Skip to main content

Privacy Policy

Learn how we protect your personal information, maintain transparency, and give you control over your data.
A thumbprint surrounded by colourful shapes

1. Introduction

Kolekti Limited (company number 12358486) ("Kolekti") , its parent company Adaptavist Group Limited (UK company number 06878779), and all of its subsidiaries and affiliates (together, with Adaptavist Group LTD known as the “Adaptavist Group”) are committed to preserving the privacy of people with whom we come into contact. Please read the following privacy policy to understand how we collect, use, share, control and protect the information that you provide to us, including Personal Data. If you do not agree with this privacy policy, do not access or use our websites, products and services or interact with any other aspect of our business. By submitting information to us in any way, or by using our websites, systems, products or services ("Services"), or by interacting with us via email, phone, messaging service, in-person meeting or any other means ("Interactions"), you consent to the collection, use and transfer of your information under the terms of this policy by Kolekti and the Adaptavist Group.
We may update this privacy policy from time to time. Amendments to these terms will be effective upon posting and operate as a condition of your continued engagement with Kolekti and Adaptavist (including affiliated companies in the Adaptavist Group) or continued use of our websites, software or services. It is your responsibility to check this page periodically for any updates to this privacy policy. We encourage you to review our privacy policy whenever you use our Services to stay informed about our information practices and the ways you can help protect your privacy.
For the purposes of this Agreement, ‘We’ and ‘Us’ refer interchangeably to Kolekti and any affiliates in the Adaptavist Group.

2. Definitions

The terms below shall have the following meanings:

2.1 "Personal Data Breach," "Controller," "Processor", "Data Subject", "Personal Data", "Processing," "Special Category Data", and "appropriate technical and organisational measures” as used in this Policy shall have the meanings given in the GDPR irrespective of whether GDPR, UK GDPR, or U.S. Data Protection Law applies.

2.2 "Personal Data Breach," "Controller," "Processor", "Data Subject", "Personal Data", "Processing," "Special Category Data", and "appropriate technical and organisational measures” as used in this Policy shall have the meanings given in the GDPR irrespective of whether GDPR, UK GDPR, or U.S. Data Protection Law applies. "Data Protection Law" means European Data Protection Law including UK GDPR and U.S. Data Protection Law that are applicable to the processing of Personal Data under this Policy.

2.3 "Personal Data Breach," "Controller," "Processor", "Data Subject", "Personal Data", "Processing," "Special Category Data", and "appropriate technical and organisational measures” as used in this Policy shall have the meanings given in the GDPR irrespective of whether GDPR, UK GDPR, or U.S. Data Protection Law applies. "European Data Protection Law" means any data protection and privacy laws of Europe applicable to the Personal Data in question, including where applicable

2.3.1 "Personal Data Breach," "Controller," "Processor", "Data Subject", "Personal Data", "Processing," "Special Category Data", and "appropriate technical and organisational measures” as used in this Policy shall have the meanings given in the GDPR irrespective of whether GDPR, UK GDPR, or U.S. Data Protection Law applies. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)("GDPR"); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; (iii) any applicable national implementations of (i) and (ii); (iv) the Swiss Federal Data Protection Act of 19 June 1992 and its Ordinance; and (v) in respect of the United Kingdom, the Data Protection Act 2018, UK GDPR and any applicable national legislation that replaces or converts in domestic law the GDPR or any other law relating to data and privacy as a consequence of the United Kingdom leaving the European Union; in each case as may be amended, superseded or replaced from time to time;

2.4 "Personal Data Breach," "Controller," "Processor", "Data Subject", "Personal Data", "Processing," "Special Category Data", and "appropriate technical and organisational measures” as used in this Policy shall have the meanings given in the GDPR irrespective of whether GDPR, UK GDPR, or U.S. Data Protection Law applies. “U.S. Data Protection Law” means data protection or privacy laws applicable to Personal Data in force within the United States, including the California Consumer Privacy Act (“CCPA”).

