privacy policy

Last updated: February 19, 2026 (UTC)

This Privacy Policy explains how koraiku ("the Service") collects, uses, stores, and protects personal data and content you provide when using the platform.

1. Scope

This policy applies to personal data processed through the Service, including account information, training data, and images uploaded by users.

2. Data we collect

We may process the following categories of data:

• Account data: username, email address, authentication credentials, and account status.
• User Content: plans, sessions, kokoris, notes, and other data you enter in the platform.
• Image data: images you upload, file metadata, generated storage paths, and original file name references.
• Technical data: IP address, browser/device details, timestamps, and server logs for security and diagnostics.
• Browser storage data: local and session storage entries used for essential state (for example, in-progress flow state and preference settings).
• Cookie and similar data as described in the Cookie Policy.

3. How we use data

We use data to:

• Provide and operate core platform features.
• Authenticate users and protect accounts.
• Store, display, and process your training data and uploaded images.
• Maintain security, monitor abuse, and troubleshoot incidents.
• Comply with legal obligations and enforce the Terms and Conditions.

4. Legal bases for processing

Depending on the context, data is processed based on:

• Contract performance: to provide the Service you request.
• Legitimate interests: security logging, service reliability, and fraud, abuse, or misuse prevention.
• Legal obligations: where processing is required by applicable law.
• Consent: where consent is required (for example, non-essential cookies, if applicable).

5. User-entered data and uploaded images

You control the content you submit. You should only upload data and images you are authorized to use. To operate the Service efficiently, uploaded images may be converted and compressed (for example, to WebP) and stored under generated internal paths. This processing is limited to delivering and maintaining the Service.

6. Sharing of data

We do not sell your personal data. Data may be shared only when necessary with infrastructure or service providers acting on our behalf, or when required by law, legal process, or to protect the rights, safety, and integrity of users and the Service.

7. International transfers

Data is intended to be hosted and managed from Spain. If processing involves transfers outside your jurisdiction, reasonable safeguards are applied where required by law.

If optional Google Analytics cookies are enabled, related data may be transferred outside the EEA. Where required, we rely on safeguards such as Standard Contractual Clauses (SCCs).

8. Data retention

We retain personal data and User Content while your account is active and as needed to provide the Service. Following deletion requests or account closure, data may remain for a limited period in backups, security systems, or where retention is legally required.

Security and access logs are retained for a limited period proportionate to security, abuse-prevention, and operational troubleshooting needs.

9. Account deletion and data deletion requests

You may request closure of your account and deletion of associated personal data by contacting [email protected]. Some data may be retained where legally required or strictly necessary for security, fraud prevention, or dispute resolution.

10. Security measures

We apply technical and organizational measures designed to protect personal data and User Content. No system is completely secure, and absolute security cannot be guaranteed.

11. Your privacy rights

Depending on applicable law, you may have rights to:

• Access the personal data held about you.
• Request correction of inaccurate data.
• Request deletion of data.
• Object to or restrict certain processing.
• Request portability of data where applicable.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local data protection authority.

You can exercise these rights by contacting [email protected]. We may request verification of identity before responding.

If you are in Spain, you may also lodge a complaint with the Agencia Espanola de Proteccion de Datos (AEPD).

12. Children's privacy

The Service is not intended for children under 16 (or the minimum age required in your jurisdiction). If you believe a child has provided personal data unlawfully, contact us to request deletion.

13. Policy updates

We may update this Privacy Policy from time to time. Material changes will be reflected on this page with an updated "Last updated" date.

14. Operator and contact

The Service is operated by Pablo Meca, established in Spain. For privacy requests or questions, contact [email protected].