Kubova.
登录开始使用
← Kubova

Privacy Policy

Effective 7 June 2026. This is the canonical English version.

1. Who is responsible

This policy explains how Kubova (“we”, “us”) handles personal data when you use the Kubova website, web application, REST API, and MCP server (the “Service”). For questions or to exercise your rights, contact us via the contact page.

2. What we collect

  • Account data: your email address and authentication identifiers when you sign up or log in.
  • Project data: the cargo, equipment, pallet, and calculation inputs and results you create (your packing projects and saved packs).
  • Subscription data: plan, status, and billing identifiers. We do NOT receive or store your full card number — payment details are entered with our third-party payment provider.
  • Usage data: API and MCP request logs, feature usage, and basic technical data (IP, browser, timestamps) used for security, rate limiting, and reliability.
  • Cookies: a session cookie to keep you signed in. We do not use third-party advertising cookies.

3. How we use it

To provide and secure the Service; authenticate you; compute and store your packing projects; meter API/MCP usage and enforce limits; process subscriptions; respond to support requests; and improve reliability and performance. We do not sell your personal data.

4. Legal bases (EEA/UK users)

We process data to perform our contract with you (providing the Service), for our legitimate interests (security, abuse prevention, product improvement), to comply with legal obligations, and—where required—with your consent.

5. Processors and subprocessors

We share data only with vetted service providers that process it on our behalf under contract, in the following categories:
  • Cloud authentication and database providers — to store your account, projects, and subscription records.
  • A third-party payment provider acting as merchant of record — to process billing and card payments. We do not receive or store full card numbers.
  • An email delivery provider — to send transactional and notification email.
  • Cloud application-hosting providers — to serve the web app, API, and MCP server.
  • Server-side compute providers — to run packing calculations and render PDF reports.

A current list of our named subprocessors is available on request via the contact page.

6. International transfers

Our providers may process data in regions outside your own. Where required, transfers rely on appropriate safeguards such as standard contractual clauses.

7. Retention

We keep account and project data for as long as your account is active. When you delete your account, we delete or anonymize your personal data and associated projects, except where we must retain limited records to meet legal, tax, or security obligations.

8. Your rights

Subject to applicable law, you may request access to, correction of, deletion of, or a portable copy of your personal data, and may object to or restrict certain processing. You can delete your account from your dashboard, which removes your projects and membership records. To exercise other rights, contact us via the contact page. You may also lodge a complaint with your local data-protection authority.

9. Security

We use industry-standard measures including encryption in transit, row-level access controls, and scoped API keys. No system is perfectly secure; keep your password and API keys confidential.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect their data.

11. Changes

We may update this policy; material changes will be posted here with a new effective date.