Koios

Privacy Policy

Koios Digital LLC d.b.a Koios
https://koios.sh

Effective Date: February 13, 2026
Last Updated: February 13, 2026

1. Introduction

This Privacy Policy describes how Koios Digital LLC d.b.a Koios ("Koios Digital," "Koios," "we," "us," or "our") collects, uses, stores, and protects your personal information when you use our website, platform, APIs, and related services (collectively, the "Services"). Koios provides a PKI-as-a-Service and IoT device management platform.

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of our Services.

2. Information We Collect

2.1 Account and Authentication Data

When you create an account or manage an organization on Koios, we collect:

  • Email address — used for authentication, account recovery, and communications.
  • Password — stored using industry-standard encryption; we never store passwords in plaintext.
  • Name — associated with your user profile.
  • Billing information — including address and payment details, collected from organization owners for billing purposes. Payment processing is handled by Stripe; we do not directly store full payment card numbers.

2.2 Device and Platform Data

When you use the Koios IoT platform, we may collect and process:

  • Device logs — operational and diagnostic logs generated by devices managed through the platform.
  • PKI keys — public key infrastructure certificates and keys generated or managed through our PKI-as-a-Service offering.
  • Firmware binaries — firmware images uploaded to or distributed through the platform.
  • Device encryption keys — cryptographic keys associated with enrolled devices.

2.3 Analytics Data

We collect anonymized usage analytics through Rybbit, a self-hosted analytics solution running on our own infrastructure. This data helps us understand how our Services are used and improve the user experience. Rybbit does not use third-party tracking cookies and does not transmit analytics data to any external party.

2.4 Communications Data

If you subscribe to our mailing list or opt in to marketing communications, we collect your email address for that purpose. Marketing emails are sent through Oracle Email Delivery.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Services.
  • Authenticate users and manage account access.
  • Process billing and payments through Stripe.
  • Issue, manage, and revoke PKI certificates and device credentials.
  • Store and distribute firmware to enrolled devices.
  • Generate device logs for monitoring and diagnostics.
  • Send transactional emails (account confirmations, security alerts, service notifications).
  • Send marketing communications to users who have opted in.
  • Analyze aggregated, anonymized usage data to improve the Services.
  • Comply with legal obligations and enforce our terms of service.

4. Data Storage and Security

All data is stored encrypted at rest. Below is a summary of where specific categories of data are stored and processed:

Data CategoryStorage ProviderEncryption
User accounts and authenticationKoios infrastructure (Cloudflare)Encrypted at rest
Billing and paymentsStripeHandled per Stripe's security standards (PCI DSS compliant)
AnalyticsSelf-hosted (Rybbit on Koios infrastructure)Encrypted at rest
PKI keysOracle Cloud (off-site)Encrypted at rest
Device encryption keysOracle Cloud (off-site)Encrypted at rest
Device logsOpenObserve CloudEncrypted at rest
Firmware binariesCloudflare R2Encrypted at rest
Marketing emailsOracle Email DeliveryEncrypted in transit

All encrypted data is protected using Key Encryption Keys (KEKs) backed by Hardware Security Modules (HSMs). HSMs provide tamper-resistant, hardware-level protection for cryptographic key material, ensuring that encryption keys are never exposed in plaintext outside of secure hardware boundaries.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include HSM-backed key management, encryption of data at rest and in transit, access controls, and regular security reviews.

5. Third-Party Service Providers

We use the following third-party service providers to operate the Services. These providers process data solely on our behalf and in accordance with our instructions:

  • Stripe — Payment processing and billing management.
  • Cloudflare — Compute, content delivery, and object storage (R2).
  • Oracle Cloud — Secure off-site storage of PKI keys and device encryption keys.
  • OpenObserve Cloud — Device log ingestion and storage.
  • Oracle Email Delivery — Transactional and marketing email delivery.

We do not share your personal information with these providers beyond what is necessary for them to perform their services.

6. Data Sharing and Sale

We do not sell, rent, trade, or otherwise disclose your personal information to any third party for any purpose. This applies to all categories of data we collect, without exception.

We may disclose information only if required to do so by law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of Koios, our users, or the public.

7. Your Rights Under the GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction with applicable data protection laws, you have the following rights regarding your personal data:

  • Right of access — You may request a copy of the personal data we hold about you.
  • Right to rectification — You may request correction of inaccurate or incomplete data.
  • Right to erasure — You may request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction of processing — You may request that we limit how we process your data.
  • Right to data portability — You may request your data in a structured, machine-readable format.
  • Right to object — You may object to processing of your data for certain purposes, including direct marketing.
  • Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us using the information provided in Section 11.

8. Marketing Communications and Opt-Out

If you have opted in to receive marketing emails from Koios, you may unsubscribe at any time by clicking the "unsubscribe" link included in every marketing email, or by contacting us directly. We will process your opt-out request promptly.

Transactional emails related to your account or use of the Services (such as security alerts and billing confirmations) are not considered marketing communications and will continue to be sent as necessary.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by applicable law. When data is no longer needed, we securely delete or anonymize it.

  • Account data is retained for the duration of your account and deleted upon account closure, subject to any legal retention requirements.
  • Device logs are retained in accordance with your platform configuration and applicable retention policies.
  • Billing records may be retained as required for tax, accounting, and legal compliance purposes.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify you by posting the updated policy on our website and updating the "Last Updated" date above. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your information is handled, please contact us at:

Koios Digital LLC d.b.a Koios
Email: support@koios.sh
Website: https://koios.sh