How Kevala handles information collected through this website. Last updated: April 2026.
This Privacy Policy describes how Kevala ("we", "our", or "Kevala") collects, uses and protects information about visitors to kevalagrc.com and the individuals who register to download or contact us through this website.
Kevala's product is a self-hosted GRC application that customers deploy on their own infrastructure. This policy covers only the marketing website and the information it collects. It does not describe how data is processed inside the Kevala application itself, because that data stays on the customer's own systems and never reaches us.
When you submit a form on this website (download registration, contact form, demo request) we collect:
When you submit a form or visit this website, we automatically record:
This metadata is recorded alongside form submissions for fraud prevention, abuse detection, and audit-log purposes. It is not used for advertising or behavioural tracking.
This website does not use third-party analytics cookies or advertising cookies. Cloudflare may set technical cookies required for security and rate limiting. We do not use marketing pixels (Google Analytics, Facebook Pixel, etc.) on this site.
We use the information you submit only for the purpose you submitted it:
We do not sell, rent, or trade your contact information to third parties. We do not use it for unsolicited marketing campaigns outside the topic you submitted.
Form submissions are delivered to our sales inbox over TLS-encrypted email. Additional metadata may be retained in a restricted-access key-value store operated by Cloudflare for up to 12 months to support audit and abuse-detection purposes.
We take reasonable administrative and technical measures to protect the information you submit, including transport encryption (HTTPS), restricted access to inbox and logs, and limiting the amount of information we request to what is required to respond to you.
We rely on a small number of service providers to operate this website:
These providers process your information only on our instructions and only as needed to deliver the requested service. We do not use them for analytics, profiling or remarketing.
Our service providers (Cloudflare, Resend) operate globally distributed infrastructure. Depending on routing, your request may be processed at a data centre outside your country. Both providers contractually commit to industry standards for cross-border data transfers.
Depending on where you live, you may have the right to:
To exercise any of these rights, email privacy@kevalagrc.com from the address you originally used to contact us. We will respond within 30 days.
This website is intended for business audiences. We do not knowingly collect information from anyone under 16 years of age. If you believe we have collected such information, please email us and we will delete it.
We retain form-submission data for as long as it is needed to respond to your inquiry and for a reasonable period afterwards for audit and record purposes, typically no more than 12–24 months, unless a longer period is required by applicable law or an ongoing commercial relationship.
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. The "Last updated" date at the top of this page always reflects the current version. We encourage you to review this page periodically.
For questions about this Privacy Policy or about how we handle your information, contact: