Skip to main content
NEKOD

Legal

Privacy Policy

Last updated: April 2026

1. Who We Are

NEKOD B.V. ("NEKOD", "we", "us", "our") is a company registered in the Netherlands, with offices in Amsterdam, Netherlands and San Francisco, USA. We provide quality assurance and governance services for vibe coded applications.

For questions about this policy, contact us at: privacy@nekod.co

2. What Data We Collect

Data you provide directly

  • Contact information: name, email address, company name, phone number - when you fill out our contact form or book a demo.
  • Account data: email and authentication details if you create an account on our platform.
  • Communication data: messages you send us via email, contact forms, or other channels.
  • Newsletter subscription: email address if you opt in to our newsletter.

Data collected during assessments

  • Code repository access: read-only access to source code repositories you share with us for assessment purposes.
  • Database schema information: structure and configuration data (not end-user data) reviewed during security audits.
  • Assessment results: findings, scores, and reports generated from our analysis.

Data collected automatically

  • Usage data: pages visited, time on site, referral source - collected via analytics.
  • Device data: browser type, operating system, screen resolution.
  • Cookies: we use essential cookies for site functionality. See Section 7.

3. How We Use Your Data

We use your personal data to:

  • Provide and deliver our assessment and governance services
  • Respond to your inquiries and support requests
  • Send you service updates and, with your consent, marketing communications
  • Improve our website and services
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process your data based on:

  • Contract performance: when processing is necessary to deliver services you have purchased.
  • Legitimate interest: for website analytics, service improvement, and business communications.
  • Consent: for newsletter subscriptions and optional marketing communications. You can withdraw consent at any time.
  • Legal obligation: when required by law, regulation, or legal process.

5. Data Sharing

We do not sell your personal data. We may share data with:

  • Service providers: hosting (Vercel), email delivery (Resend), analytics, and CRM tools that process data on our behalf.
  • Engineering partners: when technical expertise is needed for your assessment, under strict confidentiality agreements.
  • Legal requirements: if required by law, regulation, or valid legal process.

6. Data Retention

We retain your personal data only as long as necessary for the purposes described above. Contact form submissions are retained for up to 2 years. Assessment data is retained for the duration of our engagement plus 1 year, unless you request earlier deletion.

7. Cookies

We use essential cookies required for the website to function. We use analytics cookies only with your consent. You can manage cookie preferences through your browser settings.

8. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability - receive your data in a structured format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time for consent-based processing

To exercise these rights, email us at privacy@nekod.co. We will respond within 30 days.

9. International Transfers

Your data may be processed in the Netherlands, the United States, or other countries where our service providers operate. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required.

10. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit and at rest, access controls, and regular security reviews.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via our website or email. The "Last updated" date at the top indicates the most recent revision.

12. Contact

For questions, requests, or complaints about this policy or our data practices:

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.