Privacy Policy

Effective: 2026-04-01

1. Who we are

Kaligon Ltd. ("Kaligon", "we") operates the Kaligon DCIM platform and this website. For data protection purposes we act as:

• Controller for the personal data we collect about visitors to this site and Customers of our managed service.
• Processor for personal data about End Users that Customers store using Kaligon (e.g. VPS buyers on a hosting company's storefront).

2. Data we collect

On this website

• Page views — anonymized, aggregated, via a cookieless analytics tool.
• Contact messages — whatever you send us by email, used to reply.
• Server logs — IP address, user agent, timestamp, path. Retained up to thirty (30) days for security and troubleshooting.

In the managed Service

• Account data — name, email, password hash, company, role.
• Billing data — invoices, payments, VAT/tax IDs. Payment card details are handled by our payment processor and not stored by us.
• Usage data — API calls, logins, feature interactions.
• Support data — messages you send to support.

In the self-hosted edition

The self-hosted edition phones no one home. No telemetry, no usage reporting. Your data never leaves your servers.

3. How we use it

• to provide and operate the Service (contractual necessity);
• to bill and collect payment (contractual necessity);
• to respond to support requests (legitimate interest);
• to secure the Service — detect abuse, prevent fraud (legitimate interest);
• to comply with legal obligations;
• to send you service-related emails (contractual necessity); marketing emails only with your consent.

4. Legal basis (EU / UK)

Under GDPR / UK GDPR our legal bases are: contractual necessity, legitimate interest, consent, and legal obligation, as indicated above. You can withdraw consent at any time where consent is the basis.

5. Sharing

We do not sell your personal data. We share it only with:

• Subprocessors strictly necessary to operate the Service — hosting provider, payment processor, email delivery provider, error tracking. A current list is available on request.
• Law enforcement when required by a valid legal process.
• Acquirers in connection with a merger, acquisition, or sale of assets. Customers will be notified.

6. International transfers

Data processed in the managed Service is stored within the EU by default. Where data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses or equivalent safeguards.

7. Retention

• Account and billing data: for the duration of the account plus the period required for accounting/tax obligations (typically seven years).
• Server logs: up to thirty (30) days.
• Support messages: up to three (3) years after the last contact.
• Marketing data: until you unsubscribe.

8. Your rights

Subject to applicable law, you have the right to:

• access the personal data we hold about you;
• have it corrected or deleted;
• restrict or object to processing;
• data portability;
• withdraw consent;
• complain to your data protection authority.

Email privacy@kaligon.com to exercise these rights. We will respond within the period required by law.

9. Cookies

The marketing site (dcim.sc) uses no tracking cookies. The admin and storefront apps (my.dcim.sc, *.dcim.sc) use a single HTTP-only, SameSite session cookie strictly for authentication. No advertising or cross-site tracking cookies are set.

10. Security

We protect personal data with technical and organizational measures including TLS encryption in transit, encryption at rest for credentials, two-factor authentication for staff, least-privilege access, and regular backups. No system is perfectly secure; we cannot guarantee absolute safety.

11. Children

The Service is not directed at children under 16. We do not knowingly collect data from children. If you believe we have, contact us and we will delete it.

12. Changes

We may update this policy. Material changes will be announced via email and on this page at least thirty (30) days before they take effect.

13. Contact

Data protection questions: privacy@kaligon.com.