Kollab Privacy Statement

Last updated: 29 June 2024

1. The short version

In providing Kollab’s services (collectively and individually, our “Services”) we collect information that users, visitors and customers provide to us and process it either on their behalf or for our own corporate needs. When we act on behalf of a customer we do so as a “processor” under the GDPR (or “service provider” under the CCPA). When we use data for our own business—e‑mailing prospects, keeping security logs, improving site performance—we are the controller.

2. What information Kollab collects in its corporate capacity, and why

a. Information from website browsers

We use common Internet technologies (cookies, server logs, analytics tags) to collect: browser type, language preference, referring site, pages requested, date/time of each request, and IP address. We use this to understand usage, secure the site, and plan improvements.

b. Information you voluntarily provide

Visitors may supply contact details (e‑mail, phone, billing address, etc.). We use that information to respond, provide quotations, and evaluate our Service.

c. Information from users with accounts

When you sign up you supply a username and authenticate via a third‑party identity provider linked to a valid e‑mail. Optional profile fields may include real name, photograph, or other User Personal Information.

User Personal Information includes identifiers (IP, cookie ID, user ID) and log data (page views, timestamps, feature usage). It excludes aggregated or de‑identified data, which we may use to operate, analyse and optimise our Services.

3. Why we collect this information

Create and manage your account; provide the Services you request.
Authenticate you and secure your workspace.
Personalise recommendations and in‑product messages.
Send service e‑mails and—with your consent—marketing e‑mails.
Analyse usage to improve performance and features.
Maintain logs for security, training, billing and legal purposes.

Legal bases for processing (EEA & UK)

Contractual necessity – account creation, authentication, and Service delivery.
Legitimate interests – security logging, product analytics, fraud prevention.
Consent – optional profile fields and marketing e‑mails.
Legal obligation – keeping tax records and responding to lawful requests.

To exercise your rights or withdraw consent, e‑mail privacy@kollab.ai.

4. Information about children

Kollab is not directed to children under 16. If we learn we have collected data from a child, we will delete the account.

5. Information you submit while using the Services

Content you upload (documents, images, messages) is processed strictly to provide the Service and is not used for unrelated commercial purposes.

6. How we share the information we collect

We do not sell personal information.
Aggregated, de‑identified data may be shared for analytics or marketing.
Identifiable data is shared only with vetted sub‑processors that perform hosting, payment, analytics, customer support or security functions under a written DPA.

A current list of sub‑processors is available on request.

7. International data transfers

Personal data may be transferred to—and stored on—servers in the United States. We rely on the EU–US Data Privacy Framework and Standard Contractual Clauses (SCCs) to safeguard cross‑border transfers.

8. Public information on Kollab

Any content you set to “public” can be indexed or copied by third parties.

9. Cookies and similar technologies

We use cookies to remember preferences, enhance security, measure engagement and run limited retargeting campaigns. EU/UK visitors can manage non‑essential cookies through our consent banner.

10. Security

We employ AWS data centres with ISO 27001 & SOC 2 Type II certification. Data is encrypted in transit (TLS 1.2+) and at rest (AES‑256). We use MFA, role‑based access, continuous monitoring, annual penetration testing, and an incident‑response plan.

11. Your data‑protection rights (EEA & UK)

You have the right to access, rectify, erase, restrict or object, to data portability, and to lodge a complaint with your local supervisory authority (lead: Irish DPC). Requests: privacy@kollab.ai. We respond within one month.

12. How we respond to compelled disclosure

We may disclose personal data if required by law or a valid court order. Where legally allowed, we will notify the affected user.

13. Retention

Account data – life of contract + 60 days.
Logs – 12 months.
Support tickets – 2 years.
Marketing contacts – 24 months from last interaction.
Invoices – 7 years.

14. CCPA notice

We are a “service provider” under the California Consumer Privacy Act. California residents may exercise the same rights listed above via privacy@kollab.ai.

15. YouTube & Google APIs

Kollab’s optional YouTube integration uses Google API Services. Our use and transfer of Google data complies with Google’s API Services User Data Policy (Limited Use) and Google’s Privacy Policy.

16. Controller & Contact Information

Controller:
Matterhub LLC (d/b/a “Kollab”)
1875 Mission St Ste 103 #299
San Francisco, CA 94103, USA
privacy@kollab.ai

European Representative under Article 27 of GDPR We have appointed EU Rep as our Representative under Article 27 of the EU General Data Protection Regulation ("GDPR"). All GDPR queries from EU data subjects or supervisory authorities should be submitted via EU Rep’s dedicated form at eurep.ie. BizLegal Ltd, trading as EU Rep, is registered in Ireland (Company No. 635921) with its registered office at 27 Cork Road, Midleton, Co. Cork, Ireland.

Questions or concerns? E‑mail privacy@kollab.ai with the subject line "Privacy Concerns."