Legal

Privacy Policy

How KiCad Services Corporation collects, uses, and protects your information.

Effective date: May 11, 2026 Last updated: May 11, 2026

This Privacy Policy explains how KiCad Services Corporation (“we,” “us,” or “our”) collects, uses, shares, and protects personal information when you interact with us — whether you visit our website, engage us for software support, attend our training sessions, hire us as consultants, or communicate with us in any other way. We are based in California and serve clients in the United States and internationally.

We’ve written this policy to be readable. If anything is unclear, please contact us at the address at the end of this document.

Scope note. This policy describes our default practices. Where you have signed a contract with us — such as a master services agreement, statement of work, training agreement, or data processing addendum — that contains specific provisions on the handling, security, retention, or return of personal information, those contract provisions control over this policy for the data covered by that engagement. This policy applies to all other interactions and to any aspects of an engagement not specifically addressed by contract.

1. Who we are

KiCad Services Corporation is a California public benefit corporation providing software support, training, and consulting services for the KiCad electronic design automation platform and related work. Our principal place of business is at 1108 E Burlinghall Dr, Long Beach, CA 90807, USA. For privacy matters, you can reach us at [email protected].

When this policy refers to a “data controller” or equivalent role, KiCad Services Corporation is the controller for the personal information described below, except where we act as a processor on behalf of a client (see Section 9).

2. Information we collect

We collect information in three ways: information you give us directly, information collected automatically when you use our website or services, and information we receive from third parties.

2.1 Information you provide directly

  • Contact and account details: name, employer, job title, email address, phone number, postal address, and similar identifiers you share when you contact us, request a quote, sign a contract, register for training, open a support ticket, or subscribe to our communications.
  • Project and engagement information: the content of communications, files, source code, schematics, designs, configurations, logs, or other materials you send us to deliver support, training, or consulting services.
  • Payment information: billing address, tax identifiers, and bank or wire details needed to invoice and receive payment. Credit card processing, if any, is handled by a third-party payment processor; we do not store full card numbers on our systems.
  • Training records: registration details, attendance, course progress, evaluations, and any certificates issued.

2.2 Information collected automatically

  • Website usage data: IP address, approximate location derived from IP, browser type and version, operating system, referring URL, pages viewed, timestamps, and similar log data.
  • Cookies and similar technologies: see Section 7.
  • Service telemetry: if you use a hosted tool or portal we provide, we may collect operational logs (e.g., login events, error reports, feature usage) needed to run and secure the service.

2.3 Information from third parties

  • Referrals and public sources: business contact details from partners, conference organizers, or public professional profiles where lawful.
  • Vendors: information from our payment processor, email provider, CRM, and analytics provider, limited to what’s necessary to support the relationship.

We do not knowingly collect special-category data (such as health, biometric, or political data). Please don’t send us such information.

3. How we use information

We use personal information for the following purposes:

  • Delivering services: providing software support, training, and consulting; communicating about engagements; granting access to materials; issuing certificates.
  • Account and contract administration: quoting, contracting, invoicing, collecting payment, and keeping required business records.
  • Customer communications: answering questions, sending service updates, and responding to feedback.
  • Marketing (limited): sending occasional updates about our services to existing customers and to people who have opted in. You can unsubscribe at any time using the link in any marketing email.
  • Website operation and improvement: running and securing our site, understanding aggregate usage, and improving content.
  • Security and fraud prevention: detecting, investigating, and preventing abuse, unauthorized access, and security incidents.
  • Legal compliance: meeting tax, accounting, export-control, and other regulatory obligations, and responding to lawful requests.

4. How we share information

We do not sell personal information. We share it only as described below.

  • Service providers (processors): cloud hosting, email delivery, accounting, CRM, payment processing, analytics, helpdesk, and similar vendors that process data on our behalf under written agreements.
  • Clients and partners, when relevant to your engagement: for example, sharing training attendance with the employer who paid for the training, or sharing project deliverables with the client who commissioned them.
  • Professional advisors: lawyers, accountants, and auditors under duties of confidentiality.
  • Legal and safety: when required by law, court order, or to protect rights, safety, or property.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality protections.

