Privacy Policy

Kooslab UG (haftungsbeschränkt) ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Quote Generator service ("Service").

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Please read this privacy policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Data Controller

For any questions regarding this Privacy Policy or your personal data, please contact us at johnnykoo@kooslab.net.

2. Personal Data We Collect

We collect the following categories of personal data:

2.1 Account Information

• Email address (from Google OAuth)
• Name (from Google OAuth)
• Profile picture (from Google OAuth)
• Account creation date
• Consent timestamps (terms, privacy, marketing)

2.2 Business Information

• Organization/company name
• Business registration number
• Business address, phone, email
• Contact person information

2.3 Client & Document Data

• Client names and contact information
• Quote and invoice content
• Project and time entry data

2.4 Payment Information

• Masked card number (e.g., ****1234)
• Card issuer name
• Payment transaction records

Note: Full payment card details are processed and stored securely by our payment processor (Toss Payments) and are never stored on our servers.

2.5 Technical Data

• IP address
• Browser type and version
• Device information
• Access logs and timestamps

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

4. Data Retention

We retain your personal data only as long as necessary:

When you delete your account, we soft-delete your data for 30 days (to prevent accidental deletion), after which it is permanently purged. Legal retention requirements may require us to keep certain records longer.

5. Your Rights Under GDPR

You have the following rights regarding your personal data:

6. Cookies and Tracking

We use the following types of cookies:

You can manage your cookie preferences at any time. Note that disabling essential cookies will prevent you from using the Service.

7. Third-Party Services

We use the following third-party services to operate our Service:

8. International Data Transfers

Some of our third-party service providers are located outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

• EU-US Data Privacy Framework (for US providers)
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (TLS/HTTPS)
• Encryption at rest for sensitive data
• Regular security updates and monitoring
• Access controls and authentication
• Regular backups with secure storage

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours.

10. Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 14 days before they take effect. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12. Contact & Complaints

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. In Germany, you may contact: