Privacy Policy

The data controller responsible for your personal data is Karel Pelcak, operating the KPWorkSpace service as an individual based in the Czech Republic. You can reach us at privacy@kpworkspace.net for any question relating to this policy or your personal data.

We keep data collection to the minimum required to operate the Service:

• Account data. When you sign in with Google, we receive your name, email address and Google account identifier. We do not receive or store your Google password.
• Subscription data. When you subscribe to a paid plan, our payment processor (Stripe) handles your card details. We store only your subscription status, plan, billing period and the Stripe customer/subscription identifiers — never your full card number.
• Authentication data. Session tokens and one-time tokens used to keep you signed in across the website and the desktop app.
• Technical data. Basic request information (such as IP address and user agent) processed transiently by our infrastructure provider to deliver and secure the Service.

KPWorkSpace is a local-first desktop application. The following data is stored only on your own computer and is never transmitted to us:

• Workspaces and settings.Your spaces, layouts, terminal configuration and application preferences are saved in your operating system’s application-data directory.
• Screenshots. Region screenshots you capture are saved locally on your device.
• Speech-to-text. Audio you record for transcription is processed entirely on-device using local models (Whisper / Parakeet). Your voice audio never leaves your computer and is not sent to us or any third party.
• Cached subscription status. Your plan status is cached locally for up to 30 days so the app works offline.

Anything you do inside the terminals — commands, files and AI agent sessions — runs locally on your machine and is not visible to us.

We process your personal data to:

• create and authenticate your account;
• provide the Service and gate features according to your plan;
• process subscriptions, renewals and cancellations through Stripe;
• communicate with you about your account, billing or support requests;
• keep the Service secure and prevent abuse;
• comply with our legal obligations.

Under the EU General Data Protection Regulation (GDPR), we rely on the following legal bases:

• Performance of a contract (Art. 6(1)(b)) — to provide the Service and manage your subscription.
• Legitimate interests (Art. 6(1)(f)) — to keep the Service secure and prevent fraud, balanced against your rights.
• Legal obligation (Art. 6(1)(c)) — to retain billing records as required by law.

We do not sell your personal data. We share it only with trusted providers who process it on our behalf to run the Service:

• Google — authentication (sign-in with Google).
• Stripe — payment processing and subscription management.
• Cloudflare — application hosting and database (Cloudflare Workers and D1).

Each provider acts as a processor (or independent controller for payment data, in Stripe’s case) under appropriate data-processing terms. Where data is transferred outside the European Economic Area, it is protected by mechanisms such as the EU Standard Contractual Clauses.

We keep your account data for as long as your account remains active. If you delete your account or ask us to erase your data, we remove it within a reasonable period, except where we are legally required to retain certain records (for example, billing and tax records, which may be kept for up to 10 years under Czech law).

Under the GDPR you have the right to:

• access the personal data we hold about you;
• rectify inaccurate or incomplete data;
• erase your data (“right to be forgotten”);
• restrict or object to certain processing;
• data portability;
• withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, contact us at privacy@kpworkspace.net. You also have the right to lodge a complaint with your local supervisory authority — in the Czech Republic, the Office for Personal Data Protection (Úřad pro ochranu osobních údajů).

We use appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS) and reputable infrastructure providers. No method of transmission or storage is completely secure, but we work to protect your data using industry-standard practices.

The Service is not intended for children under the age of 16, and we do not knowingly collect personal data from them.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

For any privacy-related question or request, contact us at privacy@kpworkspace.net.