Kalistat – Privacy Policy

1. Introduction

Kalistat LLC (“Kalistat”, “we”, “us”) is committed to protecting your personal data. This Privacy Policy explains how we collect, process, store, and safeguard personal information when you use www.kalistat.com (“Platform”).

We comply with the Swiss Federal Act on Data Protection (nFADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

2. Data Controller

Kalistat LLC
Chiasso, Switzerland
Email: info@kalistat.com

3. Personal Data We Collect

We collect only what is necessary to operate the Platform:

• Identification data: first name, last name, email address.
• Account data: hashed credentials, login metadata.
• Technical data: IP address, browser, device type, system logs, session identifiers.
• Usage data: basic interaction logs for security and platform stability.
• Payment data: not processed or stored by Kalistat; handled entirely by third-party providers.

We do not collect behavioral analytics, marketing identifiers, or any unnecessary personal data.

4. Purpose of Processing

We process personal data solely for:

• Account creation, authentication, and management.
• Delivering the Platform and services.
• Preventing fraud, abuse, and unauthorized access.
• Communicating essential service notices.
• Fulfilling legal obligations.
• Internal analytics strictly for service improvement.

We do not use data for advertising or profiling.

5. Legal Bases (GDPR)

Where GDPR applies, processing is based on:

• Consent (account registration).
• Contractual necessity (providing the service).
• Legitimate interest (security, fraud prevention).
• Legal compliance (regulatory obligations).

6. Data Retention

We retain personal data only as long as necessary:

• Account data: until the user deletes the account.
• Technical and security logs: generally up to 12 months.
• Billing confirmations: retained per Swiss accounting law.

After retention, data is deleted or anonymized securely.

7. Data Sharing and Processors

We share data only with essential service providers:

• Hosting and cloud infrastructure.
• Email delivery provider.
• Payment provider (transaction confirmation only).
• IT security tools.

All providers comply with GDPR or equivalent standards. We never sell or rent personal data.

8. International Data Transfers

If personal data is transferred outside Switzerland or the EU, we ensure adequate safeguards:

• Adequacy decisions.
• Standard Contractual Clauses (SCCs).
• Technical and organizational protections.

9. Data Security

We implement industry-standard security:

• Encryption in transit and at rest.
• Firewalls and infrastructure monitoring.
• Strict access controls and credential hashing.
• Regular audits and risk assessments.

No system is completely secure, and users acknowledge inherent risks of online transmission.

10. User Rights

Users have the right to:

• Access their personal data.
• Request correction or deletion.
• Restrict or object to processing.
• Withdraw consent at any time.
• Request data portability.
• File a complaint with their local data authority.

Requests should be sent to info@kalistat.com .

11. Children’s Privacy

The Platform is not intended for individuals under 14. We do not knowingly collect data from minors.

12. Changes to this Policy

We may update this Policy. Material changes will be communicated via email or platform notice.

13. Contact

For privacy requests: info@kalistat.com