Privacy Policy

1. Data controller

Kaizen DSP (Gabriel Lacroix, Terrace, British Columbia, Canada) is the data controller for the processing described in this policy. This policy applies to all Kaizen DSP products and services, including Choroboros, the Choroboros beta site, future plugins, and the .kzn preset ecosystem.

2. Beta signup and access requests

When you sign up for beta access (e.g. via a Google Form or similar form on our sites), we collect the information you provide, typically your email address. We use this to grant you access to beta builds, send you download links and updates during the beta period, and to communicate about the product. This data is processed on the basis of your consent and our legitimate interest in running the beta program. Google Forms data is stored by Google in accordance with Google's privacy policy; we may export and store copies for our records.

3. Feedback form submissions

If you submit feedback (e.g. bug reports, feature requests, or survey responses) through our forms, we collect whatever information you include (e.g. email, message, optional metadata). We use this to improve our products and support. Submissions may be stored in the form provider's systems and in our own tools (e.g. email or task lists). We do not use feedback for marketing unless you have separately agreed to that.

4. Analytics

Our websites may use Vercel Analytics (or similar) to understand usage (e.g. page views, referrers). This may involve cookies or similar technologies and minimal device/browser data. We use this to improve the site and product; we do not use analytics for advertising profiling. For details, see Vercel's privacy documentation.

5. Payments (Paddle)

When you purchase a commercial Kaizen DSP product, payment is processed by Paddle as the Merchant of Record. Paddle collects and processes payment data (e.g. card details, billing address) and handles VAT/GST and receipts. Kaizen DSP does not receive or store your payment card details. We receive from Paddle: transaction status, your email (for license delivery), and optionally country/region for tax and support. Payment-related personal data is governed by Paddle's privacy policy and terms. Our exposure to payment PII is minimal because Paddle is the MoR.

6. .kzn signing service and creator ID

When you use the signed .kzn preset export feature in a commercial Kaizen DSP plugin, your plugin sends a signing request (including your license token and preset payload) to a Kaizen DSP–hosted service (e.g. on Cloudflare Workers). The service verifies your license, signs the file, and may associate a creator ID (an opaque UUID) with your account. That UUID is embedded in the signed .kzn file for attribution; it does not contain your name or email. Under GDPR, we treat this as pseudonymous data: we hold a server-side mapping from the UUID to your account so we can attribute presets and, if you request erasure, remove that mapping. We do not embed personally identifiable information in the .kzn file itself.

If you exercise your right to erasure (see below), we will delete the mapping between your creator UUID and your account. The UUID in any .kzn files you have already distributed will then no longer be linked to you and becomes anonymous from our perspective.

7. Email communications

We use your email to deliver license keys, respond to support and feedback, and send product- or beta-related updates. We do not sell your email to third parties. You can unsubscribe from marketing-style emails via the link in those emails; transactional and support emails are necessary for the service.

8. No sale of data

We do not sell your personal data to third parties. We share data only as needed to operate the service (e.g. form providers, Paddle, hosting and analytics providers) and as required by law.

9. Retention

We retain data only as long as needed for the purposes above: e.g. beta signup and feedback for the duration of the beta and a reasonable period after; purchase and license data for the life of the license and for legal/tax obligations; creator UUID mapping until you request erasure or we no longer need it for attribution or support.

10. Your rights (GDPR and similar)

If you are in the European Economic Area, UK, or another jurisdiction that grants similar rights, you may have the right to: access your data, correct it, request erasure, restrict or object to certain processing, and data portability. For the creator UUID: we fulfil erasure by deleting the server-side mapping so the UUID in distributed files is no longer linked to you. To exercise any of these rights, contact us at the email below. You also have the right to lodge a complaint with a supervisory authority.

11. Contact and privacy requests

For privacy-related requests (access, erasure, etc.): info@kaizenstrategic.ai. We will respond within a reasonable time. For general terms and refunds, see our Terms of Service.