3. Regulatory registration

As part of the requirements of the General Data Protection Regulation (GDPR), Kolekti have registered with the Data Commissioner in the United Kingdom and you can see our notification report on their website (after clicking the search link, enter "Kolekti" as the name and click the ‘Search Register’ button).
Any information collected on behalf of Kolekti will be collected, stored and processed by Kolekti within countries that comply with the GDPR. Primarily data is stored within UK / EU / USA data centers, all of which have the appropriate compliance frameworks – including support for GDPR.

4. Contacting Us regarding this Privacy Policy

Kolekti is committed to working with you to ensure compliance with all applicable laws and regulations concerning the protection of Personal Data. Should you wish to exercise any of the rights outlined in this Policy, or have further queries with regards to this Policy, please contact us at contractuals@kolekti.com.

5. Your Usage of websites

5.1 "Personal Data Breach," "Controller," "Processor", "Data Subject", "Personal Data", "Processing," "Special Category Data", and "appropriate technical and organisational measures” as used in this Policy shall have the meanings given in the GDPR irrespective of whether GDPR, UK GDPR, or U.S. Data Protection Law applies. Software downloads

We may make certain software available for download on our websites and may link to software on other, third party websites. This software may be created by Kolekti, Kolekti or by third party vendors. The software may be programmed to access our servers and/or third party servers in order for the software to operate and in order to check for program upgrades or enhancements. From time to time, new files may be added to your computer in order to upgrade the software or add new functionality to it. These changes may occur without notice to you. Use of such software will be governed by any associated or referenced terms and conditions, and instructions on uninstalling such software will similarly accompany or be referenced. In the event that such software is an Kolekti product, use of the product will be governed by a separate Kolekti End User License Agreement.

5.2 Privacy of other websites

Our websites may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we are not responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.

5.3 Users of age 16 and under

If you are aged 16 or under, please get your parent/guardian’s permission beforehand whenever you provide personal information to our websites. Users without this consent are not allowed to provide us with personal information.

5.4 Comments and Ratings
Should any pages on any of our systems allow posting of comments, your username may be associated with any comments (except in areas where anonymous comments are permitted, your post and username will be displayed alongside those comments to anyone who has access to see them).

5.4 Offensive language and behaviour
Kolekti reserves the right to, at its sole discretion, remove any content on its websites.
Kolekti reserves the right to remove content and to remove any user’s access to its Services for content which is offensive, abusive, provocative or for discriminatory language posted on or sent through our Services, at its sole discretion.

6. What information we collect related to you

6.1 Information we get
When you use our Services or have any Interactions with Us, We may collect data related to you, your use of Services, and Interactions. Broadly speaking, this data can be categorised as:
• Cookies and Pixels,
• Product Data (data generated through use of our products in various forms),
• Interaction data (data generated through interactions with us on phone, via email, via the website, or other means), and
• Transactional and Commerce Data (data generated through an actual order or sale of a product or service).
This data (which may include Personal Data) can be described in more detail as:
• Identification information, which may include name, email address, billing or shipping addresses, telephone numbers, screen names, user IDs (potentially with password). This might also include IP addresses;
• Commercial information, which may include payment or financial information which would be appropriately handled (for example through a third party payment platform);
• Technical platform information, which relates to the technical means by which you interact with us, such as operating system, web server type, browser type, or other information regarding your device;
• Web related information, including things such as referring domain;
• Activities related to your use of Services, including website use and records of actions and activities, including search, and communication preferences;
• Educational information, which includes your education history; grades
• Professional information, such as employer or organisational affiliation for a customer or partner; the contents of your resume;
• Geolocation data, which might be extrapolated from other data;
• Communication information, which may include audio, electronic, visual information, as well as any data in any files uploaded, emailed or otherwise provided, and the contents of your communications with us via email, social media, telephone or voice calls, or via whatever Interaction you participated in.

