/quote/contract trail for that booking, the agreed payment numbers. Internal notes stay inside your workspace; client-visible messages cross the boundary. Operations staff see what is needed to maintain the platform, under role-scoped access with audit.
Hosting and database providers, email delivery (Resend), and operational monitoring tools, all contracted under standard data-processing terms. Payment processing, where it applies, runs through the established payment processor configured for your workspace — funds typically move bank-to-bank without Kalinklo holding them.
Strictly the cookies needed for authentication, language/preference persistence, and security (anti-CSRF). No advertising cookies. No third-party tracking cookies. Local-storage usage is limited to UI state for signed-in users.
Active workspace data is retained while your account is open. Audit log entries are retained for the period required by our obligations and to support dispute resolution. On account closure you have thirty days to export; after that, personally identifying fields are anonymised and only minimum audit-trail records remain.
Access, correction, export, and deletion are available on request. EU/UK residents have the rights granted by the GDPR; California residents have the rights granted by the CCPA. To exercise any of these rights, write to the office via /help — we acknowledge receipt promptly and complete the request within the period required by the applicable law.
Some processors operate outside your jurisdiction. Where international transfer is required, we rely on standard contractual clauses or equivalent safeguards as appropriate. If you have specific transfer concerns, raise them when applying and we will address them in the agreement.
Kalinklo Ltd, Hong Kong. Privacy enquiries: via /help, addressed to the privacy office. We acknowledge formal requests promptly; we will not commit to a fixed response window during the charter beyond what the applicable law requires.
Exercise a right
To exercise any of these, write to the office via the help centre. See also the terms of use and security practices.