KnotlyKnotly← Home

Privacy Policy

Last updated: 15 May 2026

Knotly ("we", "us") processes personal data in compliance with the EU General Data Protection Regulation 2016/679 ("GDPR") and applicable national implementing laws. This policy explains what data we collect, why, how long we keep it, and the rights you have as a data subject.

1. Data Controller

The data controller is the legal entity operating Knotly. For any privacy-related request you can reach us at privacy@knotlyapp.com.

2. Data we collect

  • Account data: name, email, phone, role (school / instructor / student), preferred language, password (hashed).
  • School data: school name, description, address, contact details, social links, activities offered.
  • Operational data: students, lesson sessions, timer durations, instructor notes, IKO levels, inventory and rentals.
  • Demo requests: name, email, phone (optional), school name and message.
  • Technical data: session tokens, IP address (transient), browser/device metadata required to deliver the service.

3. Purposes and legal basis (Art. 6 GDPR)

  • Service delivery — contract performance (Art. 6.1.b).
  • Account security and authentication — legitimate interest (Art. 6.1.f).
  • Demo and commercial requests — consent (Art. 6.1.a), withdrawable at any time.
  • Legal and accounting obligations — legal obligation (Art. 6.1.c).

4. Data retention

Account and operational data are kept for as long as your account is active and for up to 12 months after deletion for backup and legal purposes. Demo requests are kept for up to 24 months. Accounting records are retained for 10 years where required by law.

5. Sub-processors and storage location

Knotly relies on a limited number of vetted sub-processors to host the platform, the database and the authentication layer. Data is stored on infrastructure located in the European Economic Area. Where any transfer outside the EEA is strictly necessary, it is governed by Standard Contractual Clauses approved by the European Commission.

6. Security measures

We apply technical and organisational measures appropriate to the risk (Art. 32 GDPR): encryption in transit (TLS), encryption at rest, row-level security on every user-data table, role-based access control, secret rotation, audit logging and least-privilege admin access.

7. Your rights (Art. 15–22 GDPR)

You have the right to:

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability in a structured, machine-readable format.
  • Withdraw consent at any time, without affecting prior lawful processing.
  • Lodge a complaint with your national supervisory authority.

To exercise any right, write to privacy@knotlyapp.com. We respond within 30 days.

8. Data breach notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we notify the competent supervisory authority within 72 hours and, where required, the affected data subjects without undue delay (Art. 33–34 GDPR).

9. Changes to this policy

We may update this policy. Material changes will be communicated by email or in-app notice before they take effect.