Skip to content
KontorHQ

Legal

Privacy Policy

Last updated: 22 May 2026

KontorHQ is operated by KARTUPELIS LLC, a limited liability company registered in the Commonwealth of Massachusetts, USA (“KontorHQ”, “we”, “us”). KARTUPELIS LLC is the data controller for personal data processed through kontorhq.com.

This policy explains what we collect, why, how we handle it, and what rights you have. It covers the GDPR (EU/EEA residents) and the UK GDPR (UK residents). If you only want the short version: we collect the minimum we need to run a small advisory business, we don’t sell data, and you can reach us at hello@kontorhq.com to ask questions or remove your data.

1. What we collect

You give us:

  • Name, email, and any answers to pre-meeting questions when you book an intro call through the booking link on the site.
  • Email address and any other information you give us when you subscribe to updates.
  • Anything you send us directly — emails, messages, documents shared during a paid engagement.

We collect automatically:

  • Analytics events — pages visited, clicks, time on page, referrer, anonymised IP, device and browser type, approximate location at country (and for EU traffic, city) level. Captured with anonymous-by-default profiles, Do Not Track honored, and form inputs masked in any session recordings.
  • Server and security logs — standard web-server logs kept by our hosting provider for short retention.

We don’t collect:

  • Special-category personal data (health, religion, political opinion, and so on). Don’t send any to us.
  • Payment card data. When we invoice, payment runs through a third-party payment processor — we see metadata like the last four digits, never the full card.

2. Why we process it (legal bases)

What we do Legal basis under GDPR Art. 6
Run intro calls, send call follow-ups, deliver paid engagements Performance of a contract (or pre-contract steps at your request)
Send the insights newsletter Your consent — given when you subscribe, withdrawable any time
Run anonymous analytics, keep the site running, prevent abuse Our legitimate interest in operating and improving a small advisory practice. We’ve assessed this against your rights; the data is minimal, anonymised by default, and not used for profiling or advertising.
Respond to your inquiries Performance of pre-contract steps and our legitimate interest in replying to people who contact us
Meet legal, tax, or regulatory obligations Legal obligation

3. Who else sees the data

We use a small set of third-party service providers to host the site, send email, run analytics, and process payments. Each is bound by a data-processing agreement and only handles data on our instructions. We pick providers with appropriate technical and organisational safeguards, and we review them periodically.

We don’t sell your data, rent it, or hand it to advertisers. Disclosures happen only to those service providers, to professional advisors (accountant, lawyer) under confidentiality, or where the law requires it.

If you want a current list of the specific service providers we use, email hello@kontorhq.com and we’ll send it.

4. International transfers

KARTUPELIS LLC is based in the United States, and some of our service providers process data outside the EU/EEA and the UK. Where personal data leaves the EU/EEA or the UK, we rely on the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable) plus the supplementary measures published by each provider. Copies are available on request.

5. How long we keep it

  • Booking and call records: up to 24 months after our last interaction, then deleted or anonymised.
  • Newsletter subscribers: until you unsubscribe.
  • Active client records (paid engagements): for the life of the engagement plus 7 years for tax and contract record-keeping under US and EU rules.
  • Analytics: typically up to 12 months for raw events, longer for aggregated/anonymised data.
  • Server logs: typically 30–90 days.

We delete sooner on request unless we have a legal reason to keep something.

6. Your rights

If GDPR or UK GDPR applies to you, you have the right to:

  • Access the personal data we hold about you.
  • Correct anything that’s wrong.
  • Delete your data (“right to be forgotten”) where we don’t have a legal reason to keep it.
  • Restrict processing while a dispute is resolved.
  • Port your data to another provider in a structured, machine-readable format.
  • Object to processing based on legitimate interest.
  • Withdraw consent for the newsletter at any time — the unsubscribe link is in every email.
  • Lodge a complaint with your local supervisory authority.

To exercise any of these, email hello@kontorhq.com. We’ll respond within 30 days, usually much sooner.

7. Cookies and similar technology

The site uses a minimal set of cookies and equivalent storage:

  • Strictly necessary — keep the site functional (e.g., remembering you’ve dismissed a tooltip). No tracking purpose.
  • Analytics — our analytics tool uses local storage to keep a stable anonymous identifier across pages. No third-party advertising cookies.

We don’t use a consent banner because we don’t run profiling, advertising, or cross-site tracking. If that changes, we’ll add one before turning anything on.

You can block analytics in your browser. We honor Do Not Track signals.

8. Changes to this policy

We’ll update this page if how we handle data changes. The “Last updated” date at the top reflects the most recent revision. Material changes — new categories of data, new purposes, new types of service provider — will be mentioned in the next insights newsletter or with a banner on the site.

9. Contact

Questions, requests, complaints, or data-subject access requests:

hello@kontorhq.com

For our registered business address, ask by email and we’ll share it.