Privacy Policy
Last updated: 2026
1. Who are we?
This Privacy Policy is published by KnGA SAS, operating under the commercial name OKTee, publisher of the OKTee SaaS platform available at www.oktee.app and of the public website available at www.oktee.io.
OKTee is a SaaS solution intended for brands, distributors and wholesalers operating notably on Amazon Vendor Central. Depending on the modules enabled by the customer, the platform allows users to manage orders, procurement, business performance, financial monitoring, product catalog and marketing analysis.
KnGA SAS acts as data controller within the meaning of Regulation EU 2016/679, GDPR, for data collected in connection with customer relationship management, sales prospecting, billing, support and operation of the public website.
When the platform is used by its professional customers, OKTee may also act as a data processor within the meaning of Article 28 of the GDPR for data processed on behalf of its customers, including certain Amazon Vendor Central data, catalog data, ERP data, operational data and business data entrusted to the platform. In this context, the customer’s instructions prevail.
KnGA SAS, 6 rue des Berceaux, 95160 Montmorency, France
Email: privacy@oktee.io
2. What data do we collect and why?
2.1 Data collected when browsing the public website
| Category | Data | Purpose | Legal basis |
|---|---|---|---|
| Technical data | IP address, browser, pages visited, visit duration, technical browsing data | Security, browsing statistics, improvement of the public website | Legitimate interest, Article 6.1.f GDPR |
| Cookies and audience measurement | Technical identifiers, session data, aggregated or pseudonymized browsing data where applicable | Audience measurement, website improvement, performance analysis | Consent where required, Article 6.1.a GDPR, or legitimate interest depending on the cookies concerned |
| Contact or demo form | First name, last name, professional email, company, phone number, job title, message | Processing your contact, demo, information or commercial request | Pre-contractual measures, Article 6.1.b GDPR, or legitimate interest |
2.2 Data collected as part of the OKTee platform
| Category | Data | Purpose | Legal basis |
|---|---|---|---|
| User account | First name, last name, professional email, company, role, access rights, attached organization | Account creation and management, authentication, access to enabled modules | Performance of the contract, Article 6.1.b GDPR |
| Usage logs | Connection timestamps, actions performed, modules used, application events | Security, traceability, support, technical diagnostics, anomaly detection | Legitimate interest, Article 6.1.f GDPR |
| Amazon Vendor Central data | Orders, Purchase Orders, order lines, statuses, confirmations, shipments, inventory, availability, catalog, prices, offers, performance, invoices, payments, deductions, chargebacks, shortages or discrepancies where available and authorized | Provision of the modules enabled by the customer: Supply, Procurement, Business, Marketing, Finance and Administration | Performance of the contract, Article 6.1.b GDPR, and processing on behalf of the customer when OKTee acts as processor |
| Data from customer systems | Product catalog, internal references, ERP data, stock rules, logistics rules, automation settings, accounting or reconciliation data when the relevant module is enabled | Matching with Amazon data, order automation, operational monitoring, business analysis and financial reconciliation where authorized | Performance of the contract, Article 6.1.b GDPR, and processing on behalf of the customer when OKTee acts as processor |
| Billing data | Billing details, SIRET, VAT number, contractual information, data required for payment or collection | Billing management, accounting, collection, legal obligations | Performance of the contract and legal obligation, Articles 6.1.b and 6.1.c GDPR |
3. Amazon Vendor Central data
OKTee connects to its customers’ Amazon Vendor Central accounts through the official Amazon APIs, SP-API, only when the customer has explicitly authorized access to its account.
OKTee never directly asks customers for their Amazon credentials. The connection relies on the official Amazon authorization flow, and the permissions requested are limited to the modules enabled by the customer organization.
Amazon data collected is used exclusively to:
- provide the features of the modules enabled by the customer;
- generate analyses, reports, alerts, dashboards and recommendations within the platform;
- allow automation of certain operations, including order responses, upon customer instruction;
- monitor order statuses, confirmations, shipments, availability, prices, offers and performance where Amazon permissions allow it;
- enable operational or financial reconciliation with the customer’s internal data when the relevant module is enabled.
Specific safeguards:
- Amazon data is never sold, shared for advertising purposes, or used for independent purposes.
- The customer may revoke OKTee’s access to its Amazon Vendor Central account where this option is available in its Amazon interface.
- OKTee uses Amazon APIs in accordance with the authorizations granted by the customer and the roles approved by Amazon.
4. Use of public product page signals
For certain features of the Marketing module, OKTee may collect public signals visible on Amazon product pages, including visible content, public images, availability, price, reviews, ratings or offer signals.
These signals may be collected through specialized technical providers when the required data is not available or not sufficient through official Amazon APIs. OKTee prioritizes official Amazon APIs whenever they provide access to the required data.
