1 Data Controller
The data controller responsible for your personal data is:
Komando SAS
France
Email: support@komando.app
Website: komando.app
2 What Data We Collect
Depending on how you interact with Komando Pro, we may collect the following personal data:
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Email address | Account creation, login, notifications | Contract performance |
| First and last name (contact person) | Identifying the authorised representative of the business | Contract performance |
| Phone number | Pre-sales follow-up and onboarding (collected via Request Access form) | Legitimate interest |
| Full postal address (street, city, postal code, country) | Displaying venue location to creators; business profile | Contract performance |
| Business name and industry | Business profile visible to creators on the Komando platform | Contract performance |
| Profile photo and gallery images | Displayed on your public business profile | Consent |
| Device identifier (push token) | Sending push notifications about applications and collaborations | Consent |
| Collaboration data (offers, applications, messages) | Core platform functionality — managing collaborations | Contract performance |
| Request Access form data (name, email, phone, business details, optional message) | Evaluating and following up on access requests, before any account exists | Legitimate interest |
Note on Request Access data: When you submit the “Request Access” form, your data is stored in our system and an email notification is sent to our team. This processing occurs before any contractual relationship exists and is based on our legitimate interest in evaluating potential business partners. You may request deletion of this data at any time by emailing support@komando.app.
3 How We Use Your Data
We use your personal data solely for the following purposes:
- Creating and managing your Komando Pro account
- Displaying your business profile and offers to vetted creators
- Facilitating collaborations between your business and creators
- Sending push notifications about new applications, messages, and content updates
- Following up on access requests from prospective business partners
- Improving app features and fixing technical issues
- Responding to support requests
We do not sell your personal data to third parties. We do not use your data for advertising or profiling purposes.
4 Data Sharing
Your data may be shared with the following trusted third-party processors, strictly for operational purposes:
- Firebase (Google LLC) — Authentication, database, file storage, and push notifications. Data may be processed in the United States. Google is certified under the EU-US Data Privacy Framework.
- Apple Inc. — Push notification delivery via APNs.
- Resend (Resend Inc.) — Transactional email delivery, used to notify our team of new access requests and to send account credentials to new businesses. Data is processed in the United States under standard contractual clauses.
No other third parties have access to your personal data without your explicit consent.
5 Data Retention
We retain your personal data for as long as your account is active. If you delete your account:
- Your profile data (name, photos, address, contact details) is permanently deleted within 30 days.
- Your email address is removed from our authentication system immediately.
- Collaboration records may be retained for up to 12 months for legal and dispute resolution purposes, then permanently deleted.
Request Access form data (for prospective businesses who never activated an account) is retained for up to 12 months, then deleted.
6 Your Rights Under GDPR
If you are located in the European Union or EEA, you have the following rights regarding your personal data:
- Right of access — You can request a copy of the personal data we hold about you.
- Right to rectification — You can request correction of inaccurate data.
- Right to erasure (“right to be forgotten”) — You can request deletion of your account and personal data.
- Right to restriction — You can request that we limit the processing of your data in certain circumstances.
- Right to data portability — You can request your data in a structured, machine-readable format.
- Right to object — You can object to processing based on legitimate interest (including pre-sales follow-up).
- Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time (e.g., disabling push notifications in device settings, or requesting photo removal).
To exercise any of these rights, contact us at support@komando.app. We will respond within 30 days.
7 Cookies & Tracking
The Komando Pro mobile application does not use cookies or cross-app tracking. We do not share data with advertising networks or data brokers.
Firebase may collect anonymised analytics data (crash reports, performance metrics) to improve app stability. This data is not linked to your identity.
8 Data Security
We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction, including:
- Encrypted data transmission (HTTPS / TLS)
- Firebase Security Rules to restrict data access per authenticated user
- Authentication tokens managed by Firebase Auth
- Mandatory password change on first login for invited accounts
- Limited internal access to personal data on a need-to-know basis
9 Changes to This Policy
We may update this Data Protection notice from time to time. When we do, we will update the “Last updated” date at the top of this page and, where appropriate, notify you via the app or by email. Continued use of Komando Pro after any changes constitutes acceptance of the updated notice.
10 Contact & Complaints
For any data protection questions or to exercise your rights:
Email: support@komando.app
Website: komando.app
If you believe your data has been processed unlawfully, you have the right to lodge a complaint with your national supervisory authority. In France, this is the CNIL (Commission Nationale de l’Informatique et des Libertés).