Privacy Policy
Last updated: April 6, 2026
1. Who we are
Kerla is a community management platform operated from Belgium. Each community (tenant) on Kerla manages its own member data. Kerla acts as a data processor on behalf of each community (the data controller).
2. What data we collect
Account data
When you register or are invited: name, email address, phone number (optional).
Community data
Data created within a community: children/student records, event registrations, attendance records, absence reports, invoices, enrollment records. This data belongs to the community and is managed by its administrators.
Technical data
We use essential cookies for authentication (Supabase session tokens). We do not use analytics, tracking, or advertising cookies. We do not use third-party trackers.
3. How we use your data
- To provide the community management service
- To send transactional emails (magic links, invoices, event reminders)
- To manage your account and community membership
We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. Data storage and security
Data is stored in Supabase (EU region). All data is encrypted in transit (TLS) and at rest. Each community's data is isolated via Row-Level Security policies — one community cannot access another's data.
5. Your rights (GDPR)
As an EU resident, you have the right to:
- Access — download a copy of your personal data
- Rectification — correct inaccurate data via your profile
- Erasure — request deletion of your account and data
- Portability — export your data in a machine-readable format
- Object — opt out of non-essential communications
You can exercise these rights from your Profile page in the member portal (data export and account deletion), or by contacting your community administrator.
6. Data retention
Your data is retained as long as your account exists. When you delete your account, your personal data is removed within 30 days. Anonymized records (e.g., attendance counts) may be retained for community reporting purposes.
7. Third-party services
| Service | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication | EU |
| Vercel | Hosting | EU/US (edge) |
| Resend | Transactional email | US (EU processing) |
| Cloudflare | DNS, DDoS protection | Global |
8. Contact
For privacy inquiries, contact us at privacy@kerla.app.