An image uploaded to Strapi called logo

Khemlabs

Privacy Policy

Privacy Policy for Khem Labs

Executive Summary

Our Commitment to Your Privacy

Welcome to Khem Labs. This Privacy Policy explains how we collect, use, protect, and share your personal information when you use our software development services, websites, and applications (our "Services").

Our goal is to be transparent and to empower you to control your data.

What Information We Collect: We collect information you provide to us, such as your name, email, and payment details when you create an account.

We also collect technical data about how you use our Services, like your IP address and device information, to improve performance and security.

How We Use Your Information: We use your information to provide and maintain our Services, process payments, communicate with you, and ensure the security of our platform.

With your consent, we may also send you marketing communications.

How We Share Your Information: We do not sell your personal information.

We may share it with trusted service providers (our "subprocessors") who help us operate our Services, such as cloud hosting providers and payment processors.

We require them to protect your data just as we do. We may also share data if required by law.

International Data Transfers: As a global company, we may transfer your data to other countries.

We use legally-approved mechanisms, such as the UK's International Data Transfer Agreement and Adequacy Decisions, to ensure your data receives a high level of protection wherever it is processed.

Your Rights: You have rights over your personal data.

Depending on your location, you may have the right to access, correct, delete, or restrict the processing of your information.

This policy provides detailed instructions on how to exercise these rights.

Residents of specific regions, like California, have additional rights which are explained in dedicated sections.

Data Security and Retention: We use robust technical and organisational measures to protect your data from unauthorised access or loss.

We only keep your data for as long as necessary to provide our Services or to comply with our legal obligations.

Children's Privacy: Our Services are not intended for individuals under the age of 18. We do not knowingly collect data from children.

Contact Us: If you have any questions about this policy or wish to exercise your rights, please contact our Data Protection Officer at .

You also have the right to lodge a complaint with your local data protection authority, such as the UK's Information Commissioner's Office (ICO).

Privacy Policy

Last Updated: 2025-07-25

1. Introduction

This Privacy Policy describes how Khem Labs ("we," "us," or "our"), with its headquarters at Cabrera 6061, Ciudad Autonoma de Buenos Aires, Argentina, collects, uses, and discloses your personal data in connection with your use of our custom software development services, software-as-a-service (SaaS) platforms, websites, and related applications (collectively, the "Services").

We are committed to protecting your privacy and handling your data in an open and transparent manner.

This policy is designed to comply with applicable data protection laws, including the UK General Data Protection Regulation (UK-GDPR), the EU General Data Protection Regulation (GDPR), and other global privacy regulations.

2. Data We Collect and How We Use It

We only collect personal data that is necessary for specific, explicit, and legitimate purposes.

We will not process your data in a manner that is incompatible with these purposes.

The table below outlines the categories of personal data we collect, our purposes for processing it, and the lawful basis for that processing under the UK-GDPR.

Category of Personal DataPurpose of ProcessingLawful Basis (under UK-GDPR)
Account & Contact Data (e.g., name, email address, phone number, company name, job title)To create and manage your user account. To provide customer support and communicate with you about your account and our Services. To send administrative information, such as updates to our terms or policies.Performance of a contract (Art. 6(1)(b))
Payment & Billing Data (e.g., credit card details, billing address)To process payments for our Services and prevent fraudulent transactions.Performance of a contract (Art. 6(1)(b))
Usage & Technical Data (e.g., IP address, browser type, device information, operating system, logs of your activity on our Services)To provide, maintain, and secure our Services. To monitor and analyse usage to improve the user experience and functionality. To diagnose and fix technical issues.Legitimate interests (Art. 6(1)(f)) - specifically, our interest in ensuring the security, availability, and improvement of our Services.
User-Generated Content (e.g., code, project files, comments, or other content you upload or create within our Services)To provide the core functionality of our Services, allowing you to store and manage your content.Performance of a contract (Art. 6(1)(b))
Marketing & Communications Data (e.g., your marketing preferences, feedback, and survey responses)To send you marketing communications about our products and services, where you have opted in. To conduct market research and understand user needs.Consent (Art. 6(1)(a)) or Legitimate interests (Art. 6(1)(f)) for marketing to existing customers about similar products, subject to their right to opt-out.

3. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (e.g., web beacons, pixels) to operate and administer our websites, gather usage data, and improve your experience.

Some cookies are strictly necessary for the website to function, while others are used for analytics, performance, and advertising.

When you first visit our website, you will be presented with a cookie banner that provides detailed information about the cookies we use and allows you to provide or withdraw your consent for non-essential cookies.

You can change your preferences at any time through our cookie management tool, which is linked in the footer of our website.

4. How We Share Your Data

We do not sell your personal data. We may share your personal data with the following categories of third parties for the purposes described in this policy:

  • Subprocessors and Service Providers: We engage third-party companies to perform services on our behalf, such as cloud infrastructure hosting (e.g., Amazon Web Services), payment processing, customer support software, and analytics services.
  • These providers are our "data processors" and are only permitted to process your data on our instructions and are contractually obligated to implement robust security measures.
  • Affiliates: We may share data with other companies within the Khem Labs corporate group for administrative purposes and to provide integrated services.
  • Legal and Regulatory Authorities: We may disclose your personal data if required to do so by law, or in response to a valid legal process such as a court order, subpoena, or government investigation.
  • Business Transfers: In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred as part of that transaction.
  • We will notify you of any such deal and outline your choices in that event.

5. International Data Transfers

Khem Labs operates globally, which means your personal data may be transferred to, and processed in, countries other than the country in which you are resident.

These countries may have data protection laws that are different from the laws of your country.

Specifically, our servers are located in the United States, Brazil and Argentina, and our third-party service providers and affiliates operate around the world.

When we transfer personal data originating from the United Kingdom (UK) or the European Economic Area (EEA) to a country that has not been deemed to provide an adequate level of data protection by the UK Government or the European Commission, we take steps to ensure that your data is protected.

We do this by implementing appropriate safeguards, primarily by using:

  • The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the European Commission's Standard Contractual Clauses for transfers of data subject to the UK-GDPR.
  • The European Commission's Standard Contractual Clauses (SCCs) for transfers of data subject to the EU GDPR.

These agreements require the recipient of your personal data to protect it to the standard required in the UK and EEA.

Where necessary, we also conduct transfer risk assessments and implement supplementary measures to ensure the protection of your data.

6. Data Retention

We will retain your personal data only for as long as is necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means, and the applicable legal requirements.

  • Account Data: We retain your account data for as long as your account is active and for a reasonable period thereafter in case you decide to re-activate the Services.
  • Billing Data: We retain billing data for up to 10 years as required by tax and financial laws.
  • Usage Data: We may retain usage data for a shorter period (up to 2 years) for analytics and service improvement, after which it is anonymised or deleted.

Once the retention period expires, we will securely delete or anonymise your personal data.

7. Security of Your Data

We have implemented appropriate technical and organisational security measures designed to protect the personal data we process against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

These measures include:

  • Encryption of data in transit and at rest.
  • Access controls to limit access to personal data to authorised personnel on a need-to-know basis.
  • Regular security assessments and penetration testing.
  • A comprehensive data breach response plan.

While we strive to protect your personal data, no electronic transmission or storage is 100% secure.

We cannot guarantee its absolute security.

8. Your Data Protection Rights

Under data protection law, you have rights we need to make you aware of.

The rights available to you depend on our reason for processing your information.

Depending on your jurisdiction, you may have the following rights:

  • The right of access: You have the right to ask us for copies of your personal information.
  • The right to rectification: You have the right to ask us to rectify information you think is inaccurate.
  • You also have the right to ask us to complete information you think is incomplete.
  • The right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
  • The right to restriction of processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
  • The right to object to processing: You have the right to object to processing if we are processing your information on the basis of our legitimate interests.
  • The right to data portability: You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you, in a structured, commonly used, machine-readable format.

