Kamba (“we”, “us”, “our”) operates the website at kamba-app.com. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.
We are committed to protecting your privacy and handling your personal data transparently and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
We collect only what we need to provide the Service. We do not sell your data. We do not use advertising trackers. You can delete your account and all associated data at any time.
We collect three categories of data when you use Kamba:
| Category | What we collect | Why |
|---|---|---|
| Account information | Email address, display name, hashed password (if you use email sign-in), profile photo URL (if you sign in with Google) | To create and manage your account, and to authenticate you |
| Usage data | Furniture projects and designs you create, cut lists, material selections, saved calculations, app preferences (e.g. skill level, preferred units) | To provide the core functionality of the Service and sync your work across sessions |
| Technical data | IP address, browser type and version, operating system, pages visited, timestamps, session identifiers, error logs | To maintain security, diagnose bugs, and understand how the app is used so we can improve it |
We do not collect payment card details directly. If we add paid features in the future, payments will be processed by a third-party payment provider (such as Stripe) and we will update this policy accordingly.
We do not collect sensitive personal data (such as health data, biometric data, or government ID numbers).
We use the data we collect for the following purposes:
We process your personal data on the following legal bases under UK GDPR: contract performance (to provide the Service you signed up for), legitimate interests (security, fraud prevention, service improvement), and legal obligation (compliance with applicable law).
Your data is stored securely using the following measures:
While we take reasonable technical and organisational measures to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.
Under UK and EU data protection law, you have the following rights regarding your personal data:
Request a copy of the personal data we hold about you.
Request correction of inaccurate or incomplete personal data.
Request deletion of your personal data (“right to be forgotten”). You can also delete your account directly from Account Settings.
Request that we restrict processing of your data in certain circumstances.
Request a copy of your data in a structured, commonly used, machine-readable format.
Object to processing of your data where we rely on legitimate interests as the legal basis.
To exercise any of these rights, email us at hello@kamba-app.com with the subject line “Data Request”. We will respond within 30 days. We may need to verify your identity before fulfilling a request. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
Kamba uses a minimal set of cookies that are strictly necessary for the Service to function. We do not use advertising or cross-site tracking cookies.
| Cookie | Purpose | Duration |
|---|---|---|
| Session cookie | Keeps you logged in to your account across page loads and browser sessions | Until you sign out, or 30 days of inactivity |
| Preference cookie | Remembers your settings such as preferred unit system and skill level | 1 year |
These cookies are categorised as “strictly necessary” and do not require your consent under the UK Privacy and Electronic Communications Regulations (PECR), because they are essential for the Service to work.
We do not use Google Analytics, Meta Pixel, or any other third-party analytics or advertising cookies. If this changes, we will update this policy and request your consent.
We use a small number of trusted third-party services to operate Kamba. Each is listed below along with their privacy policies:
| Service | Purpose | Data shared |
|---|---|---|
| Resend | Transactional email delivery (e.g. password reset, account confirmation) | Your email address and the content of system emails sent to you |
| Neon | Managed PostgreSQL database hosting | All data you store in Kamba (encrypted at rest) |
| Google Sign-In (optional) | OAuth authentication if you choose to sign in with Google | Your Google account email, name, and profile photo. We do not receive your Google password. |
We do not sell, rent, or share your personal data with any third party for marketing or advertising purposes.
We may disclose your data if required to do so by law, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others.
We retain your personal data for as long as your account is active and for as long as necessary to provide you with the Service.
You can delete your account at any time from your Account Settings page. Account deletion is permanent and cannot be undone.
If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact us:
We aim to respond to all privacy-related enquiries within 5 business days. For formal data subject access requests (DSARs), we will respond within 30 days as required by law.