Data Handling & Deletion Policy
This Data Handling & Deletion Policy outlines how WASD Corporation ("we", "us", or "our") manages, stores, and deletes data collected through our product, Kinn — feedback analytics and tools to support game studios in building more effective video games.
1. Purpose
This policy outlines how we manage, store, and delete data collected through Kinn, and ensures compliance with data protection regulations including the GDPR, CCPA/CPRA, and other applicable privacy laws.
2. Scope
This policy applies to all data collected and processed by Kinn, including customer account data, application usage data, analytics data, and any associated backups or archived datasets. It also applies to our subprocessors and third-party vendors.
3. Roles and responsibilities
- Data Controller: the customer (game studio) using Kinn.
- Data Processor: WASD Corporation.
- Data Protection Contact: CTO of WASD Corporation — responsible for compliance, deletion requests, and audit readiness.
- Subprocessors: Render (hosting and application infrastructure), AWS (file and media storage), PostHog (analytics), Postmark (email notifications and delivery), Stripe (payment processing), and OpenAI (LLM and data-enrichment services).
4. Data retention
We retain data to support long-term insights and continuity for customers, based on the following principles:
- Customer account data: retained for as long as the account is active, and for 60 days after cancellation.
- Backup data: retained for the same period as the customer account (+60 days).
- Analytics data (PostHog): retained per PostHog's default cloud retention policy.
- Log data and operational metrics: retained for up to 90 days for troubleshooting and security auditing.
After these retention periods, data is securely deleted or anonymized.
5. Data deletion
Data is deleted upon account closure or expiration of the retention period (active + 60 days), upon customer request under applicable laws (GDPR or CCPA/CPRA), or via internal system purging as part of periodic data cleanups. Deletion methods include secure overwriting of files on storage systems, removal from live databases and associated backups, and irreversible anonymization of analytics data.
6. Data redaction
When ingesting user-generated content from third-party platforms (Discord, Reddit, YouTube, Twitch, Steam), we may receive content that includes identifiable information (e.g., usernames or IDs). We apply automated and manual redaction processes to prevent identifiable data from being stored or displayed in Kinn's interface. Redacted data is replaced with placeholders or omitted entirely from results.
7. Backup and recovery
Backups are created regularly and stored on Render and AWS infrastructure, encrypted in transit and at rest. Data in backups follows the same retention and deletion timelines as live data. Restoration from backup is performed only for service continuity or recovery purposes.
8. Data access and portability
Customers can request access to the data collected and stored under their account, correction of inaccurate data, permanent deletion of data under applicable laws, and export of data in a structured, machine-readable format. Requests can be sent to support@kinn.gg.
9. Compliance and enforcement
WASD Corporation is committed to compliance with global data protection laws. We maintain technical and organizational measures including encryption of data at rest and in transit, access controls and authentication policies, regular monitoring and auditing of data systems, and vendor agreements with all subprocessors to ensure privacy compliance.
10. Policy updates
This policy may be updated periodically to reflect changes in our practices or legal requirements. When updates occur, customers will be notified via email or within the Kinn dashboard.
Contact information
For questions, deletion requests, or compliance inquiries, please contact:
WASD Corporation
1775 W State St #166, Boise, ID 83702, USA
support@kinn.gg