kana

Data Protection & Privacy Policy

Last updated: June 2026

1. Controller

The controller responsible for processing personal data is: Kana Social UG (haftungsbeschränkt) Taimerhofstraße 22 81927 München Germany Managing Director: David Enrique Rodríguez Quinn

2. Data protection contact

You can contact us about data protection questions or requests at privacy@kana.social. We have not appointed a separate Data Protection Officer. General company contact details are available in our imprint.

3. What personal data we process

Depending on how you use Kana, we may process account data such as your name, email address, username, authentication data, session information, profile details, professional credentials, verification status, license or credential status changes, posts, comments, communities, uploaded files or images, private messages, communication with us, technical logs, device/browser information, IP address, and cookie/local-storage identifiers.

4. Account, authentication, and security

We process account and authentication data to create and manage your account, keep you signed in, verify professional identity where requested, protect the service, prevent abuse, and provide security features. Kana is intended for professional, scientific, and business networking use. Authentication cookies and comparable session technologies are necessary for the service to work.

5. Posts, communities, verification, and uploads

When you publish content, join communities, use verification features, upload files, use private messaging, or interact with AI summaries, we process the data you submit so the service can host, display, store, moderate, protect, summarize, and personalize it. Content you choose to publish may be visible to other users according to the product settings and context in which you post it. You must not share Protected Health Information (PHI), patient-identifiable data, or active medical-emergency data through Kana.

6. Cookies and local storage

We use necessary cookies and local-storage entries for authentication, security, language selection, theme preferences, landing-page access, and privacy-preference state. Optional analytics, masked session replay, and external media embeds only run when you enable them in your privacy preferences. We do not use advertising cookies or ad-network trackers.

7. Analytics and error monitoring

We use necessary error monitoring, such as Sentry, to diagnose problems, improve reliability, and secure the service. If you consent, we may also use PostHog product analytics and masked session replay to understand usage patterns and debug user experience issues. You can change these preferences at any time in your privacy settings. We configure these tools to avoid advertising use and do not sell personal data.

8. Email and service messages

We may send transactional and service-related emails, such as account, security, verification, support, and product-notice messages. Email delivery is handled through our own email services.

9. Legal bases under GDPR Article 6

We process personal data where necessary to perform a contract or take pre-contractual steps (Article 6(1)(b) GDPR), including core AI summaries that are part of the product functionality, comply with legal obligations (Article 6(1)(c) GDPR), protect legitimate interests such as security, abuse prevention, service improvement, moderation, recommendations, and communication (Article 6(1)(f) GDPR), or where you have given consent (Article 6(1)(a) GDPR), including optional model training where applicable. You can withdraw consent at any time where processing is based on consent.

10. Recipients and processors

We may share personal data with service providers that process data on our behalf, including EU-hosted infrastructure, storage/CDN and upload infrastructure, Sentry for error monitoring, PostHog for optional analytics and experience diagnostics where enabled, and other providers needed to operate the service. We use our own email services for email delivery. We do not sell personal data. We only disclose data when needed to provide the service, comply with law, protect rights and security, or with your direction.

11. International transfers

Kana is hosted in the European Union and we aim to use EU-based infrastructure where possible. Some providers, including analytics or error-monitoring services, may process data outside the European Economic Area. Where this happens, we rely on appropriate safeguards such as adequacy decisions, EU Standard Contractual Clauses, and data-processing agreements.

12. Retention

We keep personal data only as long as needed for the purposes described in this policy, including providing the service, maintaining security, complying with legal obligations, resolving disputes, and enforcing agreements. Kana is not a data storage platform. Account and content data is generally retained while your account exists, unless deletion, legal duties, or legitimate security needs require otherwise.

13. Your GDPR rights

Subject to the conditions of the GDPR, you have the right to access your personal data, correct inaccurate data, delete data, restrict processing, object to processing, receive data portability, and withdraw consent. To exercise these rights, contact privacy@kana.social.

14. Right to complain

You have the right to lodge a complaint with a data protection supervisory authority. For Bavaria, this may include the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht, BayLDA).

15. Age limit

Kana is intended for users aged 18 or older. You must be at least 18 years old to create an account, access, or use the platform.

16. Changes to this policy

We may update this policy when our service, legal obligations, or processing activities change. The current version is published on this page.