6.2 How we get the information
We collect data, including Personal Data, from a variety of sources depending on the nature of the Services you use or Interaction you have. Sources may include:
• Your direct submission: You may provide information to us via one of our Services or via Interactions. This may be unstructured information (such as that in an email) or a response to a survey, web-form, or other data gathering mechanism.
• This includes Personal Data (including for example, names and e-mail addresses) provided by You or your users or (if applicable) your customers using the Kolekti services
• Indirectly via your use: We may collect information from you in the course of your using Services or our providing services to you. For example, We may observe your actions on one of our websites.
• From Third Parties: We may be provided, or collect, information from various third parties with whom we may contract, or share an integrated service, in connection with our Services. For example:
• third party vendors that help us build or supplement contact lists or information, for example webinar platforms or market intelligence providers; and
• third parties that help us verify records or enrich information We capture about you; and
• third party providers of services (such as online recruiting services) whereby information is sent to us automatically or via request; and
• transactional information from third parties, including information regarding your purchases or evaluations of any of our Services. This may include data from companies such as Atlassian (via Atlassian Marketplace or other means).

6.3 Use of your information
To the extent permitted by law, We will use data provided, including Personal Data, to:
• Provide our Services, including their administration, operation and support, communications related to the Services, and commercial related aspects such as purchasing;
• Meet our legal and regulatory obligations, such as in the area of security;
• Carry out marketing including advertising of our Services, which may include passing your information to external social media platforms (see Marketing Providers) for profiling & deriving new target audiences to whom we may advertise on those platforms.
Please note:
• All marketing email communications from Kolekti shall provide the option to unsubscribe at any time.

7. Retention of data

With regards specifically to Personal Data, We will keep and process your Personal Data only for as long as is necessary for the purposes for which it was collected, unless We have a legal obligation to retain the data for a longer period.
Where We disclose Personal Data to third parties who act as an independent Controller, this data will be retained by the third party in accordance with their own data privacy policy, and in accordance with the data protection laws under which the third party is regulated.
Where We disclose Personal Data to third parties who act as a Processor, this data will be retained by the third party in accordance with our specific requirements.

8. Disclosure of data

8.1 General
In general, there are various people within the Adaptavist Group who may need access to the information that you provide us. They may need this for technical, commercial or compliance reasons, and this will be done in accordance with Adaptavist Group’s internal access control policy.

8.2 Access and administration
The information you provide to us will be held on our computers and may be accessed by or given to our staff, affiliates or subcontractors. You should be aware that the administrator of the Services may be able to:
• access information in and about your account;
• disclose, restrict, or access information that you have provided or that is made available to you when using your account, and;
• control how your account may be accessed or deleted.

8.3 Promotional reference
Clients who purchase goods or services from Us may be referenced in our promotional material and websites. We may identify you by name, trade name, logo and trademark. Should you not want to be listed, please contact us at hello@kolekti.com.

8.4 Third parties and sub-processors
We may use information you provide, including Personal Data, in conjunction with third parties, who may act as Sub-Processor of such data. See Kolekti Third Parties (below) for more information.

8.5 Joint ventures, mergers and acquisitions
Finally, if our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners

9. Kolekti Third Parties

We collaborate with third parties that help us operate, provide, improve, integrate, customise, and support our Services.

9.1 General
You warrant that you have familiarised yourself with and agree to be bound by any applicable third party terms relevant to the Services, including Kolekti software. The information we receive when you link or integrate our services with a third-party service depends on the settings, permissions and privacy policy controlled by that third-party service. You should always check the privacy settings and notices in these third-party services to understand what data may be disclosed to us or shared with our services.

9.2 Service Providers
We work with third-party service providers to supply websites and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for Us, which may require them to access or use information about you that you supply. This may include Personal Data; for details of service providers involved in the processing of personal data please see the Data Processing Addendum, which is included as part of this Privacy Policy.

