Privacy Policy
Last Updated: June 2026
1. Introduction
KIMISUITE LTD ("KIMISUITE", "we", "our" or "us") is committed to protecting your privacy and ensuring that your personal data is processed in a lawful, transparent and secure manner.
This Privacy Policy explains how we collect, use, process, store, disclose and protect personal data when you visit our websites, create an account, use the KIMISUITE platform or otherwise interact with our services.
This Privacy Policy also explains your rights under applicable data protection laws, including the United Kingdom General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018 and, where applicable, the European Union General Data Protection Regulation ("EU GDPR").
By using KIMISUITE you acknowledge that your personal data will be processed in accordance with this Privacy Policy.
2. Data Controller
Unless otherwise stated, the controller responsible for processing personal data under this Privacy Policy is:
KIMISUITE LTD
128 City Road
London
EC1V 2NX
United Kingdom
Company Number: 17243256
Email:
[email protected]
If you have any questions regarding this Privacy Policy or our processing of personal data, you may contact us at any time using the contact details above.
3. Scope
This Privacy Policy applies to:
- the KIMISUITE website;
- the KIMISUITE platform;
- customer workspaces;
- free applications;
- paid applications;
- mobile applications (where applicable);
- customer support;
- newsletters;
- marketing communications;
- online forms;
- demonstration environments;
- trial accounts;
- all services operated by KIMISUITE unless a separate privacy policy expressly applies.
This Privacy Policy does not apply to third-party websites, services or applications that may be linked from the KIMISUITE platform.
Those services operate under their own privacy policies and terms.
4. Definitions
For the purposes of this Privacy Policy:
Account means a registered KIMISUITE user account.
Workspace means an individual business environment created within KIMISUITE where users collaborate and manage data.
Workspace Owner means the person responsible for managing the workspace, subscriptions and invited users.
Customer means the company, organization or individual using KIMISUITE.
Customer Data means all information, files, documents, contacts, bookings, invoices, CRM records, website content, images, notes, calendar entries and other information uploaded, created or stored by Customers inside the KIMISUITE platform.
Personal Data means any information relating to an identified or identifiable natural person as defined by applicable data protection legislation.
Processing means any operation performed on Personal Data, including collection, storage, organization, use, transmission, disclosure, deletion or destruction.
Services means all products, software, applications and services provided by KIMISUITE.
5. Our Role
For information relating to our own customers, website visitors, newsletter subscribers, billing contacts and support requests, KIMISUITE generally acts as the Data Controller.
For Customer Data stored within customer workspaces, KIMISUITE generally acts as a Data Processor on behalf of the Customer.
The Customer remains responsible for determining:
- which personal data is uploaded;
- why the data is processed;
- how the data is used;
- how long the data should be retained where legally required.
KIMISUITE processes Customer Data solely for the purpose of providing the contracted services and in accordance with the Customer's instructions, applicable law and any applicable Data Processing Agreement (DPA).
6. Categories of Personal Data We Collect
Depending on how you interact with KIMISUITE, we may collect different categories of information.
6.1 Account Information
When creating an account we may collect:
- first name;
- last name;
- email address;
- company name;
- country;
- preferred language;
- password (stored only in encrypted form);
- account preferences.
6.2 Workspace Information
For workspace administration we may collect:
- workspace name;
- workspace identifier;
- owner information;
- invited users;
- subscription information;
- activated applications;
- workspace settings.
6.3 Billing Information
If you purchase a subscription we may process:
- billing name;
- billing address;
- VAT number;
- company registration number;
- country;
- tax information;
- invoices issued by KIMISUITE;
- subscription history;
- payment status.
Payment card information is not stored by KIMISUITE.
Payments are securely processed by Stripe.
6.4 Customer Data
While using KIMISUITE you may upload or create Customer Data, including but not limited to:
- CRM records;
- contacts;
- bookings;
- reservations;
- appointments;
- invoices;
- quotations;
- products;
- files;
- images;
- documents;
- notes;
- tasks;
- calendars;
- messages;
- website content;
- uploaded media;
- reports;
- analytics data;
- business records.
The Customer remains responsible for the legality of all uploaded Customer Data.
6.5 Communication Data
When you contact us we may process:
- emails;
- chat conversations;
- support tickets;
- telephone information where applicable;
- feedback;
- feature requests;
- bug reports.
6.6 Technical Information
When you access our platform we automatically collect technical information such as:
- IP address;
- browser type;
- browser version;
- operating system;
- language settings;
- device type;
- time zone;
- login timestamps;
- session identifiers;
- referring URL;
- pages visited;
- response times;
- application errors;
- crash reports;
- security events.
