Privacy Policy
Last updated: 1 April 2026
Kudu ("we", "us", "our") operates the website withkudu.com and the Kudu application. This policy explains how we collect, use, store, and protect your personal information.
We are an Australian company and comply with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we also respect your rights under the General Data Protection Regulation (GDPR) and UK GDPR. If you are located in another jurisdiction, we will comply with any applicable local privacy laws.
1. Who we are
Kudu is operated by Deven Harrison. For any privacy questions or requests, you can contact us at hello@withkudu.com.
2. Information we collect
We collect different types of information depending on how you interact with us:
Information you give us
- Waitlist sign-up: When you join our waitlist, we collect your email address.
- Correspondence: If you email us, we keep your message and email address so we can respond.
Information collected automatically
- Website analytics: With your consent, we use cookies and similar technologies to understand how visitors use our website. This may include your IP address, browser type, device type, pages visited, time on page, and referring URL.
- Advertising measurement: With your consent, we use tracking pixels to measure how people find our website through advertising.
Information the app will collect (when launched)
- Account information: Name, email address, and password when you create an account.
- Appointment recordings: Audio recordings of medical appointments, made only with your explicit consent each time.
- Summaries: Written summaries generated from your recordings.
- Appointment details: Doctor name, appointment type, clinic, date, and any notes you add.
We will provide detailed information about app data collection before you use the service.
3. Why we collect your information and our legal basis
We use your information for the purposes below. Where GDPR applies, we have listed the legal basis for each use.
| Purpose | Legal basis (GDPR) |
|---|---|
| Send you a notification when Kudu launches | Consent (you signed up) |
| Understand how visitors find and use our website | Consent (cookie consent) |
| Measure the effectiveness of our advertising | Consent (cookie consent) |
| Respond to your emails or enquiries | Legitimate interest |
| Develop and improve the Kudu app | Legitimate interest |
We will never sell your personal information to third parties.
4. Cookies and tracking
When you first visit our website, we ask for your consent before placing any analytics or advertising cookies. You can change your cookie preferences at any time using the "Cookie settings" link in the footer of our website.
If you do not consent, no tracking cookies will be placed and no analytics data will be collected from your visit.
With your consent, our website uses the following third-party services:
| Service | Purpose | Data stored | Retention |
|---|---|---|---|
| Google Analytics | Understand website traffic and visitor behaviour | Page views, session duration, device/browser info, approximate location | 14 months |
| Meta Pixel | Measure ad performance and reach people who visited our website | Page visits, conversion events (e.g. waitlist sign-up) | 180 days |
| Hotjar (Contentsquare) | Understand how visitors interact with our website through heatmaps and session recordings | Mouse movements, clicks, scroll depth, device info | 365 days |
Each of these services has its own privacy policy: Google, Meta, Hotjar.
5. Who we share your information with
We only share your information with service providers who help us operate our website and business. These are:
- Netlify (United States) — website hosting and form submissions. Privacy policy
- Google LLC (United States) — website analytics. Privacy policy
- Meta Platforms (United States) — advertising measurement. Privacy policy
- Contentsquare (Hotjar) (European Union) — website behaviour analytics. Privacy policy
These providers process your data on our behalf and are bound by their own privacy obligations.
We will never share your health information with anyone unless you explicitly choose to share your Kudu summaries.
6. Where your data is stored
Our website is hosted by Netlify, whose servers are located in the United States. Analytics data is processed by Google (US), Meta (US), and Hotjar (EU).
If you are located in the EEA or UK, this means your data may be transferred outside your jurisdiction. These transfers are covered by the service providers' Standard Contractual Clauses and other safeguards as described in their respective privacy policies.
When the Kudu app launches, we will provide full details about where app data (including recordings and summaries) is stored.
7. How long we keep your data
- Waitlist email addresses: We keep these until 12 months after the Kudu app launches, or until you ask us to delete them — whichever comes first.
- Analytics data: Retained according to each service provider's retention periods (see cookies section above).
- Correspondence: We keep emails for as long as needed to resolve your enquiry, then delete them.
When the Kudu app is available, we will update this policy with data retention details for app-related information.
8. How we protect your information
We take reasonable steps to protect your personal information from misuse, loss, unauthorised access, and disclosure. Your email address is stored securely through Netlify's form handling infrastructure.
When the Kudu app launches, all appointment recordings and summaries will be encrypted in transit and at rest. We will provide full details of our security practices before you use the app.
9. Your rights
Depending on where you live, you may have some or all of the following rights over your personal information:
- Access: Ask us what personal information we hold about you.
- Correction: Ask us to fix any information that is wrong.
- Deletion: Ask us to delete your personal information.
- Data portability: Ask us to give you a copy of your data in a common, machine-readable format (GDPR/UK GDPR).
- Withdraw consent: You can withdraw consent at any time (for example, by changing your cookie settings or unsubscribing from emails). This does not affect any processing that happened before you withdrew.
- Restrict or object to processing: You can ask us to stop or limit certain uses of your data (GDPR/UK GDPR).
- Opt out of marketing: You can opt out of marketing communications at any time.
To exercise any of these rights, contact us at hello@withkudu.com. We will respond within 30 days.
Complaints
If you are in Australia and are not satisfied with how we have handled your information, you have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection authority.
10. Children's privacy
Our website and service are not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with their information, please contact us at hello@withkudu.com and we will delete it.
11. Changes to this policy
We may update this policy from time to time. Any changes will be posted on this page with an updated date. If we make significant changes, we will notify waitlist subscribers by email.
12. Contact us
If you have any questions about this privacy policy or how we handle your personal information, please contact:
Deven Harrison
Kudu
hello@withkudu.com