9.3 Marketing Providers
We work with third-party service providers to enable us to further market and advertise our Services. In order to do this, We may provide them with Personal Data which will be processed in a manner compliant with the appropriate Data Protection Law. Marketing Providers may establish a profile of potential people to whom We might advertise, based on data We provide them. Marketing Providers may include, but are not limited to the following and any further third parties listed in section "Cookies and Pixels:"

9.3.1 Facebook. Refer to privacy policy at https://www.facebook.com/privacy/explanation

9.3.2 LinkedIn. Refer to privacy policy at https://www.linkedin.com/legal/privacy-policy

9.4 Integrated Partners:
Our products integrate with third parties products. We may share your information with these third parties in connection with their services, which will be described in relevant product documentation. Additionally, you may choose to make use of third-party add-ons in conjunction with Kolekti services (or independently). Third-party add-ons are software written by third-parties to which you grant access privileges to your content. We may also share information with these third parties where you have agreed to that sharing. Kolekti Integrated Partners may include, but are not limited to:

9.5 Atlassian. Refer to privacy policy at https://www.atlassian.com/legal/privacy-policy

9.6 AWS. Refer to privacy policy at https://aws.amazon.com/privacy/

9.7 Monday.com: Refer to privacy policy at https://monday.com/l/privacy/privacy-policy/

9.8 Paddle. Refer to privacy policy at https://www.paddle.com/legal/privacy

9.9 Stripe. Refer to privacy policy at https://stripe.com/gb/privacy

10. Overview of Cookies and Pixels

10.1 Overview of Cookies

Cookies are text files placed on your computer to collect visitor behaviour information.
When you visit our websites, or download our products, we collect information on usage from you automatically through cookies. First-party and third-party cookies are used to improve your online experience. Cookies allow you to log in to our systems, connecting various page views together into a session. When you use our products and services you may be asked to provide certain information about yourself, including your name and contact details. We may also collect information about your usage, as well as information you provide during such usage. This includes using our websites, products and services, as well as any correspondence or communication you send.

10.2 Overview of Pixels
A pixel is a block of code placed within a website’s or product’s code that allows measurement of the effectiveness of advertising. When you visit our website and take an action, the pixel collects the data from your behavior and reports the action. Kolekti and our third-party partners use cookies and pixels to provide functionality and to recognize you across different services and devices. We collect this information from you automatically through pixels

11. Specific Types of Cookies and Pixels

11.1 Functionality Cookies
Functionality cookies enable us to monitor the performance of our websites and to enhance your browsing experience. For example, if you set your language or location, We use cookies to save your preferences. For more information about the Cookies used to run our websites, see:
• Squarespace cookies policy Cookies policy

11.2 Marketing and Analytics Cookies and Pixels
We use cookies and pixels to collect data on our users’ behaviour to better understand our visitors’ needs and to personalise the content on our websites. These could include collecting information about which pages you visit to help us present more relevant information.
We send data collected through these cookies to a variety of tools and providers that help us improve our products and services. These tools include but are not limited to the following list. For further details, please see individual privacy policies for each tool or provider:
• Segment (see above)
• Hubspot (see above)
• Google Tag Manager ( Tag Manager terms of service are here. )
• Google Analytics ( Google’s privacy policy is here.)
• Hotjar ( Hotjar’s privacy policy is here )
• Our data storage solution providers such as Amazon S3 (Amazon’s privacy policy here ) and Redshift.

11.3 Advertising Cookies and Pixels
Cookies and pixels allow Kolekti to collect information that enables us to personalise and measure the effectiveness of advertising on our site, in our products and on other websites. For example, We may serve you a personalised ad based on the pages you visit on our websites. Our company might share some limited aspects of this strictly anonymised data with third parties for advertising purposes. Advertising cookies on this site include:
• Facebook Pixel (privacy policy is available here),
• LinkedIn (privacy policy is here),
• Twitter (Twitter is here),
• Reddit ( Reddit is here)
• Quora (Quora is here)
• Bing (Bing’s privacy policy is here)
• Google Analytics (see above)
• Capterra (privacy policy is available here)

11.4 Essential Cookies
Essential cookies are necessary for a website, or for our products, to function as intended. These could include us storing your website data collection preferences so we can honour them if you return to our websites. You cannot opt-out of the essential cookies and doing so would render some of the websites and/or product functionality unusable.

