1. Introduction

This Privacy Policy explains what personal data we collect when you use the Kiwa UI website at kiwaui.com or purchase Kiwa UI Pro, how we use that data, and the rights you have over it.

We are Tossell Web Solutions Limited, a company registered in England and Wales. Our registered office is 82 Heol Isaf, Radyr, Cardiff CF15 8EA, United Kingdom. We are the data controller of personal data collected through kiwaui.com. We are registered with the UK Information Commissioner's Office under registration number ZB732523.

This policy is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data we collect

We collect three categories of data:

Account and purchase data

• Your name and email address, provided at purchase.
• A record of your purchase, including the date, amount, and license key issued.
• The IP address and country of origin recorded by our payment processor at the time of purchase, for fraud prevention.

We do not store your payment card details. Card data is processed and stored by our payment processor (Lemon Squeezy).

Support data

• The contents of any email correspondence you send to hello@kiwaui.com.

Technical data

• The IP address of the request when your CLI authenticates against the Kiwa UI registry API. Cloudflare retains edge request logs for a short period (typically up to 7 days) for security and reliability purposes; we do not operate a separate long-term log store.
• Aggregate, anonymized visitor data via Cloudflare Web Analytics (page views, referrers, country, device class). No cookies, no IP storage, no cross-site tracking.

We do not run third-party analytics on visitors to kiwaui.com. We do not use cross-site tracking. We do not collect data we have not described in this section.

3. How we use data

We use the data we collect to:

• Deliver the Kiwa UI Pro license you purchased, including issuing your license key by email.
• Authenticate your CLI requests to the Kiwa UI registry API.
• Send you transactional emails relating to your purchase, including receipts and refund confirmations.
• Send you product update emails about new releases of Kiwa UI. You can opt out at any time by clicking the unsubscribe link in the email or by emailing hello@kiwaui.com.
• Respond to support questions you send us.
• Detect and prevent abuse, fraud, and security incidents.
• Comply with our legal obligations, including tax record-keeping.

We do not sell your data. We do not share your data with third parties for advertising or marketing.

4. Legal basis for processing

We process personal data on the following legal bases under Article 6 of the UK GDPR:

• Contract (Article 6(1)(b)): to deliver the Kiwa UI Pro license you purchased and to provide the registry service that comes with it.
• Legal obligation (Article 6(1)(c)): to keep tax and accounting records as required by UK law.
• Legitimate interests (Article 6(1)(f)): to prevent fraud and abuse of the website and registry, and to send transactional emails about purchases. We have assessed that these interests do not override your rights under the UK GDPR.
• Consent (Article 6(1)(a)): for product update emails. You can withdraw consent at any time without affecting access to your purchased license.

5. Sub-processors

The following third parties process personal data on our behalf:

• Lemon Squeezy Inc. (Delaware, USA): payment processing, invoicing, tax collection. Data processed: name, email, billing address, payment metadata, purchase records. Privacy policy: lemonsqueezy.com/privacy.
• Cloudflare, Inc. (San Francisco, USA): web hosting, DNS, edge compute, security, license database (D1), and anonymized Web Analytics for kiwaui.com and registry.kiwaui.com. Data processed: IP address, user agent, request URLs, license records. Privacy policy: cloudflare.com/privacypolicy.
• Resend Inc. (Delaware, USA): transactional email delivery (license keys, refund confirmations, product updates). Data processed: name, email, message contents. Privacy policy: resend.com/legal/privacy-policy.
• Google LLC (Gmail) (California, USA): inbound email correspondence sent to hello@kiwaui.com is forwarded by Cloudflare Email Routing to a Gmail mailbox where it is stored and handled. Data processed: email contents, sender address, message metadata. Privacy policy: policies.google.com/privacy.

These sub-processors act under written processing agreements that require them to handle your data in line with the UK GDPR.

6. Cookies

We use only strictly necessary cookies. We do not use analytics cookies, advertising cookies, or any other cookies that require consent under UK and EU law.

The cookies we set include Cloudflare's __cf_bm bot-management cookie, which is set automatically when you visit the website to distinguish humans from automated traffic. This cookie is classified as strictly necessary by the UK Information Commissioner's Office and expires within 30 minutes of inactivity.

We do not display a cookie banner because no consent is required for the cookies we set.

7. Data retention

We retain personal data for the following periods:

• Account and purchase data: retained while your Kiwa UI Pro license is active. We retain a minimum of 6 years of accounting records to comply with UK tax law (HMRC requirements). After the statutory minimum has expired, we will delete personal data on request under section 8.
• Email correspondence: retained for as long as necessary to handle the matter raised, then deleted unless retention is required by law or for an ongoing dispute.
• Cloudflare edge logs: retained by Cloudflare per their published retention policy (typically up to 7 days).

You can request earlier deletion of your data under section 8 below.

8. Your rights

Under the UK GDPR you have the following rights over your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: correct inaccurate or incomplete data.
• Erasure: ask us to delete your data, subject to our legal obligations to retain certain records.
• Restriction: ask us to restrict processing of your data while we resolve a request.
• Portability: receive a copy of your data in a portable format.
• Objection: object to processing based on legitimate interests.
• Withdrawal of consent: withdraw consent to processing where consent is the basis (such as marketing emails).

To exercise any of these rights, email hello@kiwaui.com from the address associated with your account. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).

9. International transfers

Some of our sub-processors are located outside the United Kingdom. Where data is transferred outside the UK, we rely on:

• The UK Government's adequacy decisions for transfers to recognised jurisdictions, including the UK Extension to the EU-US Data Privacy Framework.
• The UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses for transfers to other jurisdictions.

These transfer mechanisms provide a level of protection essentially equivalent to that required by the UK GDPR.

10. Children's data

Kiwa UI is not intended for use by children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact hello@kiwaui.com and we will delete the data.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the most recent changes were made.

12. Contact

For any matter relating to this Privacy Policy, contact us at:

Tossell Web Solutions Limited
82 Heol Isaf, Radyr, Cardiff CF15 8EA, United Kingdom
hello@kiwaui.com
ICO registration: ZB732523