Effective date: March 25, 2025. Last updated: March 25, 2025.
This Privacy Policy describes how Kopai ("Kopai," "we," "us," or "our") collects, uses, discloses, and otherwise processes information in connection with our websites, applications, and related services (collectively, the "Service"). By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, you must not use the Service.
Not legal advice. This policy is provided for transparency. It does not create rights or obligations beyond what applicable law requires, and it is not a substitute for independent legal advice. Certain jurisdictions impose mandatory rules that may limit or override portions of this policy where inconsistent with law.
This policy applies to personal information we process when you visit our site, create or use an account, participate in organizations or projects, subscribe to paid plans, upload files, exchange messages with AI agents, or otherwise interact with the Service. It does not govern third-party websites, applications, or services that we do not control, even if linked from the Service.
Depending on how you use the Service, we may collect or process the following categories:
We use personal information to:
Where the GDPR or similar laws apply, we rely on one or more of the following: performance of a contract with you; legitimate interests that are not overridden by your rights (such as security, product improvement, and fraud prevention); compliance with legal obligations; and consent where required (for example, certain cookies or marketing, where applicable).
We use third-party service providers to operate the Service. Those providers process data on our behalf or receive data as independent controllers in connection with their own services. Their processing is subject to their respective privacy policies, terms, and security practices, which may change from time to time. We do not control their independent processing and are not responsible for their acts or omissions except as required by applicable law.
Non-exhaustive examples include:
We may add or replace subprocessors as our architecture evolves. Where required by law, we will provide appropriate notice or obtain consent.
We and our providers use cookies, local storage, and similar technologies for authentication, preferences, security, analytics, and performance. You can control cookies through browser settings; disabling certain cookies may break sign-in or features.
We may disclose personal information:
We do not sell personal information as "sale" is defined under U.S. state privacy laws that prohibit selling covered data without appropriate consent, and we do not share personal information for cross-context behavioral advertising as defined under those laws where such sharing is restricted.
We may process and store information in the United States and other countries where we or our providers operate. Those countries may have different data protection rules than your country of residence. Where required, we implement appropriate safeguards (such as Standard Contractual Clauses) and supplementary measures consistent with applicable law.
We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary based on data category, legal requirements, and operational needs (for example, billing records, security logs, and backups). When data is no longer needed, we delete or de-identify it in accordance with our internal procedures, subject to technical limitations and legal holds.
We implement administrative, technical, and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we cannot guarantee absolute security. You are responsible for safeguarding your account credentials and devices.
Depending on your jurisdiction, you may have rights to access, correct, delete, or export certain personal information; object to or restrict certain processing; withdraw consent where processing is consent-based; and lodge a complaint with a supervisory authority. You may also have rights under U.S. state laws (including California) to know, delete, and correct personal information, and to limit certain uses of sensitive information where applicable.
To exercise rights, contact us using the details below. We may need to verify your request. We will respond within the timeframes required by applicable law. Appeals and authorized agent requests may be handled as required by law.
The Service is not directed to children under 13 (or the minimum age required in your jurisdiction), and we do not knowingly collect personal information from children below that age for commercial purposes inconsistent with law. If you believe we have collected such information, contact us and we will take appropriate steps.
The Service uses automated systems, including large language models and related tools. Outputs may be inaccurate or incomplete. You should not rely on outputs as legal, medical, financial, or professional advice. Human review is advised for high-risk decisions.
To the maximum extent permitted by applicable law, Kopai and its affiliates, directors, employees, and suppliers shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenues, data, or goodwill, arising out of or related to this Privacy Policy or the Service, except where liability cannot be excluded or limited under applicable law (for example, liability for personal injury caused by gross negligence or willful misconduct, where applicable).
No guarantee against claims. Nothing in this Privacy Policy waives any mandatory rights you may have under law, and nothing herein is a guarantee that disputes or claims cannot be brought. Some jurisdictions do not allow certain limitations; in those jurisdictions, our liability is limited to the fullest extent permitted.
We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. If changes are material, we will provide additional notice as required by law (for example, email or in-product notice). Your continued use of the Service after the effective date constitutes acceptance of the updated policy, except where prohibited by law.
For privacy-related requests or questions, contact us at the support or legal contact method published on our website or in your account settings. If you are in the European Economic Area, the United Kingdom, or Switzerland and require the identity of our representative or data protection contact, request it using the same channel.