Privacy Policy

Last updated: May 24, 2026

Kepa Solutions (“we”, “our”, “us”) operates the website kepasolutions.com. This Privacy Policy explains what data we collect, how we use it, and your rights, in accordance with the GDPR (EU 2016/679) for users in the European Economic Area, the CCPA / CPRA for California residents, and applicable U.S. federal law.

Data Controller

Kepa Solutions — operated by Jamila Bouramdan — 130 Wasp Dr, Brunswick, GA 31525-1926, United States. Contact: support@kepasolutions.com.

Data We Collect

• Account data: first and last name, email address, password (hashed)
• Billing data: address, country, Stripe customer ID
• Usage data: order history, generated creations, preferences
• Technical logs: IP address, browser type, pages visited, timestamps
• Cookies: session, security, and — with consent — analytics

We do not collect or store any payment card data. Card numbers, expiration dates, and CVV codes are handled exclusively by Stripe, which is PCI-DSS Level 1 certified.

Legal Bases and Purposes

• Contract performance (GDPR Art. 6.1.b): account creation, delivery, support, invoicing
• Legal obligation (GDPR Art. 6.1.c): retention of invoices, U.S. tax obligations (IRS)
• Legitimate interest (GDPR Art. 6.1.f): service security, fraud prevention, product improvement
• Consent (GDPR Art. 6.1.a): analytics cookies, optional marketing communications

Data Processors

• Stripe, Inc. (USA) — payment processing; stripe.com/privacy
• Hostinger International Ltd. (Cyprus/EU) — web hosting
• Transactional email providers

International Data Transfers

Because Kepa Solutions is a U.S. business and some processors are based outside the EEA, your data may be transferred to the United States. These transfers are protected by the European Commission’s Standard Contractual Clauses and, where applicable, the EU-U.S. Data Privacy Framework.

Retention Periods

• Customer account: duration of subscription + 3 years after last activity
• Billing data: 7 years (U.S. tax obligation, IRS)
• Technical logs: 12 months
• Cookies: 13 months maximum

Your Rights (GDPR)

If you are an EU/EEA resident, you have the right to access, rectify, erase, restrict processing of, object to, and port your personal data (GDPR Art. 15-22). Request to: support@kepasolutions.com (response within 30 days).

You may also lodge a complaint with your national data protection authority.

Your Rights (CCPA / CPRA — California)

If you are a California resident, you have the right to:

• Know what categories of personal information we collect and the purposes
• Request deletion of your personal information
• Request correction of inaccurate data
• Opt out of the “sale” or “sharing” of your data — Kepa Solutions does not sell or share your personal information with third parties for advertising purposes
• Not be discriminated against for exercising these rights

CCPA request to: support@kepasolutions.com.

Cookies

We use essential cookies (session, security) and, with your consent, anonymized analytics cookies. You can change your preferences at any time via the cookie banner.

Minors

The service is not intended for individuals under 16. In accordance with the U.S. COPPA law, we do not knowingly collect data from children under 13.

Security

We implement appropriate technical and organizational measures: TLS encryption, hashed passwords (bcrypt), access control, encrypted backups, and regular audits.

Changes

Any material change will be notified by email at least 30 days before it takes effect.