6.7 Usage Information
To improve our platform we may collect information regarding:
- features used;
- activated applications;
- subscription plan;
- navigation within the platform;
- interaction with platform features;
- feature usage statistics;
- performance metrics.
Whenever possible, analytics are aggregated or pseudonymised.
6.8 Cookies and Similar Technologies
We use cookies and similar technologies to:
- remember user preferences;
- maintain login sessions;
- improve security;
- analyse website usage;
- measure performance;
- provide essential platform functionality.
Additional information regarding cookies is available in our Cookie Policy.
6.9 Marketing Information
Where permitted by law or where you have provided consent, we may process:
- newsletter subscriptions;
- marketing preferences;
- event registrations;
- webinar participation;
- promotional campaign interactions.
You may withdraw your consent at any time.
6.10 Information We Do Not Intentionally Collect
KIMISUITE is designed for business use.
We do not intentionally collect personal information from children under the age of 18.
We also request that Customers do not upload special categories of personal data unless they have an appropriate legal basis for doing so under applicable data protection legislation.
7. Purposes of Processing
KIMISUITE processes Personal Data only where there is a legitimate business purpose or another lawful basis under applicable data protection legislation.
Depending on how you use our Services, we may process Personal Data for the following purposes:
7.1 Providing the Services
We process Personal Data to:
- create and manage user accounts;
- provide access to workspaces;
- authenticate users;
- manage subscriptions;
- provide purchased applications and services;
- maintain platform functionality;
- synchronize customer data;
- provide cloud storage;
- generate reports;
- provide AI-powered features where enabled.
Without processing this information, we would be unable to provide the requested Services.
7.2 Customer Support
We process Personal Data to:
- respond to support requests;
- investigate technical issues;
- resolve bugs;
- provide assistance;
- communicate regarding subscriptions;
- improve customer experience.
Support communications may be retained for documentation, quality assurance and legal purposes.
7.3 Billing and Subscription Management
We process Personal Data to:
- create invoices;
- process subscription payments;
- manage renewals;
- process upgrades;
- process downgrades;
- process cancellations;
- detect failed payments;
- comply with accounting obligations.
Payment transactions are processed by Stripe.
KIMISUITE does not receive or store complete payment card information.
7.4 Platform Security
We process technical information to:
- detect unauthorized access;
- prevent fraud;
- prevent abuse;
- investigate suspicious activity;
- maintain platform integrity;
- protect Customer Data;
- secure user accounts;
- monitor infrastructure.
This processing is necessary to protect both KIMISUITE and our Customers.
7.5 Platform Improvements
We may analyse usage information to:
- improve existing features;
- identify usability issues;
- optimize performance;
- develop new applications;
- improve user experience;
- measure platform stability.
Where possible, analytics are aggregated or pseudonymised.
7.6 Communications
We process Personal Data to communicate with Customers regarding:
- service updates;
- security notices;
- billing notifications;
- subscription changes;
- important platform announcements;
- legal notices;
- maintenance notifications.
These communications are considered part of the Service and cannot generally be opted out of while maintaining an active account.
7.7 Marketing
Where permitted by law or where you have provided consent, we may send:
- newsletters;
- product announcements;
- promotional offers;
- webinars;
- educational content;
- feature updates;
- event invitations.
You may unsubscribe from marketing communications at any time by using the unsubscribe link included in our emails or by contacting us.
7.8 Compliance with Legal Obligations
We may process Personal Data where necessary to:
- comply with legal obligations;
- respond to lawful requests;
- comply with tax regulations;
- comply with accounting obligations;
- respond to court orders;
- cooperate with competent authorities;
- protect legal rights.
8. Legal Basis for Processing
Where UK GDPR or EU GDPR applies, KIMISUITE processes Personal Data on one or more of the following legal bases.
8.1 Performance of a Contract
Most processing is necessary for the performance of our agreement with the Customer, including:
- account creation;
- workspace management;
- subscription management;
- authentication;
- billing;
- customer support;
- provision of applications;
- storage of Customer Data.
8.2 Legitimate Interests
We process certain Personal Data based on our legitimate interests, including:
- improving the platform;
- ensuring platform security;
- preventing fraud;
- detecting abuse;
- protecting infrastructure;
- maintaining backups;
- improving customer support;
- analysing system performance.
Where required, we carefully balance our legitimate interests against the rights and freedoms of data subjects.
8.3 Consent
Certain processing activities rely on your consent, including:
- marketing emails;
- newsletters;
- optional cookies;
- promotional communications.