11.5 How to manage cookies
You can often allow or disallow certain types of cookies. Accepting cookies is usually the best way to ensure you get the most from a website. You can normally change your browser settings to restrict, block or delete cookies if you want. Each browser is different, so check the ‘Help’ menu of your particular browser to learn how to change your cookie preferences. Many browsers have universal privacy settings for you to choose from. Get more help about how cookies work with specific browsers. Please note, these instructions may change from time to time

12. Product Data

There are various forms of data that are generated and collected from your use of products. Reasonable efforts are made to encrypt or encode Personal Data data where we know it is present in Product Data.
Broadly, the data generated and collected from your use of products can be categorised as follows:

12.1 Data Types: In-Product Analytics
We analyse behaviour patterns in order to develop product improvements. Such data is exclusively used in order to improve our Services. Kolekti may capture information such as the page that is viewed, the referrer, or the actions actions performed (such as a clicked button). Note that:
• IP addresses may be supplied and in some cases can be resolved to a person, which would render them Personal Data.
• In some cases, we track the software instance that data comes from. In the Atlassian context, this ties to an Enablement ID or a SEN number.
• You can also set your firewall to disallow (block) this traffic.

12.2 Data Types: Diagnostic Data ( Error Logs data )
Our Cloud Apps track errors of our Cloud Apps' resources executed in the end users' browsers in real-time. This includes for example AddOnKey, ClientKey, BaseUrl, anonymised TrackingID, error messages and information about the environment such as browser type, browser version and operating system. It is exclusively used in order to improve our service.
Additionally, web services hosted in our own infrastructure log information, warning and error messages that may contain information about specific web requests or actions taken as part of a Cloud App’s usage. AddOnKey, ClientKey, BaseUrl, AccountId and other context specific information including references to entities within Jira Cloud or Confluence Cloud are included. These logs are stored for 90 days and are used for diagnostic and service improvement purposes only.
Errors from JavaScript in our cloud applications are sent to Sentry to alert Kolekti support. The data sent to Sentry includes organisational data but no individual data. Sentry is running in browser and will diagnose issues. An End User’s IP address is included in the data sent to Sentry, and this in theory can be traced to an individual user (and hence may be considered Personal Data).
In addition, by seeking product support, you may provide log and other information, voluntarily, to our Support staff for analysis and review. It is possible that this can contain Personal Data depending on how you use and configure your products and systems. Application logs may be sent to sub-processors or stored.

12.2.1 Log and supplied information
This is information given voluntarily by a client to our support staff by a client. In theory, this could contain Personal Data embedded within user generated content. This depends on how the client manages Personal Data.
Some of this data may be processed and stored on Kolekti’s AWS based servers.

12.2.2 General Diagnostics
This includes error detection and alerting data. Sentry is running in browser and will diagnose issues. An End User’s IP address is included in the data sent to Sentry, and this can at times be resolved to an individual, which means it can be Personal Data.
This information is sent to Sentry for processing and storage. Depending on configuration, information may also be sent to Slack as there is a slack add-on for notifications.

12.2.3 Aggregated Diagnostics and Session Data
This includes data from each customer’s use of products, for example, usage statistics of product functionality such as the total number of product functions used per day. This data is anonymised. Therefore, we cannot identify the end user this data relates to.
Datadog is used for monitoring synthesized values and metrics such as those outlined above, or CPU usage and requests per second.

12.2.4 Metrics
Application metrics are sent to Datadog for analysis and reporting in order for us to monitor the application’s performance. This will include anonymised organisational data and aggregated data, but no Personal Data by design.

12.3 Data Types: General Data
This includes user generated or configured content or data such as scripts or configuration of cloud based products.
• We store customer scripts for specific Cloud Apps such as ScriptRunner for Jira Cloud and ScriptRunner for Confluence Cloud as well as queries (encrypted), inside our own infrastructure hosted on AWS and managed and operated by Us. There may be a few exceptions where, for example, select low-risk ScriptRunner Cloud data is still hosted on Jira Cloud (Atlassian) storage.
• By design there is normally no Personal Data contained in this data category, though an end user may at their choice configure the products otherwise.

