Privacy Policy

Version 2 Last updated September 14, 2025

1. Introduction

"KopplaHQ ("we," "our," or "us") is a platform operated by Koppla LLC, a company registered in California, United States. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website (https://kopplahq.com), and related services."

Our services are available only to users located in the United States and Canada. By using our services, you represent that you are located in one of these jurisdictions.

We implement appropriate technical and organizational security measures to protect against unauthorized or unlawful processing of personal information and against accidental loss, destruction, or damage. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access our platform or use our services.

By using KopplaHQ, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Account and Profile Information

We collect information you provide when creating and maintaining your account:

Name, email address, and contact information
Username and password
Company or organization details
Profile information and preferences
Billing and payment information
Communication preferences

2.2 Content and Usage Data

As a content management platform, we collect and store:

Content you create, upload, or manage through our platform
Metadata associated with your content (creation dates, modification history, file types)
User interactions within the platform (clicks, navigation, feature usage)
Content organization and categorization data
Collaboration and sharing activities
Search queries and results within the platform

2.3 Technical Information

We automatically collect technical information to provide and improve our services:

IP address and browser information
Device information (operating system, browser type, device identifiers)
Geographic location data (country, region, city)
Log data including access times, pages viewed, and actions taken
Performance and diagnostic data
Cookies and similar tracking technologies

2.4 Analytics and Platform Usage

We use analytics tools, including PostHog, to understand platform usage and improve our services:

User engagement patterns and feature adoption
Platform performance metrics
Session recordings of platform interactions (disabled by default, enabled only with explicit consent)
A/B testing and feature flag data for platform optimization
Error reporting and debugging information
Pageview tracking and navigation patterns
User interaction heatmaps and click tracking

2.5 Communications

We collect information from your communications with us:

Support requests and correspondence
Feedback and survey responses
Marketing communication preferences
Meeting notes and call recordings (with consent)

2.6 AI and Content Processing Data

As part of our AI-powered content management features, we collect and process:

Content submitted for AI analysis and generation
AI model interactions and responses
Content optimization requests and results

3. How We Use Your Information

We use your information for the following legitimate business purposes:

3.1 Service Provision

Providing access to and functionality of the KopplaHQ platform
Storing, organizing, and managing your content
Enabling collaboration and sharing features
Processing payments and managing subscriptions
Providing customer support and technical assistance
Facilitating AI-powered content generation and analysis
Tracking usage credits and enforcing service limits
Providing bot protection and security screening

3.2 Platform Improvement

Analyzing usage patterns to enhance platform features
Conducting A/B testing and feature flag experiments for platform optimization
Developing new features and capabilities
Improving platform performance and reliability
Debugging and resolving technical issues
Training and improving AI models for better content generation
Optimizing credit usage and platform resource allocation

3.3 Communication and Marketing

Sending service-related notifications and updates
Providing platform tutorials and best practices
Marketing communications (with your consent)
Responding to inquiries and support requests
Conducting user research and feedback collection

3.4 Security and Compliance

Protecting against fraud, abuse, and security threats
Ensuring platform security and data integrity
Complying with legal obligations and regulations
Enforcing our Terms of Service
Conducting security audits and assessments

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

4.1 Service Providers

We work with trusted third-party service providers who assist in operating our platform:

Cloud hosting and infrastructure providers (Cloudflare, Supabase)
Payment processing services (Stripe)
Analytics and monitoring tools (PostHog)
AI content generation services (Anthropic, Google)
Bot protection services (Cloudflare Turnstile)

All service providers are contractually bound to protect your information and use it only for the specified purposes.

4.2 Legal Requirements

We may disclose information when required by law or to:

Comply with legal processes, court orders, or government requests
Protect our rights, property, or safety
Investigate potential violations of our Terms of Service
Prevent fraud or other illegal activities

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to equivalent privacy protections.

We may share information for other purposes with your explicit consent or at your direction.

5. Data Security and Protection

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

Encryption of data in transit and at rest using industry-standard protocols
Secure cloud infrastructure with regular security updates (Cloudflare and Supabase)
Multi-factor authentication and access controls
Regular security monitoring and threat detection
Automated backup and disaster recovery systems
Bot protection and DDoS mitigation through Cloudflare
API rate limiting and abuse prevention
Secure token-based authentication for third-party integrations
Regular security audits of AI processing pipelines

5.2 Administrative Safeguards

Strict access controls limiting employee access to personal data
Regular security training for all personnel
Comprehensive incident response procedures
Regular security audits and compliance assessments
Data retention and deletion policies

5.3 Physical Safeguards

Secure data centers with controlled physical access
Environmental protections and monitoring systems
Secure disposal of physical media and equipment

While we implement robust security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but commit to promptly addressing any security incidents.

6. Data Location and Transfers

All our services and data are hosted exclusively in the United States:

All servers and databases are located in US data centers
Email services operate through US-based infrastructure only
No data is transferred outside the United States
All service providers we use are US-based entities

Our services are available only to users located in the United States and Canada. If you are located outside these jurisdictions, you may not use our services.