You may withdraw consent at any time.
Withdrawal does not affect processing carried out before consent was withdrawn.
8.4 Legal Obligations
We process Personal Data where required by applicable law, including:
- accounting obligations;
- tax obligations;
- fraud prevention;
- legal claims;
- regulatory compliance.
9. Customer Data
Customer Data is all information uploaded, created or stored by Customers within the KIMISUITE platform.
Examples include:
- contacts;
- CRM records;
- invoices;
- quotations;
- bookings;
- reservations;
- uploaded files;
- documents;
- notes;
- website content;
- calendar entries;
- images;
- tasks.
The Customer remains the owner and controller of Customer Data.
KIMISUITE does not claim ownership of Customer Data.
KIMISUITE processes Customer Data solely for the purpose of providing the Services requested by the Customer.
KIMISUITE will never sell Customer Data.
KIMISUITE will never use Customer Data for advertising purposes.
KIMISUITE employees access Customer Data only where necessary for:
- customer support;
- troubleshooting;
- maintenance;
- security;
- legal compliance.
Access is restricted to authorized personnel and subject to confidentiality obligations.
10. AI Features
Some KIMISUITE applications may include AI-powered functionality.
Depending on the feature, Customer Data or user prompts may be processed for purposes such as:
- content generation;
- summarization;
- translations;
- analysis;
- automation assistance;
- text suggestions.
AI-generated content may contain inaccuracies, omissions or outdated information.
Customers remain solely responsible for reviewing and verifying all AI-generated output before relying on it.
AI features should not be considered legal, financial, tax, accounting or professional advice.
Where third-party AI providers are used, only the minimum information necessary to provide the requested AI functionality will be transmitted.
11. Payment Processing
KIMISUITE uses Stripe as its payment service provider.
When purchasing a subscription, billing information necessary for payment processing is securely transmitted to Stripe.
Stripe independently processes payment information in accordance with its own Privacy Policy.
KIMISUITE does not store:
- full payment card numbers;
- CVC codes;
- payment authentication credentials.
We only receive payment-related information required to manage subscriptions, including:
- payment status;
- invoice references;
- subscription identifiers;
- payment confirmations;
- billing history.
12. Third-Party Service Providers
To operate the KIMISUITE platform we may use carefully selected third-party service providers.
Depending on the Services used, these providers may process Personal Data on our behalf.
Examples include providers of:
- payment processing;
- cloud hosting;
- infrastructure;
- email delivery;
- backup services;
- monitoring;
- customer support;
- analytics;
- AI services.
Where required by law, KIMISUITE enters into appropriate contractual agreements with such providers to ensure Personal Data is processed securely and in accordance with applicable data protection legislation.
KIMISUITE carefully selects providers that implement appropriate technical and organizational security measures.
13. Automated Decision Making
KIMISUITE does not make legally binding decisions based solely on automated processing that would significantly affect individuals within the meaning of applicable data protection laws.
Certain automated processes may be used for:
- spam prevention;
- fraud detection;
- account security;
- system monitoring;
- platform optimization.
These automated processes are designed to protect both the platform and its users and do not replace human decision-making where legally required.
14. Data Retention
KIMISUITE retains Personal Data only for as long as necessary to fulfil the purposes described in this Privacy Policy, to comply with legal obligations, resolve disputes, enforce agreements or protect legitimate business interests.
Retention periods depend on the type of data and the purpose for which it is processed.
14.1 Active Accounts
For active accounts and active subscriptions, Personal Data and Customer Data are retained for as long as necessary to provide the Services.
The Customer remains responsible for managing and deleting Customer Data stored within their workspaces where applicable.
14.2 Subscription Cancellation
When a Customer cancels a paid subscription, access to the subscribed paid applications remains available until the end of the current paid billing period.
After the subscription expires, Customer Data associated with the affected paid applications continues to be retained in accordance with the applicable retention rules described below.
14.3 Failed Payments
If a recurring subscription payment cannot be collected, Stripe may automatically retry the payment in accordance with the configured payment retry schedule.
If payment ultimately fails and the subscription is cancelled due to non-payment:
- access to the affected paid applications and premium features will be suspended;
- free applications, where available, may remain accessible;
- Customer Data associated with the affected paid applications will be securely archived for thirty (30) days.
During this thirty (30) day retention period, the Customer may reactivate the subscription.
If the subscription is successfully reactivated within the retention period, the archived Customer Data may be restored.
If the subscription is not reactivated within thirty (30) days, the archived Customer Data may be permanently deleted.