12.4 Data Types: Administrative data
If you are using our Hosted Services for Atlassian Cloud products, Kolekti may have access to data available to an administrator based on the specific applications scopes granted (please see https://confluence.atlassian.com/upm/atlassian-connect-app-scopes-445186491.html for more information on application scopes). Access to this information is strictly controlled and will only be used for specific application functionality which requires it and support services such as initial configuration, routine maintenance such as backups and changes to server configuration and also any bespoke content production or alterations we make upon your request.
In addition, Atlassian will have to retain a copy of your contact details and license key of the Atlassian products for their own records, along with any correspondence you may have with them directly.

12.5 Data Types: Personal Profile Data
Integrated Partners such as Atlassian have very specific ways of defining Personal Data. For Atlassian, this includes data held in a specific set of tables and for a narrow purpose of logically identifying users. Such data may also be processed by service providers such as AWS Cognito or Auth0 in order to enable profile related product features for Kolekti offerings.
This data does not include information which may still resolve to an individual (i.e. Personal Data within the definition prescribed by the GDPR) and which may be embedded in content throughout various applications.
In order to ensure we harmonise in certain instances with our Integrated Partners from a policy standpoint, we recognise this distinctive category of data as Personal Profile Data.

12.6 On-premises products versus Hosted Services (including Cloud Apps)
Kolekti provides on-premises products for which you can acquire a license to use. Use of such products is governed by the Kolekti End User License Agreement . On-premises products include Atlassian-based "Server" and "Data Center" variants of our products. These products, by their nature, will be installed in an environment that a client controls.
Kolekti also provides hosted products for Atlassian Cloud and in addition, Kolekti provides products for Trello; all together, these are our "Cloud Apps" and Cloud Apps are part of "Hosted Services," which also contain other online services that may be made available by Kolekti.
Regarding Cloud Apps:
For a further breakdown of how Personal Data may be processed, please see the Data Processing Addendum, which is included as part of this Privacy Policy.

13. Interaction Data

This is the sum of the digital presence which may be left behind as a result of any Interactions you may have had with Kolekti or its affiliates which falls outside of the scope of a formalised agreement. This includes , but is not limited to, any information you may provide us through our website(s), through any communications you may have with Kolekti or any Kolekti or Adaptavist Group employee in the course of their employment, or through any social media platform. You warrant not to provide Kolekti with any Special Category Data through such Interactions unless explicitly requested by Kolekti.

14. Transactional and Commerce Data

Data regarding any orders / purchases for use of our Services is referred to as Transactional and Commerce Data. This includes (but is not limited to) orders / purchases of:
• licenses to use our software (including products) in whatever form,
• licenses to use 3rd party software, or services, sold through Kolekti.
Transactional and Commerce Data may be provided to us via your placing an order on the phone, via our own online marketplace facilities, via 3rd party marketplace facilities such as the Atlassian Marketplace, our website, officially authorised 3rd party partners or representatives, or other sources.
When placing orders / making purchases, it is important to note and agree to any terms and conditions imposed by third parties, such as Service Providers with whom We may be working to facilitate the order or purchase.

15. Privacy policy addendum for user research activities

For user research (including survey) activities We will collect the data, including personal data, which is described in a research or survey description or its accompanying user research activity information document, for the purposes as set out in that same document.
You have the right to request and obtain a copy of all your personal data and any data derived from it.
We are the data controller for your personal data collected and processed as part of this research, and you agree that we may process your personal data based on your consent. We will use your personal data within Kolekti and its affiliates only for research and informational purposes and to comply with applicable data protection laws. We will try to anonymize your data to the extent that this is feasible. No special category data (as defined in GDPR) is collected as part of this research. We will erase your data on your written request to us.
We use data processors for user research, which will be described in research or survey description or its accompanying user research activity information document, and each of which will have their own privacy policy.