5. Data retention
| Type of data | Retention period |
|---|---|
| Active account data | For the duration of the contract, then deletion or anonymization according to the applicable contractual terms. |
| Amazon data required for the service | For the duration of the contract or the period necessary for the operation of the enabled modules, unless deletion is requested, a legal obligation applies or limited technical retention is required. |
| Data from customer systems | For the duration of the contract or the period necessary for the operation of the enabled modules, then deletion or return according to the applicable contractual terms and DPA. |
| Data after termination | Deletion or return according to the Terms of Use, applicable contract and DPA. |
| Billing data | Legal retention period applicable to accounting and tax obligations, generally 10 years. |
| Security logs | Limited period necessary for security, diagnostics, audit or evidence purposes, depending on operational and legal needs. |
| Browsing data and cookies | Period compliant with applicable regulations and recommendations of the competent authority where applicable. |
| Contact requests | Period necessary for commercial or pre-contractual follow-up, then archiving or deletion according to applicable rules. |
6. Data recipients
Data is processed by authorized OKTee teams, including support, product, development, security, management or administration, only when necessary in the context of their responsibilities.
OKTee uses technical providers to provide, host, secure, monitor and improve the platform.
| Sub-processor | Role | Location | Safeguards |
|---|---|---|---|
| Framer | Hosting and delivery of the public website www.oktee.io, legal pages and public content. | Global infrastructure, possible transfers outside the EU. | DPA or applicable contractual terms, with transfer safeguards where required. The public website does not store customers’ operational Amazon data. |
| Vercel Inc. | Hosting and delivery of the OKTee application interface when this infrastructure is used. | Global infrastructure, possible transfers outside the EU. | DPA or applicable contractual terms, with transfer safeguards where required. Background processing and primary storage of customer data are not performed in Vercel. |
| Neon Inc. | PostgreSQL database used by OKTee. | European Union where the configuration allows it. | DPA or applicable contractual terms, with transfer safeguards where required. |
| Railway Corp. | Workers, synchronizations, automated processing and server-side tasks. | European Union where the deployment configuration allows it. | DPA or applicable contractual terms, with transfer safeguards where required. |
| Inngest Inc. | Workflow orchestration, asynchronous tasks and technical execution tracking. | Cloud infrastructure, possible transfers outside the EU. | DPA or applicable contractual terms, with transfer safeguards where required. |
| Sentry Inc. | Application monitoring, error detection and technical diagnostics. | United States, with appropriate contractual safeguards where required. | Standard Contractual Clauses applicable in case of transfer outside the EU. Sensitive data filtering where possible. |
| OpenAI, L.L.C. | AI-assisted analysis for certain Marketing module features enabled by the customer. | United States, with appropriate contractual safeguards where required. | Use limited to OKTee features enabled by the customer. Standard Contractual Clauses where required. |
| Rainforest API | Technical collection of public Amazon product page signals for certain Marketing module features. | Provider infrastructure, possible transfers outside the EU. | Provider contractual safeguards. OKTee prioritizes official Amazon APIs whenever the required data is available through them. |
| Banking and accounting providers | Billing, payments, bank transfers, accounting and legal obligations. | France or European Union depending on the provider used. | Applicable legal, contractual, banking or accounting obligations. |
The full list of sub-processors is available on the Sub-processors page.
OKTee does not sell, rent or transfer any personal data to third parties for commercial purposes.
7. Transfers outside the European Union
Certain technical components of OKTee may involve transfers of data outside the European Union. Where necessary, such transfers are covered by appropriate contractual safeguards, including the European Commission Standard Contractual Clauses or any other mechanism recognized by applicable regulations.
The primary storage of customer data is performed in Europe where the configuration allows it. Certain technical providers, including Framer, Vercel, Sentry, OpenAI, Inngest or Rainforest API, may however involve processing or controlled transfers outside the European Union depending on the services used.
You may obtain additional information on the safeguards implemented by writing to privacy@oktee.io.
8. Your rights
In accordance with the GDPR and the amended French Data Protection Act, you have, in particular, the following rights:
| Right | Description |
|---|---|
| Access, Article 15 | Obtain a copy of the personal data processed by OKTee. |
| Rectification, Article 16 | Correct inaccurate or incomplete data. |
| Erasure, Article 17 | Request deletion of certain data where the legal conditions are met. |
| Restriction, Article 18 | Request temporary restriction of the processing of certain data. |
| Portability, Article 20 | Receive certain data in a structured, machine-readable format. |
| Objection, Article 21 | Object to certain processing activities based on legitimate interest. |
| Withdrawal of consent | Withdraw your consent at any time, without affecting the lawfulness of prior processing. |
To exercise your rights: privacy@oktee.io or legal@oktee.io.
OKTee will respond to requests within the time limits provided by applicable regulations. Identity verification may be requested where necessary.
If you believe your rights are not respected, you may lodge a complaint with the CNIL, the French Data Protection Authority.
9. Data security
OKTee implements appropriate technical and organizational measures to protect data against unauthorized access, loss, alteration or disclosure.
These measures may include role-based access control, rights limitation, encryption of data in transit, secure storage of secrets and tokens, logging, logical separation of customer data, application monitoring and incident response procedures.
For more details, please see the Security page.
10. Cookies
The OKTee public website may use cookies or similar technologies necessary for its operation, security, audience measurement or improvement of the user experience.
Where consent is required, it is requested before the relevant cookies are placed. You may manage your preferences when the cookie banner or cookie management module is available.
11. Changes to this policy
OKTee may update this policy to reflect legal, technical, functional, commercial or security changes.
In the event of a material change, affected customers may be informed by any reasonably appropriate means.
12. Contact
See also: Terms of Use · Security · Sub-processors · DPA · Amazon Integration
Signed DPA