Privacy Policy

Last updated: January 31, 2026

1. Introduction

KPI Nerd ("Company," "we," "us," or "our") respects your privacy and is committed to protecting the personal data we process. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our sales performance management platform ("Service").

This Privacy Policy applies to information we collect through the Service and our website at kpinerd.com.

2. Data Controller and Data Processor Roles

2.1 When We Act as a Data Controller

We act as a Data Controller for:

• Account registration information of our Customers (business administrators)
• Information collected through our marketing website
• Billing and payment information
• Customer support communications

2.2 When We Act as a Data Processor

We act as a Data Processor for:

• Employee performance data uploaded by our Customers
• Sales metrics and activity data entered into the Service
• Any personal data of employees that Customers choose to track

Important: When processing employee data, our Customers (your employer) are the Data Controllers. Questions about how your employer uses your data should be directed to your employer. We process such data only as instructed by our Customers.

3. Information We Collect

3.1 Information Provided by Customers

• Account Information: Company name, administrator name, email address, phone number, billing address
• Payment Information: Credit card details, billing information (processed by Stripe)
• Employee Data: Names, email addresses, performance metrics, sales activities, and other data Customers choose to input
• Business Data: Revenue targets, sales goals, KPIs, activity benchmarks

3.2 Information Collected Automatically

• Usage Data: Features used, pages visited, actions taken within the Service
• Device Information: Browser type, operating system, IP address
• Cookies: Session cookies, analytics cookies (see our Cookie Policy)

4. How We Use Information

4.1 To Provide and Improve the Service

• Process and manage Customer accounts
• Provide customer support
• Process payments and billing
• Analyze usage patterns to improve the Service
• Develop new features and functionality

4.2 To Create Aggregated Benchmarks

We de-identify and aggregate data from multiple Customers to create industry benchmarks and analytics. This aggregated data:

• Cannot be used to identify any individual Customer or employee
• Helps Customers understand how their performance compares to industry standards
• May be used for research, analytics, and service improvement

4.3 To Communicate

• Send service-related announcements
• Respond to inquiries and support requests
• Send marketing communications (with consent; you may opt out at any time)

4.4 Legal Bases for Processing (GDPR)

5. Data Sharing and Disclosure

5.1 Service Providers (Sub-processors)

We share data with third-party service providers who assist us in operating the Service:

5.2 Legal Requirements

We may disclose information if required by law or if we believe disclosure is necessary to:

• Comply with legal process or government requests
• Protect our rights, privacy, safety, or property
• Enforce our Terms of Service

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction.

6. International Data Transfers

Data may be transferred to and processed in the United States and other countries. For transfers from the European Economic Area (EEA), UK, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• EU-US Data Privacy Framework certification (where applicable)

7. Data Retention

8. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

• Encryption of data in transit (TLS 1.3) and at rest
• Access controls and authentication requirements
• Regular security assessments
• Employee training on data protection

9. Your Rights

9.1 Rights Under GDPR (EEA Residents)

If you are located in the EEA, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a portable format
• Restriction: Limit how we process your data
• Object: Object to certain processing activities

9.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to:

• Know: What personal information we collect and how it is used
• Delete: Request deletion of your personal information
• Correct: Correct inaccurate personal information
• Opt-Out: Opt out of the sale or sharing of personal information

Note: We do not sell personal information as defined by the CCPA.

9.3 For Employee Data

If you are an employee whose data is processed through the Service, please contact your employer (our Customer) to exercise your rights. We will assist our Customers in responding to such requests.

10. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your rights, please contact us:

Email: [email protected]
Address: [Company Address]

For GDPR-related inquiries, you may also contact our Data Protection Officer at [email protected].

13. Data Processing Addendum

Enterprise customers may request a Data Processing Addendum (DPA) that provides additional contractual protections for personal data processing. Contact us at [email protected] to request a DPA.