Privacy Policy

Last updated: 22 August 2025
Contents
  1. Introduction & Scope
  2. Data We Collect
  3. Legal Basis of Processing
  4. Purposes of Data Use
  5. Cookies & Similar Technologies
  6. Sharing Data with Third Parties
  7. Storage & Retention
  8. Information Security
  9. Your Rights
  10. Children’s Data
  11. Policy Updates
  12. Contact

1. Introduction & Scope

This Privacy Policy explains how the KSCS Portal (“we”, “our”, “the Portal”) collects, uses, stores, and safeguards your personal data when you access or use our services. By creating an account or using the Portal, you agree to the practices described herein. Please also review our Terms of Service.

2. Data We Collect

We collect the following types of data, as required for the operation of the Portal:

  • Account Data (from users table): full name, email, password hash, phone number, role, activation/verification status, and timestamps (created_at, updated_at).
  • User Profile Data (user_profiles, optional): national ID, employee ID, organization, position, address, city, province, ZIP code, alternate phone numbers, profile photo, and biography.
  • Verification & Password Reset: email verification tokens, password reset tokens, expiration timestamps, and usage status.
  • Activity & Notifications: activity logs (IP address, user-agent, event type, description) and user notifications.
  • Sessions: session tokens/JWT, IP address, user-agent, and expiration data.
  • Project–User Relations: assignment of users to KSCS work packages (user_packages table).

Data uploaded to the system (documents, photos, reports) may contain personal or third-party information. You are responsible for ensuring you have lawful rights to share such content.

We process data under one or more of the following bases, where applicable:

  • Consent (e.g., during account creation and email verification).
  • Performance of a contract (providing access to project features and functionalities).
  • Legitimate interest (system security, fraud prevention, audit logging).
  • Legal obligation (complying with lawful requests or regulatory requirements).

4. Purposes of Data Use

  • To create, verify, and manage user accounts.
  • To provide access to KSCS project packages and system features.
  • To deliver notifications and user support.
  • To ensure system integrity, including security monitoring and session management.
  • To maintain performance and enhance the Portal.
  • To comply with applicable legal requirements.

5. Cookies & Similar Technologies

We use cookies and session technologies to maintain authentication and user preferences. You may disable cookies through your browser settings, but certain features of the Portal may not function properly.

6. Sharing Data with Third Parties

We do not sell personal data. We may share data with:

  • Service providers (e.g., email delivery, hosting) operating under our instructions.
  • Authorized government agencies when required by law or valid legal process.
  • Entities involved in restructuring such as mergers or acquisitions, with appropriate notice.

Third parties acting on our behalf are required to follow confidentiality and data-protection obligations.

7. Storage & Retention

  • Account and profile data are retained as long as the account remains active or as necessary for stated purposes.
  • Verification and password reset tokens remain valid until expiration or marked as used.
  • Activity logs and session records are retained for reasonable periods for security and auditing.

8. Information Security

We implement appropriate administrative and technical safeguards (password hashing, access controls, audit logs). However, no system is completely secure. Please protect your credentials and log out when finished.

9. Your Rights

Depending on applicable laws, you may have the right to:

  • Request a copy of your personal data.
  • Correct inaccurate or incomplete information.
  • Request deletion of certain data.
  • Restrict or object to specific processing activities.
  • Withdraw consent (without affecting prior processing).

To exercise these rights, refer to the Contact section.

10. Children’s Data

The Portal is not intended for minors under applicable law. If you believe we have unintentionally collected such data, contact us so we can take appropriate action.

11. Policy Updates

We may revise this Privacy Policy from time to time. The latest version will always be available on this page, effective immediately upon posting.

12. Contact

For privacy inquiries, data-access requests, or complaints, please contact:

  • Email: support@karian.id
  • Subject line: Privacy Request (include relevant details and account verification information).