To exercise any of these rights, please contact us at or through our online rights request portal at Data Erasure Form.

We will respond to your request in accordance with applicable data protection laws.

We may need to verify your identity before processing your request.

9. Children's Privacy

Our Services are not intended for or directed at individuals under the age of 18. We do not knowingly collect personal data from children.

If we become aware that we have inadvertently collected personal data from a child under the relevant age of consent without verifiable parental consent, we will take steps to delete such information from our systems as soon as possible.

10. Contact Us & Supervisory Authority

If you have any questions about this Privacy Policy or our data protection practices, or if you wish to exercise your rights, please contact our Data Protection Officer:

Data Protection Officer
Data Protection
Khem Labs
Cabrera 6061, Ciudad Autónoma de Buenos Aires, Buenos Aires, Argentina
Email:

You also have the right to lodge a complaint with a supervisory authority.

The supervisory authority in the UK is the Information Commissioner's Office (ICO), which can be contacted at:

Agencia de Acceso a la Información Pública (AAIP)
Web: www.argentina.gob.ar/aaip
E-mail: datos.personales@aaip.gob.ar
Complains: reclamos@aaip.gob.ar
Phone number: +54 (11) 2821–0047 / 2821–0048 Int: 234
Address: Av. Pte. Julio A. Roca 710, Piso 3°, Ciudad Autónoma de Buenos Aires (C1067ABP)

11. Jurisdiction-Specific Addenda

A. For Residents of California (USA)

This section supplements the information contained in our Privacy Policy and applies solely to visitors, users, and others who reside in the State of California.

We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act of 2020 (CPRA).

Notice at Collection:

The table in Section 2 of our main Privacy Policy details the categories of personal information we have collected over the last 12 months, the purposes for which we use it, and the categories of sources from which we collect it.

We do not "sell" or "share" (as defined by the CPRA) your personal information.

We retain this information for the periods described in Section 6.

Your Rights and Choices:

The CCPA provides California residents with specific rights regarding their personal information.

This section describes your CCPA rights and explains how to exercise them.

  • Right to Know and Data Portability: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.
  • Right to Delete: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
  • Right to Correct: You have the right to request that we correct any inaccurate personal information that we maintain about you.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share personal information.
  • Therefore, we do not offer an opt-out mechanism.
  • Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information for purposes other than those specified in the CPRA regulations, and therefore do not provide a right to limit its use.
  • Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your rights to know, delete, or correct, please submit a verifiable consumer request to us by emailing

B. For Residents of Brazil

This section applies to individuals in Brazil and provides additional information required by the Lei Geral de Proteção de Dados (LGPD).

You have the right to confirmation of the existence of processing; access to your data;

correction of incomplete, inaccurate, or out-of-date data; anonymisation, blocking, or deletion of unnecessary or excessive data; data portability;

deletion of data processed with your consent; information about public and private entities with which we have shared data;

information about the possibility of denying consent and the consequences; and revocation of consent.

To exercise these rights, please contact our DPO at .

Esta seção se aplica a indivíduos no Brasil e fornece informações adicionais exigidas pela Lei Geral de Proteção de Dados (LGPD).

Você tem o direito à confirmação da existência de tratamento; acesso aos seus dados;

correção de dados incompletos, inexatos ou desatualizados; anonimização, bloqueio ou eliminação de dados desnecessários ou excessivos; portabilidade dos dados;

eliminação dos dados tratados com seu consentimento; informação sobre as entidades públicas e privadas com as quais compartilhamos dados;

informação sobre a possibilidade de negar o consentimento e as consequências dessa negativa; e revogação do consentimento.

Para exercer esses direitos, entre em contato com nosso Encarregado pelo tratamento de dados pessoais através do e-mail .

C. For Residents of Canada

This section applies to individuals in Canada. Your personal information is handled in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

You have the right to access your personal information held by us and to request correction of any inaccuracies.

For inquiries or to exercise your rights, please contact our DPO at .