Legal · Privacy

Privacy & GDPR

Karta is operated from Berlin, Germany, and fully complies with the EU General Data Protection Regulation (Regulation (EU) 2016/679 — GDPR), the German Federal Data Protection Act (BDSG), and the ePrivacy Directive as implemented in EU/EEA member states.

1. Controller

The controller responsible for processing personal data on this site (Art. 4(7) GDPR) is:

Shreekara Nagesh Kulkarni

Hochstraße 12 E, 13357 Berlin, Germany

Email: hi@kartaspace.com

2. What we collect and why

Waitlist signups: email address, selected role, interface language. Legal basis: your explicit consent (Art. 6(1)(a) GDPR). Used only to contact you about early access.
Newsletter / marketing: only if you tick the separate, unticked newsletter box and confirm the double opt-in email. You can unsubscribe at any time using the link in every email.
Proof of consent: a hashed IP address, browser user-agent, timestamp and consent version, stored to prove valid consent (Art. 7(1) GDPR). The raw IP is never persisted.
Server logs: minimal access logs (request path, status, truncated IP) for security and abuse prevention. Legal basis: legitimate interest (Art. 6(1)(f) GDPR). Retained no longer than 30 days.

3. Cookies & tracking

Karta uses only strictly-necessary first-party storage for your theme and language preference (Art. 6(1)(f) GDPR, no consent required under § 25(2) TTDSG). We do not set advertising cookies and do not run cross-site tracking. Any future analytics would be enabled only after your explicit, granular consent through the cookie banner.

4. Processors & EU hosting

We process data only with vetted providers under a Data Processing Agreement (Art. 28 GDPR). Hosting and database are operated within the EU/EEA. Where a provider may transfer data outside the EEA, we rely on the EU Standard Contractual Clauses (Art. 46 GDPR) and the EU–U.S. Data Privacy Framework where applicable.

5. Retention

Waitlist data is retained until you ask us to delete it, or for up to 24 months of inactivity, whichever comes first. Consent records are kept for the statutory limitation period.

6. Your rights (Art. 15–22 GDPR)

You have the right to access, rectification, erasure, restriction of processing, data portability, and objection. You may withdraw consent at any time with effect for the future. Write to hi@kartaspace.com. You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR), e.g. the Berlin Commissioner for Data Protection and Freedom of Information.

7. Security

Data is transmitted over TLS and stored with row-level security in an EU-hosted Postgres database. Access is limited to the controller. We follow Art. 32 GDPR appropriate technical and organisational measures.

8. Changes

We may update this notice to reflect product or legal changes. The current consent version is 2026-06-19.

← Imprint