← Back to home

Privacy policy

Last updated: June 2026

1. Data controller

The data controller is Stephen Hervouët, publisher of the Kodarch service (kodarch.io), reachable at support@kodarch.io. Full contact details are in the legal notice.

2. Data collected

Depending on how you use the service, we may process:

  • Account and authentication data (name, email address, profile image from Google where applicable, hashed password);
  • Profile data (personal or professional account type, optional postal address, preferences);
  • Your project content (plans, furniture, annotations, budget estimates, messages);
  • Media you upload (photos, documents, audio recordings and their transcriptions);
  • Data entered via a share link without an account (author label, plan annotations, pre-quote proposal);
  • Technical data (server logs, session identifiers, IP address, security and performance information);
  • Data from cookies or trackers strictly necessary for operation, and where applicable audience measurement in line with your choices.

3. Purposes

Data is used to provide and improve the service, authenticate users, save and sync your projects, manage share links and submitted pre-quotes, transcribe voice notes at your request, extract product information from a URL you provide, ensure security, prevent abuse, respond to your requests, comply with legal obligations and, where applicable, send account-related communications.

4. Legal bases

Processing relies notably on contract performance or pre-contractual measures (providing the service), legitimate interest (security, measured service improvement, fraud prevention) and, where applicable, your consent (non-essential cookies, optional features).

5. Recipients and subprocessors

Data may be entrusted to the following providers, within the scope of their missions:

  • Vercel — web application hosting and performance measurement (Analytics, Speed Insights);
  • Supabase — PostgreSQL database and file storage (photos, audio, documents);
  • OpenAI — audio transcription (Whisper) and structured product extraction from URLs or text you submit;
  • Resend — transactional email (password reset, pre-quote received notification);
  • Sentry — technical error monitoring (possibly with limited contextual data);
  • Upstash (if enabled) — request rate limiting to protect the service;
  • Google — OAuth authentication when you choose “Continue with Google”.

Where data is transferred outside the European Economic Area, appropriate safeguards (standard contractual clauses, adequacy decisions, etc.) are implemented when required.

6. Retention periods

Indicative periods:

  • Account and projects: kept while the account is active, then deleted or anonymised within a reasonable period after account deletion or prolonged inactivity;
  • Share links: kept until expiry or revocation by the link creator;
  • Media (photos, audio, documents): tied to the lifetime of the relevant project;
  • Technical and security logs: limited duration, generally from a few days to a few months depending on purpose;
  • Technical backups: may persist temporarily after effective deletion.

7. Your rights

Under Regulation (EU) 2016/679 (GDPR) and applicable law, you have the right of access, rectification, erasure, restriction, objection where provided, and portability where applicable. You may withdraw consent at any time. To exercise your rights, write to support@kodarch.io stating your request and a means of identifying you.

You may lodge a complaint with the competent data protection authority (in France: CNIL, cnil.fr).

8. Security

We implement appropriate technical and organisational measures to protect data against loss, unauthorised access or disclosure. No system is completely infallible; we also encourage you to use strong passwords and protect your devices.

9. Cookies and trackers

The service uses strictly necessary cookies (authentication session). Audience or performance measurement tools may be deployed in a privacy-respectful way; where regulation requires it, your consent will be collected before any non-essential tracker.

10. Changes

This policy may be updated; the date at the top of the page will reflect changes. We encourage you to review it regularly.

11. Contact

For any privacy question or to exercise your rights: support@kodarch.io.