Privacy Policy

1. Introduction

This Privacy Policy describes how Kooni AI ("we", "us", "our", or "Company") collects, uses, and discloses information about users ("you", "your") of our AI-powered email composition service (the "Service"). By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

IMPORTANT: This Service is provided "AS-IS" without any warranties. We make no guarantees about data security, availability, or fitness for any particular purpose. Your use of this Service is at your own risk.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, and password (encrypted)
• Authentication Data: OAuth tokens from Google and other third-party providers
• Payment Information: Billing details processed through third-party payment processors
• Communications: Messages you send to us, including support requests

2.2 Automatically Collected Information

• Usage Data: Browser type, device information, IP address, operating system
• Service Interaction: Features used, conversion requests, API calls
• Cookies and Tracking: Session cookies, authentication tokens, preferences
• Log Data: Access times, error logs, performance metrics

2.3 Content Data

Email Content (Temporary Processing Only): We temporarily process plain text content you submit from Gmail's compose window for email transformation. This content is processed by AI systems for transformation purposes only and is not permanently stored. Content is deleted within 30 days and is not used to train AI models without explicit consent.

Important: We ONLY access email content when you explicitly click the Kooni AI button in Gmail. We never access your inbox, sent items, drafts, or any other emails besides the one you are actively composing.

3. How We Use Your Information

• Provide Service: Transform your plain text into formatted HTML emails using AI
• Authentication: Authenticate users and maintain secure sessions
• Usage Limits: Track and enforce free tier limits (10 conversions/month) and subscription tiers
• Payments: Process and complete subscription transactions via Stripe
• Communications: Send essential service notifications, updates, and security alerts
• Support: Respond to user inquiries and support requests
• Improvements: Monitor and analyze usage patterns to improve service quality
• Security: Detect, prevent, and address technical issues and security threats
• Compliance: Enforce our Terms of Service and comply with legal obligations

What We Do NOT Do:

• We do NOT read your email inbox or sent items
• We do NOT permanently store your email content
• We do NOT use your content to train AI models without consent
• We do NOT sell your personal data to third parties
• We do NOT share your data for marketing purposes

4. Information Sharing and Disclosure

4.1 Third-Party Service Providers

We share information with third-party vendors who perform services on our behalf:

• AI Processing: Your email content is temporarily sent to AI service providers for transformation (deleted after processing, not used for training)
• Payment Processing (Stripe): Billing information and email for subscription management
• Cloud Hosting (Vercel): Application hosting and content delivery
• Authentication (Google OAuth): Secure user authentication (email, name, profile picture)
• Database Services: Secure storage of account and usage data

Important: We do NOT sell your personal data. Third-party services are bound by contractual obligations to protect your data and use it only for the specified purposes.

4.2 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity.

5. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. By using the Service, you consent to such transfers.

FOR EU USERS: We rely on Standard Contractual Clauses and other appropriate safeguards for international data transfers as required by GDPR.

6. Data Retention

• Email Content: Temporarily processed for transformation only, deleted within 30 days maximum
• Account Data: Retained until account deletion or 2 years of inactivity
• Authentication Tokens: Stored locally in browser, expire based on session duration
• Usage Data: Conversion counts and API calls retained for billing purposes
• Transaction Records: Retained for 7 years for tax and legal compliance
• Log Data: Retained for 90 days unless required for security or legal purposes

7. Your Rights and Choices

7.1 General Rights

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your account and data
• Portability: Request a copy of your data in machine-readable format
• Opt-Out: Unsubscribe from marketing communications

7.2 GDPR Rights (EU Users)

If you are located in the European Economic Area, you have additional rights under GDPR including:

• Right to object to processing
• Right to restrict processing
• Right to withdraw consent
• Right to lodge a complaint with your supervisory authority

7.3 CCPA Rights (California Users)

California residents have the right to:

• Know what personal information is collected, used, shared, or sold
• Delete personal information held by us
• Opt-out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising CCPA rights

8. Data Security

We implement reasonable security measures to protect your information, including encryption, access controls, and secure protocols. However, no method of transmission or storage is 100% secure.

DISCLAIMER: WE PROVIDE NO GUARANTEES OR WARRANTIES REGARDING DATA SECURITY. YOU ACKNOWLEDGE THAT SECURITY BREACHES MAY OCCUR AND WE SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED ACCESS, LOSS, OR DISCLOSURE OF YOUR INFORMATION, EXCEPT AS REQUIRED BY APPLICABLE LAW.

9. Children's Privacy

The Service is not intended for users under 13 years of age (or under 16 in the EU). We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it promptly.

10. Cookies and Tracking Technologies

We use cookies and Chrome storage for:

• Essential Cookies: Required for authentication and service functionality
• Session Tokens: Stored locally in Chrome extension storage for authentication
• User Preferences: Remember your settings within the extension

Chrome Extension Storage: Our extension uses Chrome's local storage API to securely store your authentication token on your device. This data is not accessible to other extensions or websites.

You can control cookies through your browser settings, but disabling certain cookies may limit Service functionality.

11. Third-Party Links and Services

The Service integrates with third-party services:

• Gmail: Our extension runs within Gmail to provide transformation services. We only access compose window content when you click our button.
• Google OAuth: Used for secure authentication. See Google's Privacy Policy.
• Stripe: Payment processing. See Stripe's Privacy Policy.

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Changes will be effective immediately upon posting. Your continued use of the Service after changes constitutes acceptance of the revised policy. Material changes will be communicated via email or Service notification.

13. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

• WE PROVIDE NO WARRANTIES REGARDING THE SECURITY, ACCURACY, OR AVAILABILITY OF YOUR DATA
• WE ARE NOT LIABLE FOR ANY DATA BREACHES, LOSSES, OR UNAUTHORIZED ACCESS
• WE ARE NOT LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES
• OUR TOTAL LIABILITY SHALL NOT EXCEED THE AMOUNT YOU PAID US IN THE PAST 12 MONTHS
• YOU USE THE SERVICE AT YOUR OWN RISK AND ACKNOWLEDGE THESE LIMITATIONS

14. Contact Us

For questions, concerns, or to exercise your privacy rights, contact us at:

For EU users: You have the right to lodge a complaint with your local data protection authority.

15. Governing Law

This Privacy Policy shall be governed by and construed in accordance with applicable laws, without regard to conflict of law provisions. Specific provisions required by local laws (GDPR, CCPA, etc.) shall apply to users in those jurisdictions.