Install for Nextcloud

Privacy Policy

Last updated: March 2026

GDPR at a glance

🔒 EncryptedTLS 1.3 in transit, AES-256 at rest
📤 Data exportExport all your data in standard formats
🗑 Right to deletionFull erasure with no ghost records
📋 DPA availableSigned Data Processing Agreement on request
⏱ Retention controlConfigurable per data type in tenant settings
🔍 Audit loggingEvery action logged with actor & timestamp

1. Introduction

Krip ("we", "us", "our") operates the krip.app website and the Krip HR platform. This Privacy Policy explains how we collect, use, and protect your personal data when you use our services.

2. Data Controller

For questions about data processing, contact us at contact@krip.app.

3. Data We Collect

Account data

When you register for Krip, we collect your organization name, admin email address, and Nextcloud instance URL. This data is necessary to provision your tenant account.

Employee data

Your organization stores employee data through the Krip platform, including names, contact information, employment details, leave records, expense claims, and other HR-related information. This data is processed on behalf of your organization (the data controller) and we act as the data processor.

Usage data

We collect anonymized usage metrics to improve our service, including feature usage frequency and error reports. No personal employee data is included in usage metrics.

4. How We Use Your Data

  • To provide and maintain the Krip platform
  • To process AI-powered features (resume parsing, screening, OCR)
  • To send service notifications and updates
  • To provide customer support
  • To improve our services through anonymized analytics

5. AI Processing

When you use AI-powered features (resume parsing, candidate screening, receipt OCR), the relevant document content is sent to our AI processing pipeline. AI-processed data is not used to train AI models. Results are stored in your tenant's data space and subject to your data retention policies.

6. Data Storage & Security

Data is encrypted in transit (TLS 1.3) and at rest. Sensitive personal information (bank details, identification numbers) receives additional application-level encryption. All uploads are scanned for malware. Access to production systems is restricted and logged.

7. Data Retention

We retain your data for as long as your subscription is active. After account cancellation, data is retained for 30 days (grace period) before permanent deletion. You can configure custom retention policies for specific data types within your tenant settings.

8. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate data
  • Erasure — Request deletion of your data
  • Portability — Export your data in a standard format
  • Restriction — Limit how we process your data
  • Objection — Object to specific processing activities

To exercise these rights, contact us at contact@krip.app. We will respond within 30 days.

9. Data Processing Agreement

A Data Processing Agreement (DPA) is available for organizations that require one. Contact us at contact@krip.app to request a signed DPA.

10. Self-Hosted Deployment

Enterprise customers who self-host the Krip backend manage their own data entirely. In self-hosted deployments, no employee data passes through our infrastructure.

11. Changes to This Policy

We will notify you of material changes to this policy via email or through the Krip admin dashboard at least 30 days before the changes take effect.

12. Contact

For privacy-related questions or requests, contact us at contact@krip.app.