Privacy Policy

1. Introduction

KOIRA (“we”, “us”, “our”) operates the koira.ai platform, including my.koira.ai, build.koira.ai, and apps.koira.ai (collectively, the “Service”). This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

2. Information We Collect

Account Information: When you create an account, we collect your email address and authentication credentials.

Integration Data: When you connect third-party services (such as Shopify, Google, or social media platforms), we store OAuth tokens and API keys to access those services on your behalf. We only access data required for the apps you install.

Usage Data: We collect information about how you interact with the Service, including installed apps, canvas layouts, and approval queue activity.

Workspace Data: Business information you provide such as company name, industry, brand voice, and goals to personalize your experience.

3. How We Use Your Information

We use your information to:

• Provide and operate the Service
• Connect to third-party integrations you authorize
• Execute app actions you explicitly approve through the approval queue
• Generate AI-powered content and insights for your installed apps
• Send you notifications about your account and app activity
• Improve and develop the Service

4. Approval Queue & Data Safety

KOIRA enforces a mandatory approval queue for all write operations. No app can modify your connected services (post content, send emails, update products, etc.) without your explicit approval. Every action is logged and auditable.

5. Third-Party Integrations

When you connect a third-party service, we access only the data necessary for your installed apps to function. Each app declares which integrations it requires, and apps cannot access integrations they have not declared. You can disconnect any integration at any time from your settings page.

6. Data Storage & Security

Your data is stored securely using Supabase (PostgreSQL) with row-level security policies. Integration tokens are stored with access controls that restrict them to your workspace only. All data is transmitted over HTTPS.

7. Data Retention & Deletion

You can export all your data at any time from Account settings (GDPR Article 20 compliant). You can delete your account and all associated data at any time. Upon deletion, we permanently remove your workspace, installed apps, canvas layouts, queue history, and integration connections.

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service.

10. Contact

If you have questions about this Privacy Policy, contact us at shane@koira.ai.