Skip to main content
Kanrix
Features Pricing About
By Workflow
Strategy DeploymentKPI ManagementOperational PerformanceStrategy ReviewsTeam Alignment View all use cases →
By Industry
ManufacturingHealthcarePharma & Life SciencesLogisticsEnergy & UtilitiesMiningAerospace & AviationFood & Beverage View all industries →
BlogFree Tools
Contact
EN English DE Deutsch FR Français ES Español
Book a Demo
FeaturesPricingAbout Use Cases Blog Free Tools Contact
EN DE FR ES
Book a Demo
Legal

Privacy Policy

How Kanrix collects, uses, and protects your personal data.

Last updated: March 19, 2026

Contents
1. Overview 2. Data We Collect 3. How We Use Your Data 4. Legal Basis (GDPR) 5. Data Sharing 6. Retention 7. Your Rights 8. Cookies 9. Security 10. International Transfers 11. Children 12. Changes 13. Contact

1. Overview

Kanrix GmbH ("Kanrix", "we", "us", or "our") operates the strategy deployment and KPI management platform available at kanrix.com and associated subdomains (the "Service").

This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have. It applies to visitors to our website and to customers and users of the Kanrix platform.

We are committed to processing personal data in accordance with the General Data Protection Regulation (GDPR), the UK GDPR, and all other applicable data protection laws.

2. Data We Collect

2.1 Data you provide directly

  • Account information: name, work email address, company name, job title, and password when you register for or use the Service.
  • Contact form submissions: name, work email, company, role, industry, and the content of your message when you use our contact or demo-booking forms.
  • Payment information: billing address and payment card details. Card data is processed directly by our payment processor (Stripe) and is never stored on Kanrix servers.
  • Communications: emails, support tickets, and other correspondence you send us.
  • User-generated content: KPI data, strategy documents, project information, and other content you upload or create within the platform.

2.2 Data collected automatically

  • Usage data: pages visited, features used, session duration, and in-app actions.
  • Technical data: IP address, browser type and version, operating system, device type, and timezone.
  • Cookies and similar technologies: see Section 8 for details.

2.3 Data from third parties

  • If you connect an ERP system, database, or API to Kanrix, we process the operational data you authorise us to access. This data is used solely to provide the integration features you have configured.
  • If you sign in via a third-party SSO provider (e.g. Google Workspace, Microsoft Azure AD), we receive your name and email address from that provider.

3. How We Use Your Data

We use the data we collect to:

  • Provide, operate, and improve the Kanrix Service
  • Create and manage your account
  • Process payments and send billing-related communications
  • Respond to enquiries, support requests, and feedback
  • Send product updates, feature announcements, and administrative notices
  • Send marketing communications where you have given consent or where we have a legitimate interest (you may opt out at any time)
  • Analyse platform usage to improve performance and user experience
  • Detect, investigate, and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your operational data (KPIs, strategy content, project data) for any purpose other than operating the features you have configured.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions where a legal basis is required, we rely on the following:

Purpose Legal Basis
Providing the contracted Service Performance of a contract (Art. 6(1)(b))
Processing payments Performance of a contract (Art. 6(1)(b))
Responding to enquiries Legitimate interests (Art. 6(1)(f))
Product updates & administrative notices Legitimate interests (Art. 6(1)(f))
Marketing communications Consent (Art. 6(1)(a)) or Legitimate interests
Security and fraud prevention Legitimate interests (Art. 6(1)(f))
Legal compliance Legal obligation (Art. 6(1)(c))

5. Data Sharing

We share personal data only with:

  • Service providers and sub-processors who process data on our behalf under strict contractual obligations — including cloud infrastructure (AWS), payment processing (Stripe), email delivery (Postmark), analytics, and customer support tooling.
  • Your organisation: if your account is associated with an enterprise subscription, your employer or organisation may have access to your account activity and content as a platform administrator.
  • Legal authorities where required by applicable law, court order, or to protect Kanrix's rights.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

A full list of our current sub-processors is available on request at privacy@kanrix.com.

6. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this policy, and no longer than:

  • Account data: for the duration of your subscription plus 90 days after account closure (to allow for reactivation), then deleted or anonymised.
  • Platform content (KPIs, projects, strategy data): deleted within 30 days of account closure unless a longer retention period is required by law.
  • Billing records: up to 7 years in accordance with financial record-keeping requirements.
  • Marketing communications: until you unsubscribe or object to processing.
  • Support communications: up to 3 years from the date of the most recent interaction.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your data ("right to be forgotten"), subject to legal obligations.
  • Restriction: request that we restrict processing of your data in certain circumstances.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests, including direct marketing.
  • Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, email privacy@kanrix.com. We will respond within 30 days. If you are unhappy with our response, you have the right to lodge a complaint with your local data protection authority.

8. Cookies

We use cookies and similar technologies for the following purposes:

Category Purpose Basis
Strictly necessary Session management, authentication, security Necessary for the Service
Preferences Remembering your theme (light/dark) and language preference Legitimate interests
Analytics Understanding how visitors use the site (aggregate, anonymised) Legitimate interests / Consent

You can manage or delete cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

9. Security

We implement industry-standard technical and organisational measures to protect your personal data, including:

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • Role-based access controls and principle of least privilege
  • Regular security assessments and penetration testing
  • Employee security training and background checks
  • Incident response procedures and breach notification processes

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, notify affected individuals without undue delay.

10. International Data Transfers

Kanrix is headquartered in the European Union. Where we transfer personal data to countries outside the EEA that do not have an adequacy decision from the European Commission, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • The EU-U.S. Data Privacy Framework where applicable

Copies of the safeguards we use are available on request at privacy@kanrix.com.

11. Children

The Kanrix Service is designed for business use and is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@kanrix.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by email (if you are a registered user) or by posting a notice on our website at least 14 days before the changes take effect. The updated policy will always be available at kanrix.com/privacy.

13. Contact Us

For any questions about this Privacy Policy or to exercise your data rights:

Data Controller: Kanrix GmbH

Privacy enquiries: privacy@kanrix.com

General enquiries: hello@kanrix.com

Kanrix

Deploy Strategy. Drive KPIs. Dominate Execution. Built for every organisation that takes strategy seriously.

Product

  • Features
  • Pricing
  • Book a Demo
  • Integrations

Company

  • About
  • Contact
  • Careers
  • Changelog

Resources

  • Blog
  • Case Studies
  • Hoshin Kanri Guide
  • X-Matrix Explained
  • Hoshin Kanri vs OKRs
  • KPI Framework Guide
  • KPI Best Practices
  • Strategy Review Cadence
  • X-Matrix vs Balanced Scorecard

Tools

  • Free Tools
  • X‑Matrix Builder
  • KPI Scorecard
  • 5 Why Analyzer
  • A3 Problem Solver
  • 8D Report Builder
  • Tier Meeting Board
  • RCCM Worksheet
© 2026 Kanrix. All rights reserved.
Security Privacy Policy Terms of Service