Skip to content
Kordu Tools

Privacy Policy

This policy describes how we collect, use, and protect your personal information when you use Kordu Tools.

Last updated: March 30, 2026
Effective: March 30, 2026
privacy@kordu.gg

Version 1.0 — KORDU LTD ("we", "us", "our") respects your privacy and is committed to protecting it. This policy explains what personal information we collect, how we use it, how we share it, and your rights.

Privacy by design: Kordu Tools processes your files and data in your browser by default. Your files never leave your device unless a specific tool requires server-side processing, in which case this is clearly indicated. We collect minimal data and do not require account creation to use our tools.

1. Scope

This Privacy Policy applies to personal information processed in connection with:

  • All tools and services available on kordu.tools
  • Our website, including all pages, blog content, and documentation
  • Any API endpoints used for server-side tool processing
  • Any other products or services provided by KORDU LTD through this website

This policy does not apply to third-party websites or services we do not control. When you leave our website, the privacy policies of those third parties apply.

2. Key Definitions

  • "Personal information" means any information that identifies or could reasonably be linked to an identifiable individual.
  • "Processing" means any operation performed on personal information (collecting, storing, using, disclosing).
  • "Controller" means the party which determines the purposes and means of processing.
  • "Client-side processing" means file or data processing that occurs entirely within your web browser, without sending data to our servers.
  • "Server-side processing" means file or data processing that occurs on our servers, used only when browser-based processing is not possible.

3. Data Controller

KORDU LTD is the data controller responsible for your personal information. We are incorporated in England and Wales.

KORDU LTD

First Floor Office, 3 Hornton Place

London, W8 4LZ

United Kingdom

privacy@kordu.gg

Company Registration: 16836154

4. Information We Collect

We are committed to data minimisation. Kordu Tools does not require account creation, login, or any personal information to use our tools. The types of data we may collect depend on how you interact with us:

4.1 Automatically Collected Data

  • IP address and approximate location (country/region) — anonymised for analytics
  • Device type, operating system, and browser
  • Pages visited, referrer URL, and visit timestamps
  • Language and time zone preferences

4.2 Files and Data You Process

Your files stay on your device. The vast majority of our tools process files entirely in your browser using client-side technologies (Canvas API, WebAssembly, Web Workers). Your files are never uploaded to our servers unless a specific tool explicitly requires server-side processing, which is always clearly indicated before you use the tool.

When server-side processing is required:

  • Files are uploaded over encrypted connections (TLS 1.3)
  • Files are stored temporarily (maximum 10 minutes) for processing only
  • Files are automatically deleted after processing or expiry
  • We do not inspect, copy, or retain the content of your files

4.3 Cookies and Local Storage

  • Essential cookies for website functionality
  • Local storage for tool preferences and settings
  • Analytics data (privacy-focused, anonymised)

For full details, see our Cookie Policy.

4.4 Advertising Data

Third-party ad networks that display advertisements on the Services may collect data through cookies and similar technologies, including:

  • Pages visited and interactions with advertisements
  • Device and browser information
  • IP address and approximate location
  • Browsing activity across other websites (for interest-based advertising)

This data is collected by the ad networks under their own privacy policies. We do not control or have access to the data collected by third-party ad networks. See our Cookie Policy for information on managing advertising cookies.

4.5 Communications

  • Email address and message content if you contact us directly
  • Feedback or bug reports you choose to submit

We do not seek to collect special categories of personal information (e.g., health, biometric, racial/ethnic origin) and ask that you do not include such information in communications with us.

5. How We Use Your Information and Legal Bases

We use personal information for the following purposes:

Purpose Examples Legal Basis
Provide and operate services Deliver tool functionality, serve web pages Legitimate interests
Security and abuse prevention Detect abuse, prevent DDoS, protect infrastructure Legitimate interests; Legal obligation
Improve and develop services Fix bugs, measure performance, optimise tools Legitimate interests
Respond to communications Answer emails, process feedback Legitimate interests
Display advertisements Serve ads, measure ad performance Legitimate interests; Consent (where required)
Legal and regulatory Enforce terms, comply with law Legal obligation; Legitimate interests

Where we rely on legitimate interests, our interests include: keeping services secure and available, operating and improving our tools, ensuring network security, and communicating with you. You have the right to object at any time (see Section 10).

6. Sharing and Disclosure

We may share your personal information as follows:

Service Providers

  • Cloud hosting and CDN (Cloudflare)
  • Privacy-focused analytics services
  • Infrastructure and security providers

Providers are contractually obligated to keep data confidential and use it only per our instructions.

Advertising Partners

The Services may display advertisements from third-party ad networks. These ad partners may collect data about your browsing activity across websites using cookies and similar technologies to serve relevant advertisements. This data collection is governed by the ad partners' own privacy policies, not ours. See our Cookie Policy for details on managing advertising cookies.