Following permanent deletion, the data cannot be recovered.
14.4 Customer-Initiated Account Deletion
If a Customer intentionally deletes their account or workspace using the available account deletion functionality, the deletion is considered final.
Customer Data may be deleted immediately.
Deleted accounts and workspaces cannot generally be restored.
Customers are solely responsible for exporting any required data before deleting an account or workspace.
14.5 Legal Retention Requirements
Certain information may be retained for longer periods where required by applicable law.
Examples include:
- invoices issued by KIMISUITE;
- accounting records;
- tax records;
- payment confirmations;
- fraud prevention records;
- legal compliance records.
These legal retention obligations apply only to KIMISUITE's own business records and not to Customer Data uploaded by Customers.
15. Backups
KIMISUITE maintains encrypted backups for disaster recovery and business continuity purposes.
Backups are created solely to protect the integrity and availability of the platform.
Deleted Customer Data may remain in backup systems for a limited period until those backups are automatically overwritten according to our normal backup rotation schedule.
Backup copies are:
- not used for normal business operations;
- not accessible by Customers;
- not restored except where required for disaster recovery;
- protected using appropriate security measures.
16. Security
KIMISUITE implements appropriate technical and organisational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access.
Depending on the Services used, these measures may include:
- encrypted communications (TLS);
- encrypted password storage;
- role-based access controls;
- authentication mechanisms;
- security monitoring;
- infrastructure firewalls;
- intrusion detection;
- regular software updates;
- access logging;
- backup procedures;
- disaster recovery procedures;
- internal confidentiality obligations.
Although we strive to protect Personal Data, no system connected to the Internet can be guaranteed to be completely secure.
Customers are responsible for protecting their own login credentials and maintaining appropriate internal security practices.
17. Cookies and Similar Technologies
KIMISUITE uses cookies and similar technologies to provide, secure and improve the Services.
Cookies may be classified as:
Essential Cookies
These cookies are necessary for the operation of the platform and cannot be disabled.
Examples include:
- authentication;
- session management;
- security;
- language preferences;
- platform functionality.
Functional Cookies
These cookies remember user preferences and improve usability.
Examples include:
- language selection;
- interface preferences;
- remembered settings.
Analytics Cookies
Where enabled, analytics cookies help us understand how visitors use our website and Services.
Analytics information is used only to improve performance, usability and stability.
Where legally required, analytics cookies are only used after obtaining appropriate consent.
Marketing Cookies
Marketing cookies may be used only where you have provided your consent.
These cookies may be used to measure marketing effectiveness or personalize communications.
You may withdraw your consent at any time through the Cookie Settings available on our website.
18. Log Files
Like most online services, KIMISUITE automatically generates server logs.
These logs may contain:
- IP addresses;
- timestamps;
- browser information;
- operating system;
- requested URLs;
- HTTP status codes;
- error messages;
- security events;
- authentication events.
Server logs are used exclusively for:
- platform security;
- fraud prevention;
- troubleshooting;
- performance monitoring;
- legal compliance;
- system administration.
Log files are retained only for as long as reasonably necessary for these purposes.
19. International Data Transfers
KIMISUITE is established in the United Kingdom.
Depending on the Services used, Personal Data may be processed within:
- the United Kingdom;
- Member States of the European Economic Area (EEA);
- other countries where approved service providers operate.
Where Personal Data is transferred outside the United Kingdom or the EEA, KIMISUITE implements appropriate safeguards in accordance with applicable data protection legislation.
Such safeguards may include:
- UK International Data Transfer Agreement (IDTA);
- UK Addendum to the EU Standard Contractual Clauses;
- European Commission Standard Contractual Clauses (SCCs);
- adequacy regulations or adequacy decisions where applicable;
- other lawful transfer mechanisms recognised under applicable law.
20. Data Processors and Subprocessors
KIMISUITE uses carefully selected service providers to support the operation of the Services.
Where these providers process Personal Data on our behalf, they act as processors or subprocessors under applicable data protection legislation.
All subprocessors are required to:
- process Personal Data only on documented instructions;
- implement appropriate security measures;
- maintain confidentiality;
- comply with applicable data protection laws.
A current list of subprocessors may be provided upon request or published separately by KIMISUITE.
21. Your Privacy Rights
Depending on your location and applicable data protection laws, you may have the following rights regarding your Personal Data.
These rights may be subject to certain legal limitations or exceptions.
21.1 Right of Access
You have the right to request confirmation of whether KIMISUITE processes your Personal Data.
