Privacy Policy

Last updated: March 14, 2026

1. Introduction

Koru Insights ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services (collectively, "the Service").

2. Information We Collect

2.1 Information you provide

  • Account information: email address, display name, and optional avatar when you create an account.
  • User content: goals, journal entries, affirmations, scripts, mood logs, crystal inventory data, and any images you upload.
  • Contact information: any details you submit through our contact form.

2.2 Information collected automatically

  • Usage data: tool run timestamps, session durations, and feature interactions for analytics and improving the Service.
  • Device information: browser type, operating system, and screen size for compatibility purposes.
  • Cookies: we use essential cookies for authentication and session management. We do not use third-party advertising cookies.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Personalise your experience (e.g. generating affirmations from your goals).
  • Display your progress through dashboards, charts, and mood tracking visualisations.
  • Communicate with you about your account, updates, or support requests.
  • Improve the Service through aggregated, anonymised usage analytics.

4. Data Storage & Security

Your data is stored securely using Supabase, which provides encrypted data storage and secure authentication. We implement industry-standard security measures including:

  • Encryption in transit (TLS/HTTPS).
  • Encryption at rest for database storage.
  • Row-level security policies ensuring users can only access their own data.
  • Secure, HTTP-only session cookies.

5. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share data only in the following limited circumstances:

  • Service providers: trusted infrastructure partners (e.g. Supabase for database hosting, Vercel for application hosting) that process data on our behalf under strict confidentiality agreements.
  • Legal requirements: if required by law or to protect our rights, safety, or property.

6. Your Rights

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — update or correct inaccurate data through your account settings.
  • Deletion — delete your account and all associated data at any time from your account settings.
  • Portability — request your data in a machine-readable format.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time.

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will permanently remove all associated data within 30 days. Anonymised, aggregated analytics data may be retained indefinitely.

8. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by email. Your continued use of the Service after the changes take effect constitutes your acceptance of the revised policy.

10. Contact Us

If you have any questions about this Privacy Policy or your data, please reach out through our contact page.