1. Information We Collect
We collect the following types of information when you use Koha:
- Account information: Email address and name provided during registration.
- User content: The content you create within the Service.
- Usage analytics: Information about how you interact with the Service, including features used, pages visited, and actions taken.
- Device information: Browser type, operating system, and device identifiers collected automatically when you access the Service.
2. How We Use Your Information
We use your information to:
- Provide, operate, and maintain the Koha service.
- Manage your account, subscriptions, and billing.
- Communicate with you about service updates, security alerts, and support.
- Improve and develop new features for the Service.
- Enforce our Terms of Service and protect against misuse.
3. AI Processing
Koha uses Cloudflare Workers AI to provide optional features including line item suggestions and description generation. When you use these features:
- Your invoice line item history may be sent to the AI model to generate suggestions.
- Brief text inputs you provide are processed to generate professional descriptions.
- AI processing occurs within Cloudflare's infrastructure and is not shared with third parties.
- AI inputs and outputs are not stored beyond the duration of the request, though usage is logged for rate limiting purposes.
- AI features are optional and can be avoided entirely by not using the suggestion or description generation endpoints.
4. Data Storage
Your data is stored in Cloudflare D1 (SQLite-based) databases within Cloudflare's global network. All data is encrypted in transit using TLS. Cloudflare's infrastructure provides enterprise-grade security and availability for your stored data.
5. Third-Party Services
We use the following third-party services to operate Koha:
- Stripe: Payment processing for subscriptions. Stripe receives your payment information directly and is subject to Stripe's Privacy Policy.
- Resend: Transactional email delivery for magic link authentication and notifications.
- Cloudflare: Hosting, infrastructure, and CDN.
6. Data Retention
We retain your data as follows:
- Active accounts: Your account data and content are retained for as long as your account remains active.
- Deleted accounts: When you delete your account, all associated data is permanently removed within 30 days.
- Audit logs: System audit logs are retained for 90 days for security and debugging purposes, then automatically purged.
7. Your Rights
You have the right to:
- Access: View all personal data we hold about you through your account settings.
- Correct: Update your account information at any time.
- Delete: Request deletion of your account and all associated data.
- Export: Download your data in a portable format.
To exercise any of these rights, contact us at privacy@koha-ai.com or use the account settings in the application.
8. Cookies
Koha uses a single session cookie for authentication purposes. This cookie is httpOnly and secure, meaning it cannot be accessed by client-side JavaScript and is only transmitted over HTTPS connections. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.
9. Contact
For privacy-related questions or concerns, contact us at privacy@koha-ai.com.