Kiwi Equity
LoginGet Started

Privacy Policy

Last updated: Aug 1, 2025

The Simple Version

We collect only the data needed to run your equity management system. We understand this includes sensitive financial information about your company and employees, so we take reasonable precautions to protect it. We don't sell your information or use it for anything other than providing the service.

What Information We Collect

Equity Management Data

  • Company details: Name, timezone, currency, price-per-share history
  • Employee records: Names, status, employment/termination dates
  • Grant information: Equity grants, vesting schedules, amounts, exercise prices
  • Transactions: Vesting events, buybacks, terminations, pool adjustments
  • Reports: Generated compliance and audit reports

Account and System Data

  • Admin accounts: Email, name, encrypted login credentials
  • Usage logs: Login times, actions performed, IP addresses
  • Communications: Support requests, bug reports, platform feedback
  • Audit trail: System events and data changes for security/compliance

How We Use Your Information

  • Equity operations: Process grants, calculate vesting, handle buybacks/terminations, maintain pool balances
  • Compliance: Generate audit reports, maintain transaction history, ensure data integrity
  • Security: Monitor access, prevent unauthorized use, maintain audit trails
  • Platform support: Troubleshoot issues, answer questions, fix bugs
  • Service improvement: Understand feature usage to enhance the platform

We don't: Market to your employees, sell your data, use it for other businesses, or train AI models on your equity information.

How We Protect Your Information

  • Tenant isolation: Your data is completely separated from other companies
  • Admin-only access: Only designated company administrators can access your equity data
  • Session security: 4-hour login sessions with CSRF protection
  • Rate limiting: Protection against automated attacks and abuse
  • Audit logging: Complete records of all data access and changes
  • Encrypted storage: Data protected at rest and in transit

Reality check: We implement solid security practices appropriate for equity management, but this is a free service with corresponding resource limitations.

Who We Share Information With

  • Cloud hosting: We use standard cloud providers (AWS) to run the service
  • Legal requirements: We'll comply with valid legal requests for data
  • Nobody else: We don't sell, rent, or trade your information

Your Data Rights

  • Access: View all your data through the platform interface
  • Correct: Update incorrect information anytime through admin controls
  • Export: Download comprehensive reports in Excel format, or raw data in CSV/JSON
  • Delete: Request account deletion (we'll remove data within reasonable time)

Available reports: Grants, buybacks, terminations, outstanding shares, ledger, employee data, and data reconciliation reports.

Note: Some data might persist in backups for a while after deletion.

Data Storage and Retention

  • Where: Data stored in secure cloud facilities
  • How long: Until you delete your account or stop using the service
  • Backups: We keep backups for system reliability but don't guarantee specific retention periods
  • Inactive accounts: We may delete data from accounts unused for extended periods (with notice)

International Users

If you're outside our primary jurisdiction, your data may be stored and processed in different countries. By using the service, you consent to this.

Changes to This Policy

We'll update this policy occasionally. Material changes will be announced through the platform or email.

Data Breaches

If we experience a significant data breach, we'll notify affected users as soon as reasonably possible.

Contact

Questions about privacy? Contact us at [privacy email] or through the platform.

This policy covers the basics without over-promising. If you need enterprise-level data protection, consider paid alternatives.