Kopi Privacy Policy

1) Who we are

2) What information we collect

We collect information in the following categories:

A) Information you provide

• Account information: name, email address, password (or authentication credentials), organization or brand name (if provided).
• Billing information: we use third-party payment processors to process subscription payments. We typically receive limited billing details (e.g., billing status, plan level, partial card metadata like last 4 digits, and transaction IDs), but we do not store full payment card numbers.
• User content: prompts and instructions you provide, campaign briefs, edits, brand guidelines, and other content you input into the Service.
• Brand URL (optional): a website URL you provide so we can reference public brand cues (like tone, copy style, and design references).

B) Information we collect automatically

• Device and usage data: IP address, browser type, device identifiers, pages viewed, features used, timestamps, referring URLs, and crash/error logs.
• Cookies and similar technologies: used for authentication, preferences, and analytics (see Section 7).

C) Information from integrations you connect (optional)

If you connect third-party services (such as Shopify, Klaviyo, Mailchimp, or similar platforms), we may receive data as permitted by your settings and the integration scopes you authorize, such as:

• store or catalog metadata (e.g., brand name, product names, collections),
• email campaign assets or templates you choose to import/export,
• lists/segments metadata (depending on integration),
• analytics or performance summaries (if you enable them).

We only access and process this information to provide the features you request.

D) Information from public sources (brand website content)

If you provide a brand URL, we may fetch and process publicly available content from that website to help generate on-brand emails (e.g., copy style cues, publicly visible design references). We do not intend to bypass access controls or scrape content where prohibited by a site's technical restrictions.

3) How we use information

We use information to:

• Provide and operate the Service, including generating email drafts and HTML, rendering the editor experience, and enabling export.
• Personalize output (e.g., adapting tone, structure, and style based on your prompt, brand inputs, and optional brand URL).
• Maintain security and prevent abuse, including detecting fraud, spam, and unauthorized access.
• Provide customer support and respond to inquiries.
• Process subscriptions and billing, including plan management and payment confirmations.
• Improve and develop the Service, including debugging, performance monitoring, and feature development.

AI and model-related processing

To generate emails, we may process your prompts and related inputs through AI systems (which may include third-party model providers or infrastructure vendors acting as our service providers).

We do not intentionally request or need sensitive personal data (e.g., health data, government IDs, payment card numbers, or passwords) as part of normal usage. Please avoid entering such data into prompts or brand inputs.

4) How we share information

We share information only as described below:

A) Service providers (processors)

We use trusted third parties to help run the Service (for example: cloud hosting, databases, analytics, error monitoring, customer support tools, email delivery, and payment processing). They may process information on our behalf under contractual obligations to protect it and use it only for providing services to us.

B) Integrations you enable

If you connect services like Shopify/Klaviyo/Mailchimp, we may share data with those services as needed to perform actions you request (e.g., exporting an email template). The third party's use of information is governed by their policies.

C) Legal and safety

We may disclose information if we believe in good faith it is necessary to:

• comply with law or legal process,
• protect the security or integrity of the Service,
• prevent fraud or abuse,
• protect rights, property, or safety of Kopi, users, or others.

D) Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, information may be transferred as part of that transaction.

E) Aggregated / de-identified data

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

5) Data retention

We retain information for as long as reasonably necessary to:

• provide the Service,
• meet legal, accounting, or compliance obligations,
• resolve disputes, and enforce agreements.

Retention periods vary by data type. For example:

• Account data: retained while your account is active, and for a reasonable period afterward.
• User content and outputs: retained to support your access to drafts/history and collaboration features, unless you delete them or request deletion (subject to legal exceptions).
• Logs and security data: retained for security, debugging, and abuse prevention for a limited period.

You may request deletion as described in Section 9.

6) Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect information. However, no method of transmission or storage is perfectly secure, so we cannot guarantee absolute security.

7) Cookies and similar technologies

We use cookies and similar technologies to:

• keep you signed in,
• remember preferences,
• understand usage and improve performance,
• protect against fraud and abuse.

You can control cookies through your browser settings. Disabling cookies may affect certain Service features (like login persistence).

8) International data transfers

We may process and store information in the United States and other countries where we or our service providers operate. These countries may have different data protection laws than your jurisdiction.

If you are located in the EEA/UK/Switzerland, we may rely on appropriate safeguards for cross-border transfers (such as standard contractual clauses) when required.

9) Your privacy choices and rights

A) Account information

You can update certain account information through your account settings.

B) Delete your content or account

You can request deletion of your account and/or content by contacting rob@trykopi.ai. We will take reasonable steps to delete information, subject to legal requirements and legitimate business needs (e.g., security logs, billing records).

C) Marketing communications

If we send you marketing emails, you can opt out using the unsubscribe link or by contacting us.

D) California privacy rights (CCPA/CPRA)

If you are a California resident, you may have rights to:

• request access to or deletion of personal information,
• correct inaccurate personal information,
• opt out of certain "sharing"/targeted advertising (if applicable),
• limit use of sensitive personal information (we do not intend to collect sensitive information for typical use).

We do not sell personal information. If we engage in cross-context behavioral advertising in the future, we will update this policy and provide appropriate opt-out mechanisms.

E) EEA/UK privacy rights (GDPR)

If you are in the EEA/UK, you may have rights to:

• access, rectify, delete, or restrict processing,
• object to processing,
• data portability,
• withdraw consent where processing is based on consent.

To exercise rights, contact rob@trykopi.ai.

10) Children's privacy

The Service is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact us and we will take steps to delete it.

11) Third-party links and services

The Service may link to third-party websites or services. Their privacy practices are governed by their own policies, and we are not responsible for their practices.

12) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice (e.g., by posting an updated effective date, sending an email, or presenting an in-product notice). Your continued use of the Service after changes means you accept the updated policy.

13) Contact us

Questions or requests regarding this Privacy Policy: