img
img
Get Started

Privacy Policy

  1. Home
  2. Privacy Policy

Important: replace the bracketed controller details in this document before publication. The legal structure of the controller and the final list of processors must match the operator's live setup.

This Privacy Policy explains how personal data is processed when you visit the Kenpost website, contact the provider, create an account or use the platform's shipping, billing and operational features.

1. Controller

Controller: [Insert legal company name]
Address: [Insert street and house number], [Insert postal code and city], Germany
Email: [Insert privacy contact email]
Phone: [Insert phone number]

2. Categories of Data We Process

Depending on how you interact with Kenpost, we may process the following data categories:

  • Website access data such as IP address, browser information, timestamps and security logs.
  • Contact and account data such as name, company, email address, phone number and login details.
  • Profile and onboarding data such as sender details, address data, billing profile and plan information.
  • Connected store and marketplace data, including API or OAuth credentials and integration settings.
  • Order, recipient, shipment, label, archive, invoice, balance and billing-related records.
  • Support, troubleshooting and audit information, including operational logs and error traces.

3. Purposes and Legal Bases

We process personal data for the following purposes and on the following legal bases:

  • To provide the website and ensure technical security under Article 6(1)(f) GDPR.
  • To answer inquiries and prepare contracts under Article 6(1)(b) GDPR or Article 6(1)(f) GDPR.
  • To create and manage customer accounts, synchronize orders and generate labels under Article 6(1)(b) GDPR.
  • To issue invoices, keep tax records and meet compliance duties under Article 6(1)(c) GDPR.
  • To protect the platform against abuse, duplicate shipments and unauthorized access under Article 6(1)(f) GDPR.
  • To process optional marketing or consent-based features only where consent has been given under Article 6(1)(a) GDPR.

4. How Kenpost Uses Platform Data

Kenpost is built for multi-channel shipping operations. That means data may be used to connect supported sales channels, normalize orders, validate addresses, create single or bulk shipping labels, manage inventory and balances, produce invoice records, store shipment archives and make operational dashboards available for customer and admin roles. According to the product design, customer and admin permissions are separated and tenant-level restrictions are used to limit cross-account visibility.

5. Recipients and Processors

Data may be shared with recipients only where necessary for the operation of the service, for example with:

  • Hosting, infrastructure, cloud storage and backup providers.
  • Email, support and communications providers.
  • Connected marketplaces, store systems and carrier integrations.
  • Payment, billing, invoicing or accounting providers where applicable.
  • Authorities, courts, tax advisers or lawyers where a legal obligation exists.

Where we use processors, we conclude appropriate data processing agreements. Where recipients are located outside the EEA, transfers are made only where an adequacy decision, standard contractual clauses or another valid transfer mechanism applies.

6. Storage Periods

We store personal data only for as long as needed for the relevant purpose. Access logs are typically stored for a limited security period. Account, contract and operational data are stored for the duration of the customer relationship and thereafter for applicable commercial, tax, security or defense periods. Billing and invoice records may be retained for the statutory retention periods that apply to the operator.

7. Security Measures

Based on the documented product design, Kenpost applies role-based access, tenant isolation, encrypted storage of sensitive credentials, signed document sharing logic and logging for traceability. Nevertheless, internet transmissions are never completely risk-free, so users should also protect their own credentials and endpoint security.

8. Data Subject Rights

Under the GDPR, you may have the following rights depending on the circumstances of the processing:

  • Right to be informed.
  • Right of access.
  • Right to rectification.
  • Right to erasure.
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object.
  • Right not to be subject solely to automated decision-making where the legal conditions are met.

You also have the right to withdraw consent at any time with effect for the future, where processing is based on consent.

9. Complaints and Contact

To exercise your rights or ask privacy-related questions, contact us using the controller details above. You also have the right to lodge a complaint with a competent supervisory authority, especially in the Member State of your habitual residence, place of work or the place of the alleged infringement.

10. Updates to This Policy

We may update this Privacy Policy where legal requirements, the live service setup or platform functions change. The version published on this page is the current version.