Privacy Policy

Last updated: May 2026

1. Who We Are

Koda Technologies Ltd ("Koda", "we", "us", or "our") is the data controller responsible for the personal data processed through our freight management platform ("Platform"). We are committed to protecting your privacy and handling your data transparently and securely.

If you have questions about this policy or our data practices, please contact us at: hello@kodatechnologies.co.uk

2. What Data We Collect

We collect and process the following categories of personal data:

Account and User Data

  • Full name and email address of Platform users
  • Job role and organisation affiliation
  • Authentication credentials (passwords are hashed and never stored in plain text)
  • Login timestamps and session activity

Shipment and Business Data

  • Names, addresses, EORI numbers, and VAT numbers of shippers, consignees, and agents appearing on shipping documents
  • Contact details for customers, agents, carriers, and airlines in your CRM
  • Commercial documents (invoices, bills of lading, air waybills, packing lists) containing business and personal information
  • Customs declarations and commodity data

Technical Data

  • IP addresses and browser/device information for security and audit purposes
  • Application logs recording actions taken on the Platform
  • Usage patterns to support platform stability and improvement

3. How We Use Your Data

We process personal data for the following purposes:

  • Service delivery: Providing, operating, and maintaining the Koda Platform for your organisation.
  • Authentication and security: Verifying your identity, managing access control, and detecting and preventing fraud or unauthorised access.
  • Document processing: Extracting and structuring shipment data from uploaded documents using OCR technology.
  • Communications: Sending operational notifications (e.g. document requests, proof of delivery confirmations, ETA alerts) relating to your shipments.
  • Compliance and audit: Maintaining records of actions taken on the Platform for audit and legal compliance purposes.
  • Platform improvement: Analysing anonymised usage data to improve the reliability and features of our service.

4. Legal Basis for Processing

We rely on the following legal bases under the UK GDPR:

  • Contractual necessity (Article 6(1)(b)): Processing required to provide the Platform services as agreed in your commercial contract.
  • Legitimate interests (Article 6(1)(f)): Security monitoring, audit logging, and platform improvement where these interests are not overridden by your rights.
  • Legal obligation (Article 6(1)(c)): Retaining records as required by applicable law (e.g. customs and tax regulations).
  • Consent (Article 6(1)(a)): Where we have obtained your explicit consent, for example for marketing communications. You may withdraw consent at any time.

5. Data Sharing

We do not sell your personal data. We may share personal data with the following categories of third parties, strictly as necessary to provide the Service:

  • Cloud infrastructure providers: Amazon Web Services (AWS), used to host the Platform and store documents securely (EU data residency in eu-west-2).
  • OCR processing: Third-party OCR services used to extract data from shipping documents, under confidentiality obligations.
  • Email delivery: Amazon Simple Email Service (SES) for operational notifications.
  • Professional advisers: Legal, accounting, or regulatory advisers where required.
  • Law enforcement or regulators: Where required by law or court order.

All third-party processors are subject to data processing agreements and appropriate safeguards.

6. International Transfers

Your data is stored and processed within the United Kingdom and the European Economic Area (AWS eu-west-2, London). Where any processing occurs outside these regions, we ensure appropriate safeguards are in place in accordance with UK GDPR Chapter V.

7. Data Retention

We retain personal data for as long as necessary to provide the Service and comply with our legal obligations:

  • Account data: Retained for the duration of your organisation's contract plus 7 years (for tax and audit purposes), then securely deleted.
  • Shipment and customs data: Retained for 7 years from the date of shipment completion, in line with HMRC record-keeping requirements.
  • Application logs: Retained for 90 days for security and troubleshooting purposes.
  • Audit logs: Retained for 7 years.

8. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include:

  • Encryption in transit (TLS) and at rest for all stored documents and data
  • Role-based access control with multi-tenant data isolation
  • Pre-signed URLs with short expiry for document access
  • Automated security scanning of dependencies
  • Regular access reviews and audit logging of all data access events

Despite these measures, no transmission over the internet is completely secure. If you believe your data has been compromised, please contact us immediately.

9. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data, subject to legal retention obligations.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us at hello@kodatechnologies.co.uk. We will respond within one month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Cookies

The Platform uses session cookies strictly necessary for authentication. We do not use tracking or advertising cookies. No third-party analytics cookies are loaded on the Platform.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users by email or in-Platform notification. The "Last updated" date at the top of this page reflects when the policy was last revised. Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related enquiries or to exercise your rights, please contact:

Koda Technologies Ltd
Email: hello@kodatechnologies.co.uk
United Kingdom