Privacy Policy

Last updated: June 13, 2026

1. Introduction

Koru Insights ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, web application, and related services (collectively, the "Service").

Koru Insights is a digital wellness, self-reflection, and manifestation platform. The Service allows users to create goals, use daily practices, track moods and progress, write reflections, upload images, manage personal settings, and optionally enable reminders.

2. Information We Collect

2.1 Information you provide

  • Account information: your email address, display name, username, optional avatar, and authentication details needed to create and secure your account.
  • Profile and settings information: preferences such as your timezone, reminder settings, and app settings.
  • User content: goals, manifestation statements, journal entries, gratitude entries, affirmations, scripts, visualisation notes, synchronicities, inventory items, mood logs, and similar content that you choose to create in the Service.
  • Uploaded content: images you upload, such as profile images, goal images, or vision board images.
  • Reminder information: reminder time, selected reminder days, and related delivery metadata if you enable reminders.
  • Contact information: any details you submit through our contact or support forms.

2.2 Information collected automatically

  • Usage data: information about how you use the Service, such as tool run timestamps, completion status, selected practices, feature interactions, and session-related activity.
  • Device and technical information: browser type, operating system, device type, screen size, IP-derived general location, and technical logs used for security, debugging, and compatibility.
  • Cookies and similar technologies: we use strictly necessary cookies for authentication, session management, and security. We do not currently use third-party advertising cookies. For more information, see our Cookie Notice.

3. How We Use Your Information

We use your information to:

  • Provide, operate, maintain, and secure the Service.
  • Create and manage your account.
  • Save and display your goals, practices, reminders, mood logs, uploaded images, and other user content.
  • Personalise your experience, such as showing your active goals, progress, daily practices, reminders, and app preferences.
  • Send transactional emails, including password reset emails, account-related messages, and reminder emails if you enable reminders.
  • Respond to support requests and contact form submissions.
  • Improve the Service using aggregated or anonymised usage insights where possible.
  • Detect, prevent, and investigate abuse, security incidents, or technical problems.
  • Comply with legal obligations.

4. Reminder Emails

If you enable reminders, we may send you reminder emails at or around your selected reminder time. Reminder emails are optional and can be stopped by deleting or disabling your reminder in your account settings.

Reminder emails are transactional messages connected to a feature you have enabled. We do not use reminder emails for third-party advertising or unrelated marketing.

5. Data Storage and Security

Your data is stored using trusted infrastructure providers, including Supabase for authentication, database storage, and file storage, and Vercel for application hosting. We use appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit using HTTPS/TLS.
  • Database access controls and row-level security policies.
  • Server-side access controls for sensitive operations and administrative actions.
  • Secure session management for logged-in users.
  • Limited access to production systems and environment variables.

No method of transmission or storage is completely secure. While we work to protect your information, we cannot guarantee absolute security.

6. Service Providers

We do not sell, rent, or trade your personal information. We may share limited data with trusted service providers who process information on our behalf, including:

  • Supabase: authentication, database, file storage, and related backend infrastructure.
  • Vercel: website and application hosting, deployment, serverless functions, and infrastructure logs.
  • Resend: transactional emails, such as password reset emails, account-related messages, and reminder emails.

These providers may process personal data only as needed to provide their services to us and are expected to protect the data they process.

7. Legal Requirements and Protection

We may disclose information if required by law, legal process, or governmental request, or if we believe disclosure is necessary to protect the rights, property, security, or safety of Koru Insights, our users, or others.

8. Your Rights

Depending on where you live, you may have rights over your personal data, including the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete information.
  • Delete your account and associated personal data through your account settings.
  • Port your data in a machine-readable format where applicable.
  • Withdraw consent where processing is based on consent.
  • Object to or restrict processing in certain circumstances.

You can update certain information directly in your account settings. You can also delete your account from within the app. If you have questions about your data, please contact us through our contact page.

9. Data Retention

We keep your personal data for as long as your account is active or as long as needed to provide the Service. If you delete your account, we will delete or anonymise your associated personal data within a reasonable period, unless we need to retain limited information for legal, security, or operational reasons.

Aggregated or anonymised data that no longer identifies you may be retained for analytics, service improvement, and security purposes.

10. International Processing

Our service providers may process data in different countries. If personal data is transferred internationally, we rely on appropriate safeguards where required by applicable law.

11. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly.

12. Cookies

We use strictly necessary cookies and similar technologies for login, authentication, security, and session management. These are required for the Service to work properly.

We do not currently use third-party advertising cookies. If we later introduce non-essential analytics, advertising, or tracking cookies, we will update our practices and request consent where required.

For more information, please read our Cookie Notice.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Service or by email where appropriate. The updated policy will be posted on this page with a revised "Last updated" date.

14. Contact Us

If you have any questions about this Privacy Policy or your data, please reach out through our contact page.

Koru Insights