Privacy Policy

The Short Version

We collect only the minimum amount of personal information necessary to provide our Kubernetes platform services. We don’t sell your data to advertisers or marketers. We use your information to provide and improve our services, and we protect it with industry-standard security measures.

Legal Entity: Blanaru Camil Daniel, operating as EDKA
Tax ID (NIF): ESY1848661G
D-U-N-S Number: 472959328
Legal Form: Autónomo extranjero (Foreign Self-Employed)
Registered Address: Plaza Pau Vila, 12 - 08003 Barcelona, Spain
Activity: IT Consulting Services (CNAE 6202)
Verification: https://www.einforma.com/rapp/ficha/empresas?id=dWSG1MwtU312F_Eb5-jWUA

---

1. What We Collect and Why

We’re developers too, so we understand the importance of data privacy. Here’s exactly what we collect and why we need it.

Account Information

When you sign up for EDKA, we collect:

• Email address: To create your account and communicate with you
• Name: To personalize your experience and for billing
• Payment information: Processed securely through our payment provider, Stripe (we don’t store card details)
• Company information (optional): If you’re signing up for a business account

Platform Usage Data

When you use our Kubernetes platform, we collect:

• Cluster configurations: To provide and optimize your infrastructure
• Resource usage metrics: To monitor performance and billing
• API usage patterns: To improve our services and detect anomalies

Technical Information

Like most web services, we automatically collect:

• IP addresses: For security and geographic routing
• Browser and device information: To ensure compatibility
• Session data: To keep you logged in
• Performance metrics: To maintain service quality

2. What We DON’T Collect

Unless you are part of our enterprise plan and have a fully managed service, where we have access to your cluster, we do NOT:

• Scan or analyze your applications or services deployed inside your cluster
• Access your container contents
• Collect sensitive data from your deployments
• Track you across other websites
• Sell or rent your data to third parties
• Use your data for advertising
• Our main website does not use tracking cookies We use a lightweight analytics tool that doesn’t use cookies and doesn’t track your activity across websites.

3. How We Use Your Information

To Run Our Service

• Process your payments and manage subscriptions
• Provision and manage your Kubernetes clusters
• Provide technical support when you need it
• Send important service updates and security alerts

To Improve Our Platform

• Analyze usage patterns to optimize performance
• Develop new features based on user requests
• Fix bugs and prevent technical issues
• Enhance security and reliability

To Keep Things Secure

• Detect and prevent abuse or fraudulent activity
• Monitor for security threats and vulnerabilities
• Comply with legal obligations and enforce our terms

4. Third Party Service Providers

• Hetzner - Infrastructure provider
• Cloudflare - DNS, WAF, Secure Employee Access
• Google Cloud Platform - Infrastructure provider
• AWS - Infrastructure provider
• Stripe - Payment processor
• Resend - Transactional emails
• Sentry - Error tracking
• GitHub - Version control
• Slack - Internal communication tool
• Google Workspace - Identity provider / Email / Documents / Web conferencing
• Calendly - Meeting scheduling
• Linear - Project management and internal ticketing

When Required by Law

We may disclose information if legally required to do so, but we’ll notify you unless prohibited by law.

Business Transfers

If EDKA is involved in a merger or acquisition, your information may be transferred. We’ll notify you before this happens.

5. Data Security

We implement industry-standard security measures:

• Encryption: All data is encrypted in transit (TLS 1.3+) and at rest (AES-256)
• Access controls: Role-based access with hardware security keys MFA
• Regular audits: Security assessments and penetration testing
• Incident response: 24/7 monitoring and rapid response procedures
• Data isolation: Customer data is logically segregated. Enterprise plans can opt for physical isolation

However, no system is 100% secure. We’re transparent about breaches and will notify affected users within 72 hours of discovery, as required by GDPR.

6. Your Data Rights

As an EU-based entity, we respect strong data protection rights:

You Can Always:

• Access your personal data through your account dashboard
• Correct any inaccurate information
• Delete your account and associated data
• Object to certain uses of your information
• Port your data to another service

To exercise these rights, email us at privacy@edka.io or use the self-service options in your account settings.

7. Data Retention

We keep your data only as long as necessary:

• Active accounts: Data retained while your account is active
• Billing records: 2 years for tax and legal compliance
• Logs: 30 days for operational logs, 90 days for security logs
• Backups: 30 days after deletion from primary systems
• Deleted accounts: Data is removed immediately from active systems and backups within 30 days

8. Cookies and Tracking

We use cookies sparingly and respect Do Not Track signals:

Essential Cookies

• Session cookies: Keep you logged in
• Security cookies: Protect against CSRF attacks
• Preference cookies: Remember your settings

Analytics

We use a self-hosted, a privacy-friendly analytics tool that:

• Doesn’t use cookies
• Doesn’t track across websites
• Doesn’t collect personal information
• Is GDPR compliant without requiring consent
• Is hosted on our own infrastructure within the EU region

9. International Data Transfers

Your data stays in the EU by default:

• Primary storage: EU data centers located in Falkenstein, Nuremberg, Frankfurt (Germany), and Helsinki (Finland).

• Backups: Frankfurt (Germany) and St. Ghislain (Belgium)

• Processing: Primarily within the EU

When transfers outside the EU are necessary (e.g., global CDN for performance), we use:

• Standard Contractual Clauses (SCCs)
• Additional security measures
• Data minimization principles

10. Children’s Privacy

Our services are not intended for users under 16. We don’t knowingly collect data from children. If you believe we have, please contact us immediately at privacy@edka.io.

11. Changes to This Policy

We’ll notify you of significant changes via:

• Email to your registered address
• Prominent notice in your dashboard
• 30-day notice for material changes

Minor updates (typos, clarifications) may be made without notice but will be reflected in the “Last Updated” date.

12. Compliance and Certifications

We comply with:

• GDPR: General Data Protection Regulation (EU)
• LOPDGDD: Spanish Data Protection Law
• ePrivacy Directive: For cookies and electronic communications
• ISO 27001:2022: Certification process ongoing (not yet certified, but similar measures are in place).

13. Contact Us

Have questions? We’re here to help:

Data Protection Officer: Camil Blanaru
Email: privacy@edka.io
Security Issues: security@edka.io (PGP key available at https://edka.io/pgp-key.txt)
Physical Address: Plaza Pau Vila, 12 - 08003 Barcelona, Spain

For GDPR complaints, you may also contact the Spanish Data Protection Agency (AEPD).

Contact details:

Data Protection Authority www.aepd.es

Address: C/ Jorge Juan, 6. 28001 - Madrid, Spain

Phone: +34 900 293 183

14. Developer-Specific Commitments

As a platform built by developers for developers, we commit to:

• Open communication about our data practices
• Data portability in standard, usable formats
• No vendor lock-in - your data is always yours
• Security-first approach in all our operations

---