Privacy Policy
Effective as of June 2026
This policy describes how KMFlow handles the personal data collected through the website kmflow.io and the application kmflow.app. We operate in compliance with the Brazilian General Data Protection Law (LGPD, Law 13.709/2018) and follow GDPR principles for users in the European Union.
1. Data we collect
We collect only the data strictly necessary to run the product and to communicate with you.
- Waitlist form: name, email, team name, country and main motorsport discipline.
- Site usage: aggregated browsing metrics collected via Plausible Analytics: no cookies, no personal identification and no cross-site tracking.
- App account (kmflow.app): email, name, team data and any information voluntarily provided while using the system.
2. How we use it
- Waitlist: to notify you when access becomes available and to share information about the KMFlow launch.
- Analytics: to understand which pages are most visited and improve the site. We use Plausible Analytics, a cookieless tool aligned with GDPR/LGPD.
- App account: authentication, personalization and normal operation of the system (part tracking, race management, etc.).
3. Who we share data with
We only share data with processors essential to deliver the service, always limiting scope to the minimum required:
- Loops.so or FormSpark: waitlist form processing (only email and form fields).
- Plausible Analytics: aggregated browsing metrics, no cookies, no personal data.
- Stripe: payment processing in the application (only data necessary for the transaction; KMFlow does not store card data).
No data is ever sold or shared with third parties for advertising or remarketing purposes.
4. How long we keep it
- Waitlist: until the product is commercially launched or until you ask for removal, whichever comes first.
- Account data: while your account is active and for 90 days after cancellation, a window used for backups and possible reactivation at your request.
- Browsing metrics: aggregated and retained inside Plausible according to that service's policy.
5. Your rights (LGPD / GDPR)
Both LGPD and GDPR grant you a range of rights over your personal data. At any time you may:
- Access, correct or delete your data;
- Withdraw previously granted consent;
- Request data portability to another provider;
- Be informed about which third parties have received your data.
To exercise any of these rights, write to contact@kmflow.app. We respond within 15 business days.
6. Security
- All traffic is transmitted over HTTPS (TLS 1.2+).
- Passwords are stored only as bcrypt hashes, never in plain text.
- Credit card data is never stored on our servers; processing is handled entirely by Stripe.
- Administrative access requires multi-factor authentication.
7. Cookies
- The kmflow.io site does not use tracking cookies. Plausible Analytics is cookieless by design.
- The kmflow.app application uses a session cookie essential for authentication. This cookie is not shared with third parties and is strictly necessary for the system to operate.
8. Contact
Questions, requests or exercise of rights: contact@kmflow.app.