Privacy Policy
Last updated: 18 April 2026
This Privacy Policy explains what data Kandan collects, how it is used, and the choices you have. If you have questions, email hello@usekandan.com.
Who we are
Kandan ("we", "us") is operated by Arjen Blokzijl, based in the Netherlands. Contact: hello@usekandan.com.
Where your data lives
All application data is stored on servers located in the European Union (Hetzner, Germany). Transactional email is sent via Resend. Static marketing pages and the web app shell are served from Cloudflare's global edge. See "Who processes data on our behalf" below for details.
Data we collect
- Account data. Email address, name, and (for email sign-up) a hashed password. Stored so we can authenticate you and send service-related email.
- Connected-service data. When you connect a service (e.g. Gmail, GitHub), we store the OAuth access and refresh tokens needed to call that service on your behalf. Tokens are encrypted at rest.
- Notification content. For each notification we aggregate, we store metadata (subject, sender, timestamp, a short snippet of the body, identifiers needed for deduplication and read-state sync). We do not store full message bodies or attachments.
- Usage and device data. Basic request logs (IP address, user agent) for security and debugging, retained for 30 days. Error reports via Sentry with personally-identifying fields scrubbed.
Google user data
Kandan's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, when you connect a Google account:
- We request the minimum scopes needed to read metadata of incoming messages and (if you enable sync) to update their read/label state.
- Your Google data is used solely to provide the Kandan notification aggregation feature in the user interface. It is never sold, rented, or used for advertising.
- No human at Kandan reads your Google data, except when you give us explicit permission to investigate a support issue, when it is required to comply with law, or when it is aggregated and anonymized for internal operations in accordance with the Limited Use policy.
- Google data is never sent to any AI/ML model, third-party analytics service, or advertising network.
- You can revoke Kandan's access at any time from myaccount.google.com/permissions or by disconnecting the source inside Kandan.
How we use data
- To operate, maintain, and improve the Kandan service.
- To send transactional email (e.g. reconnect alerts, password reset).
- To diagnose errors and secure the system.
We do not sell your data, we do not use it for advertising, and we do not train machine learning models on it.
Who processes data on our behalf
We keep the list of sub-processors short and give each one only the minimum data it needs to do its job:
| Sub-processor | Purpose | Data shared | Location |
|---|---|---|---|
| Hetzner Online GmbH | Primary hosting (application servers + database) | All application data, stored encrypted at rest where sensitive (OAuth tokens, passwords) | Germany (EU) |
| Cloudflare, Inc. | CDN for the marketing site and web app shell; TLS termination for usekandan.com and app.usekandan.com | Request metadata (IP, URL, headers). No application database content is stored at Cloudflare. | Global edge (EU-preferred) |
| Resend | Transactional email delivery | Recipient email address and the message content of transactional emails only (e.g. "your Gmail connection is disconnected"). No notification content from your connected sources. | EU |
| Sentry | Error monitoring | Stack traces and contextual metadata, with PII scrubbed. Never message bodies or OAuth tokens. | EU (de.sentry.io) |
| Google LLC | Only if you connect a Google account: API calls to Gmail on your behalf | The OAuth token we obtained from Google is sent back to Google with each request. No other data leaves our system to Google. | Per Google's terms (typically US with EU edge) |
| GitHub, Inc. | Only if you connect GitHub: API calls on your behalf | Same as Google, for GitHub. | US |
We do not share data with advertisers, data brokers, analytics providers, or AI/LLM providers. We do not use third-party trackers or cookies for marketing purposes.
International transfers
Your application data stays in the EU. Some sub-processors (Cloudflare, Google, GitHub) may serve or receive requests from infrastructure outside the EU. Where this happens, transfers rely on Standard Contractual Clauses and the respective provider's data processing addendum.
Retention
Notification metadata is retained for as long as your account is active. Disconnecting a source removes stored OAuth tokens for that source. Deleting your account removes all associated data within 30 days, except where we are required to retain it to comply with law. Server access logs are retained for 30 days and then rotated.
Your rights
You can access, correct, export, or delete your data at any time by emailing hello@usekandan.com. Residents of the EU/UK and California have additional rights under GDPR and CCPA respectively.
Security
For a detailed description of how we protect your data, see our Security page.
Changes
We may update this policy. Material changes will be announced via email to active users at least 14 days before taking effect.