GDPR Compliance

Data Controller

ko.io is operated from Stockholm, Sweden and acts as the data controller for personal data processed through our services.

Legal Basis for Processing

• Contract: Processing account data to provide the Service
• Legitimate interest: Rate limiting, abuse prevention, service improvement
• Consent: Marketing communications (opt-in only)

Your Rights Under GDPR

• Right of access — Request a copy of your personal data
• Right to rectification — Correct inaccurate data
• Right to erasure — Request deletion of your data
• Right to portability — Export your data in a standard format
• Right to restrict processing — Limit how we use your data
• Right to object — Object to processing based on legitimate interest

Data Transfers

Our infrastructure is hosted in Europe (Stockholm, Sweden) and Singapore. Data processing primarily occurs within the EU. For transfers outside the EU, we rely on Cloudflare's Standard Contractual Clauses.

Exercising Your Rights

To exercise any of your GDPR rights, you can:

• Use the data export and account deletion features in your account settings
• Email us at admin@ko.io

We will respond to all requests within 30 days.