A current list of major sub-processors is available on request.

5. International transfers

We are based in California, USA. We serve clients internationally, and we use service providers in the United States and other countries. If you contact us or use our services from outside the United States, your personal information will be transferred to, processed in, and stored in the United States, where data protection laws may differ from those of your country. By interacting with us, you understand that this transfer is necessary to provide the services you request.

Where required by applicable law or by contract, we put appropriate safeguards in place for cross-border transfers. Contact us if you would like more information about the safeguards we use for a specific engagement.

6. How long we keep information

We keep personal information only as long as needed for the purposes described in this policy, including legal, tax, and accounting requirements. Typical retention guidelines:

  • Contract and billing records: for the duration of the engagement and for the period required by applicable tax and corporate law (commonly 6–10 years).
  • Project and support materials: for the duration of the engagement plus a reasonable archival period (typically up to 7 years), unless the contract specifies otherwise.
  • Training records and certificates: as long as needed to verify completion, typically up to 10 years.
  • Marketing contacts: until you unsubscribe or we determine the contact is no longer active.
  • Website logs and analytics: generally up to 13 months in identifiable form.

When personal information is no longer needed, we delete, anonymize, or securely archive it.

7. Cookies and similar technologies

Our website uses a small number of cookies and similar technologies:

  • Strictly necessary cookies for site functionality and security. These are always on.
  • Analytics cookies to understand how visitors use the site in aggregate. Where required by law, we ask for your consent before setting these.
  • Preference cookies to remember settings like language.

You can control cookies through your browser settings and, where offered, through the cookie banner on our site. Disabling some cookies may affect functionality.

8. Your rights

Depending on where you live, you may have some or all of the following rights:

  • Access: request a copy of the personal information we hold about you.
  • Correction: ask us to correct inaccurate or incomplete information.
  • Deletion: ask us to delete your information, subject to legal exceptions.
  • Restriction or objection: ask us to pause or stop certain processing, including objecting to direct marketing at any time.
  • Portability: ask for your information in a structured, machine-readable format.
  • Withdraw consent: where processing is based on consent, you can withdraw it at any time without affecting prior processing.
  • Complain: lodge a complaint with the data protection authority in your jurisdiction.

California residents: under the CCPA/CPRA you have rights to know, delete, correct, and limit certain uses of your personal information, and a right not to be discriminated against for exercising these rights. We do not sell or “share” personal information for cross-context behavioral advertising as those terms are defined under California law.

To exercise any of these rights, contact us at [email protected]. We will respond within the timeframes required by applicable law. We may need to verify your identity before acting on a request.

9. When we act as a processor

When we provide support or consulting services that involve us handling personal information on behalf of a client (for example, accessing a client’s user database during a support engagement), we act as a processor or service provider. In those cases, the client is the controller, our handling is governed by the services agreement or a separate data processing addendum, and the terms of that contract control over this policy. Individuals should direct privacy requests to the client in the first instance. We will assist clients in responding to such requests as required by contract and law.

10. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, and destruction. These include access controls, encryption in transit, secured backups, vendor due diligence, and staff confidentiality obligations. No system is perfectly secure; if we become aware of a breach affecting your personal information, we will notify you and the relevant authorities as required by law.

11. Children

Our services are intended for businesses and professionals. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, contact us and we will delete it.

Our website and materials may link to third-party sites and services. We are not responsible for their privacy practices. Please review their policies before providing personal information.

13. Changes to this policy

We may update this policy from time to time. We will post the updated version on our website and update the “Last updated” date above. For material changes, we will provide additional notice (for example, by email or a prominent notice on our site). Continued use of our website or services after the effective date constitutes acceptance of the updated policy.

14. Contact us

If you have questions about this policy or about how we handle your personal information: