Privacy Policy
1. Introduction
This Privacy Policy explains how Klendus ("Klendus", "we", "us", or "our") collects, uses, stores, and protects personal information when you visit klendus.com, email us, or book a scoping call with us.
We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the UK GDPR where applicable, as well as other applicable data protection laws.
Where this policy refers to "personal data" or "personal information," it means any information relating to an identified or identifiable natural person, as defined under GDPR Article 4(1).
2. Who We Are
Klendus is an on-chain forensic audit practice that traces crypto payment paths between vendors and employee-linked wallets and delivers documented findings to internal audit, legal, and HR teams.
For the purposes of GDPR, Klendus is the data controller of the personal information described in this policy.
Contact for privacy matters: team@klendus.com.
3. Information We Collect
3.1 When you book a scoping call
Scoping calls are booked through a Google Calendar appointment scheduling page embedded on our contact page. To book a call, you are asked to provide:
- First name
- Last name
- Email address
This information is submitted directly to Google and stored in our Google Workspace calendar. Google acts as our processor for the scheduling service. See Google's Privacy Policy for details on how Google processes this data.
3.2 When you email us
If you email team@klendus.com, we receive whatever information you choose to include in your message and any attachments. On our contact page we suggest you may share, if you wish to:
- Industry
- Suspected timeframe of the matter
- Whether you already have a vendor or wallet list
You decide what to disclose. We expressly recommend that anything sensitive (specific names, internal documents, wallet identifiers) wait for a confidential call rather than be sent by email.
Email is delivered via Google Workspace. Google processes message content and metadata as our processor.
3.3 Information collected automatically when you visit our website
When you visit klendus.com, the following information may be collected automatically:
- IP address
- Browser type, version, and language
- Device and operating system information
- Date, time, and duration of your visit
- Pages viewed, referring URL, and on-page interactions
This information is collected through our hosting provider's server logs and, where you have consented, through Google Analytics (see Section 6).
4. How We Use Your Information
We process personal data for the following purposes:
- To respond to your inquiry and arrange or conduct a scoping call
- To deliver, scope, and document forensic engagements for clients
- To manage contractual relationships with prospective and existing clients
- To operate, maintain, and secure our website and email systems
- To measure aggregate website usage (where you have consented to analytics)
- To comply with legal, tax, and accounting obligations
We do not sell, rent, or otherwise commercialize personal data. We do not use personal data for advertising or profiling.
5. Legal Basis for Processing (GDPR)
Under the GDPR, we rely on the following legal bases for processing personal data:
- Contract (Art. 6(1)(b)): processing necessary to take steps at your request prior to entering a contract (e.g. responding to your inquiry, scheduling a scoping call, scoping an engagement), and to perform an engagement once agreed.
- Legitimate interests (Art. 6(1)(f)): operating and securing our website, defending or pursuing legal claims, and conducting normal business correspondence. Our legitimate interest is balanced against your rights and freedoms.
- Consent (Art. 6(1)(a)): the placement of non-essential cookies and use of analytics (Google Analytics). You may withdraw consent at any time via our cookie banner or browser settings; withdrawal does not affect processing carried out before withdrawal.
- Legal obligation (Art. 6(1)(c)): retaining records to meet tax, accounting, and other statutory obligations.
6. Cookies & Analytics
klendus.com uses cookies and similar technologies to operate the site, remember your consent preferences, and (with your consent) measure aggregate visitor behaviour.
We use CookieYes as our consent management platform. The first time you visit, a banner is shown that lets you accept, reject, or choose which non-essential cookie categories you allow. Non-essential cookies (including Google Analytics) are not loaded until you opt in.
We use Google Analytics 4 (measurement ID G-RGEZ4YHJ42) to understand aggregate site usage. Analytics is only active where you have given consent through the banner. IP addresses are processed by Google in line with its data collection and privacy documentation.
A full list of cookies, their purposes, providers, and lifetimes is published in our Cookie Policy. You can change or withdraw your consent at any time by reopening the cookie banner from any page.
7. Third-Party Service Providers
We share personal data with the following processors strictly to provide the services described. Each is bound by a data processing agreement or equivalent contractual terms.
Website hosting
Netlify, Inc. hosts klendus.com and may process IP addresses, request metadata, and standard server logs for purposes of delivery, performance, and security. See Netlify's privacy notice.
Email & calendar (Google Workspace)
Our email (team@klendus.com) and call-booking calendar are provided by Google Workspace. Google processes message content, calendar entries, and the booking form fields (first name, last name, email) as our processor. See Google's Privacy Policy and Google Cloud Data Processing Addendum.
Analytics
Google Analytics 4 is loaded only where you consent through our cookie banner. Google may process IP addresses, device identifiers, and on-page event data on our behalf.
Consent management
CookieYes records your cookie consent choice (accept, reject, or category-level preference) so we can respect it on subsequent visits and demonstrate consent under GDPR.
We may also share information with professional advisors (accountants, lawyers) where strictly necessary and under confidentiality. We do not sell personal data and we do not share personal data for advertising.
8. International Data Transfers
Some of our processors (notably Google and CookieYes) are headquartered or operate outside the European Economic Area and the United Kingdom. Where personal data is transferred outside the EEA/UK, it is protected by:
- European Commission adequacy decisions, where applicable;
- Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional safeguards where required;
- Equivalent legal mechanisms under the UK GDPR.
You may request a copy of the relevant safeguards by contacting us at team@klendus.com.
9. Data Retention
- Inbound emails and call-booking records: retained for the duration of the relationship and up to 24 months after our last substantive contact, then deleted unless retention is required for legal reasons.
- Engagement records (contracts, deliverables, supporting documentation): retained for the duration of the engagement and for at least 7 years thereafter to meet tax, accounting, and statute-of-limitations requirements.
- Server logs and security telemetry: retained for short periods by our hosting and email providers in line with their published policies.
- Cookie consent records: retained by CookieYes for up to 12 months from the date of consent, or until you change your preferences.
- Google Analytics data: retained for up to 14 months in our Google Analytics property.
10. Data Security
We use reasonable organisational and technical measures to protect personal data, including: TLS in transit, access controls on Google Workspace, multi-factor authentication on administrative accounts, and the principle of least privilege for engagement materials.
However, no method of internet transmission or electronic storage can be guaranteed to be completely secure. If we become aware of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected individuals as required by GDPR Articles 33 and 34.
11. Your Rights
If GDPR or UK GDPR applies to you, you have the following rights:
- Access — confirm whether we process your personal data and obtain a copy
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your data ("right to be forgotten")
- Restriction — limit how we use your data
- Objection — object to processing based on legitimate interests
- Portability — receive your data in a structured, machine-readable format
- Withdraw consent — for analytics or any other consent-based processing, at any time
- Lodge a complaint with the data protection supervisory authority in your country of residence
To exercise any of these rights, email team@klendus.com. We respond within 30 days, or explain why a longer period is needed (up to a further two months) in line with GDPR Article 12(3).
12. Children's Data
Our website and services are intended for business audiences and are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
13. Third-Party Links
Our website and emails may contain links to external sites that we do not operate. We are not responsible for the privacy practices or content of third-party websites. We encourage you to review their privacy policies before providing any personal data.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be published on this page with a revised effective date. If a change materially affects how we process data you have already provided, we will take reasonable steps to notify you directly.
15. Contact
For privacy-related questions, complaints, or to exercise any of your rights under this policy, contact: team@klendus.com.