Where this is the case, you may request access to the Personal Data we hold about you together with information regarding:
- the purposes of processing;
- the categories of Personal Data concerned;
- the recipients or categories of recipients;
- the expected retention period;
- the source of the Personal Data where it was not collected directly from you;
- your legal rights.
21.2 Right to Rectification
You have the right to request that inaccurate or incomplete Personal Data be corrected without undue delay.
You may also update certain account information directly within your KIMISUITE account.
21.3 Right to Erasure
You may request deletion of your Personal Data where:
- the data is no longer necessary;
- consent has been withdrawn;
- you object to processing and there are no overriding legitimate grounds;
- the processing is unlawful;
- deletion is required by law.
This right does not apply where KIMISUITE is legally required to retain certain information, including accounting, taxation or legal compliance records.
21.4 Right to Restrict Processing
You may request that we temporarily restrict processing where:
- the accuracy of Personal Data is disputed;
- processing is unlawful but deletion is not requested;
- the data is required for legal claims;
- an objection is pending.
21.5 Right to Data Portability
Where technically feasible and legally applicable, you may request a copy of Personal Data you have provided to us in a structured, commonly used and machine-readable format.
Where supported by the relevant application, Customers may also export Customer Data directly from the KIMISUITE platform during an active subscription.
21.6 Right to Object
You may object to processing based on legitimate interests.
Where Personal Data is processed for direct marketing purposes, you may object at any time.
Following such objection, we will stop processing your Personal Data for direct marketing.
21.7 Right to Withdraw Consent
Where processing is based on consent, you may withdraw that consent at any time.
Withdrawal of consent does not affect processing carried out before consent was withdrawn.
21.8 Exercising Your Rights
Requests relating to your Personal Data may be submitted to:
For security reasons, we may request reasonable proof of identity before responding.
We aim to respond within one month unless a longer period is permitted by applicable law.
22. Complaints
If you believe that your Personal Data has been processed unlawfully, we encourage you to contact KIMISUITE first so that we can attempt to resolve your concerns.
You also have the right to lodge a complaint with the competent supervisory authority in your country of residence or place of work.
Where UK data protection law applies, complaints may be submitted to the UK Information Commissioner's Office (ICO).
Where EU GDPR applies, complaints may also be submitted to the relevant supervisory authority within the European Economic Area.
23. Children's Privacy
KIMISUITE is intended for business users.
Our Services are not directed to children under the age of 18.
We do not knowingly collect Personal Data from children.
If we become aware that Personal Data relating to a child has been collected without appropriate legal authority, we will take reasonable steps to delete such information.
24. Confidentiality
All KIMISUITE employees, contractors and authorised service providers who may process Personal Data are subject to appropriate confidentiality obligations.
Access to Personal Data is limited to individuals who require such access in order to perform their professional responsibilities.
25. Business Transfers
If KIMISUITE undergoes a merger, acquisition, investment, corporate restructuring, sale of assets or similar business transaction, Personal Data may be transferred as part of that transaction.
Any successor organisation will remain bound by this Privacy Policy or will provide an updated Privacy Policy where required by applicable law.
26. Changes to this Privacy Policy
KIMISUITE may update this Privacy Policy from time to time in order to:
- comply with legal requirements;
- reflect changes to our Services;
- introduce new features;
- improve transparency;
- reflect operational changes.
Where required by law, material changes will be communicated through appropriate means, including:
- email notifications;
- notices within the platform;
- website announcements.
The "Last Updated" date at the beginning of this Privacy Policy indicates when the latest version became effective.
Continued use of the Services following the effective date constitutes acknowledgement of the updated Privacy Policy.
27. Contact
If you have any questions regarding this Privacy Policy or the processing of your Personal Data, please contact us:
KIMISUITE LTD
128 City Road
London
EC1V 2NX
United Kingdom
Company Number: 17243256
Email:
28. Data Protection Contact
For all privacy-related requests, including requests concerning:
- access;
- correction;
- deletion;
- restriction;
- portability;
- objections;
- consent withdrawal;
- complaints;
please contact:
29. Governing Law
This Privacy Policy shall be interpreted in accordance with the laws of England and Wales, except where mandatory data protection legislation provides otherwise.
Nothing in this Privacy Policy limits any rights granted to data subjects under applicable data protection laws.
30. Final Provisions
If any provision of this Privacy Policy is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.
This Privacy Policy forms an integral part of the KIMISUITE Terms and Conditions and should be read together with:
- Terms and Conditions
- Cookie Policy
- Data Processing Agreement (where applicable)