Legal Requirements

  • To comply with court orders, laws, or legal process
  • To respond to lawful government or regulatory requests
  • To investigate fraud or protect rights, property, and safety

Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the successor entity.

We do NOT sell your personal information. We do not share personal information for cross-context behavioural advertising.

7. International Transfers

We operate globally via Cloudflare's edge network. Your data may be processed in the UK, EU, United States, and other jurisdictions. When transferring personal information across borders, we use appropriate safeguards:

For EU/EEA Residents

  • UK adequacy decision for transfers from EU to UK
  • EU Standard Contractual Clauses (SCCs) with supplementary measures for non-adequate countries
  • EU-US Data Privacy Framework where recipients are certified

For UK Residents

  • UK International Data Transfer Agreement (IDTA) or UK Addendum to EU SCCs
  • UK-US Data Bridge where recipients are certified

We implement contractual and technical measures with our processors (including Cloudflare) consistent with applicable laws. Contact us for details about safeguards in place.

8. Security

We implement appropriate technical and organisational measures to protect your personal information:

  • Encryption in transit (TLS 1.3) via Cloudflare
  • Encryption at rest for any temporarily stored data (AES-256)
  • DDoS protection and Web Application Firewall via Cloudflare
  • Automatic deletion of server-processed files within 10 minutes
  • Client-side processing by default to minimise data exposure
  • Regular security reviews

No system is perfectly secure. If we learn of a breach impacting your data, we will notify you and regulators as required by law (within 72 hours for GDPR breaches).

9. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy or as required by law:

Data Category Retention Period
Server-processed files Deleted within 10 minutes of processing
Analytics and telemetry 12 months, then aggregated/anonymised
Support/contact emails 2 years after last correspondence
Server access logs 90 days
Local storage data Stored on your device — you control deletion

10. Your Rights

Your rights depend on where you live. You can exercise them by contacting privacy@kordu.gg.

UK and EU/EEA (GDPR)

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate information
  • Erasure — Request deletion of your data
  • Restriction — Limit how we process your data
  • Portability — Receive your data in a portable format
  • Object — Object to processing based on legitimate interests
  • Withdraw consent — Revoke previously given consent at any time
  • Lodge a complaint — File a complaint with a supervisory authority

We will respond to GDPR rights requests within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

United States (California CCPA/CPRA)

  • Know/Access — Request what personal information we collect
  • Delete — Request deletion of your personal information
  • Correct — Request correction of inaccurate data
  • Opt-out of sale/sharing — We do NOT sell or share personal data for monetary consideration. Third-party advertising cookies may constitute "sharing" under the CCPA — you can opt out by managing cookie preferences or contacting us
  • Non-discrimination — We will not discriminate against you for exercising rights

We will respond to CCPA rights requests within 45 days. This period may be extended by an additional 45 days where reasonably necessary.

Other Jurisdictions

Residents of Brazil (LGPD), Canada (PIPEDA), Australia, and other jurisdictions may have additional rights. Contact us to exercise your rights under your local laws.

Complaints to Regulators

You have the right to lodge a complaint with your local data protection authority:

  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • EU: Contact the supervisory authority in your Member State
  • USA: State Attorney General or FTC

11. Children's Privacy

Kordu Tools is a general-purpose utility website. We do not knowingly collect personal information from children under 13 (or under 16 in the EU where applicable). Our tools do not require account creation or the submission of personal information.

If you are a parent or guardian and believe your child has provided personal information to us (e.g., via email contact), please contact privacy@kordu.gg and we will delete that information promptly.

12. Third-Party Services

The Services may contain links to third-party websites, services, or advertisements. This Privacy Policy does not apply to third-party services. We are not responsible for the privacy practices of third parties, and we encourage you to review their privacy policies before providing any personal information.

Third-party services that may process data in connection with your use of Kordu Tools include:

  • Cloudflare — CDN, security, DDoS protection, and Web Analytics
  • Google Analytics 4 (GA4) — Website analytics, page views, and custom event tracking
  • Microsoft Clarity — Session recordings, heatmaps, and user interaction analysis
  • Google AdSense — Display advertising
  • Google Tag Manager (GTM) — Tag management and orchestration for the above services

Each of these services operates under its own privacy policy. We encourage you to review their respective policies for details on how they handle data.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via prominent website notice, with a new effective date. Your continued use of our services after the effective date means you accept the updated Policy.

14. Contact Us

For privacy inquiries, questions, or to exercise your rights:

KORDU LTD — Data Protection

First Floor Office, 3 Hornton Place

London, W8 4LZ

United Kingdom

privacy@kordu.gg

Company Registration: 16836154

For general inquiries, contact us at contact@kordu.gg.

If you have questions about this document, please contact us at privacy@kordu.gg.