Privacy Policy and Personal Data Protection

1. Data Controller

Kontafico is the controller of personal data collected through kontafico.com and operates under Costa Rica Law 8968 and its regulations.

For privacy questions, contact privacidad@kontafico.com.

2. Data Processing Roles

When you upload data about your own clients, suppliers, or employees, you act as the data controller and Kontafico acts as data processor.

For your own account and usage data, Kontafico acts as the data controller.

3. Personal Data We Collect

We collect identification, contact, access, analytics, financial, and accounting data, plus the .p12 certificate when you upload it for document signing.

• Name, tax ID, and trade name
• Email, phone number, and address
• IP address, browser, device, and activity logs
• Invoices, accounting entries, financial statements, and required bank data
• Payment data processed by Stripe
• Point of Sale (POS) transaction data: sales, payments, cash shifts, and inventory movements.

4. Purposes of Processing

We process data to provide and improve our services, authenticate users, comply with tax obligations, send essential operational communications, and prevent fraud or abuse.

5. Legal Bases for Processing

Our legal bases include contract performance, legal obligation, consent for non-essential purposes, and legitimate interest in security and service improvement.

6. Data Retention

Tax records are kept for at least 5 years under Costa Rican tax regulations.

Account and usage data are retained for the duration of the customer relationship and an additional reasonable period for claims and compliance.

7. Disclosure to Third Parties

Your data may be shared with Hacienda, BCCR, and our infrastructure and payment providers when necessary to provide the service.

We do not sell personal data for commercial or advertising purposes.

8. International Data Transfers

Some subprocessors operate outside Costa Rica. For those transfers we apply contractual safeguards and equivalent protection measures.

9. Data Security

We use encryption in transit and at rest, role-based access controls, audit logs, and security monitoring.

No system is completely infallible, and the security of your account also depends on your responsible handling of credentials.

10. Requests from Authorities

We may disclose information when required by a court order or a valid request from a competent authority, limiting disclosure to what is strictly necessary.

11. Your Rights as Data Subject

You may exercise rights of access, rectification, deletion, objection, portability, and withdrawal of consent by contacting privacidad@kontafico.com.

If you believe your rights have not been respected, you may file a complaint with PRODHAB.

12. Cookies and Tracking Technologies

We use strictly necessary cookies and limited analytics/performance tools to improve stability and experience.

We do not use behavioral advertising cookies or share browsing data with ad networks.

13. Minors

Kontafico services are intended for adults over 18 or legal entities represented by adults. We do not intentionally collect minors’ data.

14. Changes to this Policy

We may update this policy periodically and will provide reasonable prior notice by email for material changes.

15. Governing Law and Jurisdiction

This policy is governed by the laws of the Republic of Costa Rica, especially Law 8968 and its regulations.