By using our services, you consent to your data being processed and stored in the United States.

7. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

Account Information

Retained while your account is active
Deleted within 90 days of account closure (unless legally required to retain)

Content Data

Retained according to your account settings and data retention preferences
You control the retention and deletion of your content through your account settings
Backups may persist for up to 90 days after deletion for technical recovery purposes
Note that content is not available for recovery upon account deletion

Analytics and Log Data

PostHog analytics data typically retained for 24 months for platform improvement purposes
Session recordings (when enabled) are retained for 90 days maximum
Aggregated, non-identifying data may be retained longer for research and development

AI Processing Data

AI processing logs are retained for debugging, abuse prevention, and service improvement
Content submitted for AI processing is not used to train external AI models
AI-generated content becomes part of your regular content and follows content retention rules above

Legal and Compliance Data

Retained as required by applicable laws and regulations
Financial records retained for 7 years as required by law
Data related to terminated accounts for policy violations may be retained longer as necessary for legal compliance and platform security

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

Access and Portability

Request access to your personal information
Receive a copy of your data in a portable format
Download your content and account data through your account settings

Correction and Update

Correct inaccurate or incomplete information
Update your account and profile information
Modify your communication preferences

Deletion and Erasure

Request deletion of your account and associated data
Remove specific content or information
Exercise "right to be forgotten" where applicable

Restriction and Objection

Restrict certain types of data processing
Object to processing based on legitimate interests
Opt-out of marketing communications and analytics

California Privacy Rights (CCPA) California residents have additional rights under the California Consumer Privacy Act:

Categories of Personal Information We Collect:

Identifiers (name, email, IP address, device identifiers)
Commercial information (subscription details, payment information)
Internet activity (platform usage, content interactions)
Professional information (company details, role information)
Inferences (content preferences, usage patterns)

Business Purposes for Collection:

Providing and maintaining our services
Processing payments and subscriptions
Customer support and communications
Platform improvement and analytics
Security and fraud prevention
Legal compliance and safety

Sources of Information:

Directly from you (account registration, content creation)
Automatically from your use of our services (usage analytics, log data)
From payment processors (billing information)

Third Parties Who May Receive Information:

Service providers (Cloudflare, Supabase, Stripe, PostHog, Anthropic, Google)
Legal authorities (when required by law)
Business transferees (in event of merger or acquisition)

Right to Know: You have the right to request details about our data practices Right to Delete: You may request deletion of your personal information Right to Opt-Out: We do not sell personal information, but you may opt-out of certain data processing Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, please contact us using the information provided below.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your platform experience:

9.1 Essential Cookies

Required for platform functionality and security
Cannot be disabled without affecting platform operation

9.2 Analytics Cookies

Help us understand platform usage and performance
Used to improve features and user experience
Can be managed through your browser settings

9.3 Preference Cookies

Remember your settings and preferences
Provide personalized platform experience

You can manage cookie preferences through your browser settings.

10. Third-Party Services

Our platform uses limited third-party services necessary for core functionality. We do not offer integrations with external platforms at this time. The third-party services we use are:

Payment Processing: Stripe for secure payment and subscription management
Analytics: PostHog for platform usage analytics
AI Services: Anthropic, Google, Perplexity for content generation features
Infrastructure: Cloudflare for hosting and security

All third-party services are bound by strict data protection agreements and process data only as necessary for the specified functionality.

11. Children's Privacy

Our platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will take steps to delete that information promptly.

Organizations using our platform are responsible for ensuring compliance with children's privacy laws for any content or users they manage.

Content submitted for AI processing may be temporarily processed by third-party AI providers
AI-generated content is created based on user prompts and publicly available training data
We do not use your content to train AI models unless explicitly consented
AI processing logs may be retained for service improvement and abuse prevention

14.2 Content Analysis and Optimization

AI services analyze your content to provide suggestions and improvements
Content performance data may be used to enhance AI recommendations
All AI processing is performed with appropriate security and privacy safeguards
You maintain ownership of all content created using our AI-assisted tools

14.3 AI Service Providers

We work with leading AI providers who maintain strict data protection standards:

All AI providers are contractually bound to protect your data
AI processing is performed in secure, isolated environments
Data retention by AI providers is limited to operational necessities
We regularly audit AI provider compliance with our data protection requirements

NEW Section 15. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

Immediate Response (Within 24 Hours)

Contain and assess the breach
Begin investigation and remediation efforts
Document the incident for regulatory reporting

User Notification (Within 72 Hours)

Notify affected users via email to their registered email address
Provide details about what information was involved
Explain steps we are taking to address the breach
Recommend actions you should take to protect yourself

Regulatory Notification

Report to applicable authorities as required by law
Cooperate with regulatory investigations
Implement additional safeguards as recommended by authorities

Ongoing Communication

Provide updates as our investigation progresses
Offer identity monitoring services if applicable
Maintain transparency about remediation efforts

If you believe your account has been compromised, please contact us immediately at [email protected] with "SECURITY INCIDENT" in the subject line.