Privacy Policy
Last Updated: January 10, 2026
Korvat ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our desktop application and services.
Key Points:
- We collect information necessary to provide and improve our AI services
- Your data is processed by third-party AI providers to deliver the Service
- We implement industry-standard security measures
- You have rights to access, correct, and delete your data
1. Information We Collect
1.1 Information You Provide
Account Information:
- Email address
- Name (if provided)
- Password (encrypted)
- Payment information (processed by Paddle, our payment processor)
User Content:
- Text inputs you submit to the AI
- Screen captures you choose to analyze
- Voice recordings for speech-to-text processing
- AI-generated responses and outputs
1.2 Automatically Collected Information
Usage Data:
- Features used and frequency of use
- Application performance and error logs
- Session duration and timestamps
- Operating system and version
Technical Information:
- IP address
- Device identifiers
- Application version
- System performance metrics
1.3 Information We Don't Collect
We do NOT collect:
- Continuous screen recordings or monitoring
- Keystrokes outside of Korvat interactions
- Files or content not explicitly shared with Korvat
- Browsing history unrelated to the Service
2. How We Use Your Information
We use collected information to:
- Provide the Service: Process your requests through AI models, deliver features, and maintain functionality
- Improve the Service: Analyze usage patterns, identify bugs, and enhance features
- Account Management: Authenticate users, manage subscriptions, and provide customer support
- Communication: Send service updates, security alerts, and subscription notifications
- Billing: Process payments and prevent fraud
- Legal Compliance: Comply with legal obligations and protect our rights
3. How We Share Your Information
3.1 AI Service Providers
Your inputs are sent to third-party AI providers to generate responses:
- OpenAI: For GPT models
- Anthropic: For Claude models
- Google: For Gemini models
- Ollama: For local/open-source models (if applicable)
These providers have their own privacy policies governing their use of data. We recommend reviewing their policies.
3.2 Payment Processor
Paddle: Handles all payment processing. We do not store your complete credit card information. Paddle's privacy policy governs payment data.
3.3 Infrastructure Providers
Supabase: Hosts our authentication and database services. Data is stored securely with encryption at rest and in transit.
3.4 Other Disclosures
We may share information:
- With your consent: When you explicitly authorize sharing
- Legal requirements: To comply with laws, regulations, or legal processes
- Business transfers: In connection with mergers, acquisitions, or asset sales
- Protection: To protect our rights, property, or safety, and that of our users
We do NOT:
- Sell your personal information to third parties
- Use your content to train AI models without explicit consent
- Share your data for advertising purposes
4. Data Retention
We retain your information for as long as:
- Your account is active
- Necessary to provide the Service
- Required by law or for legitimate business purposes
Deletion:
- You can request deletion of your account and associated data at any time
- We will delete your data within 30 days of account closure, except where retention is required by law
- Some data may be retained in backups for up to 90 days
5. Data Security
We implement industry-standard security measures:
- Encryption: Data is encrypted in transit (TLS/SSL) and at rest
- Access Controls: Limited employee access on a need-to-know basis
- Authentication: Secure password hashing and optional two-factor authentication
- Monitoring: Regular security audits and vulnerability assessments
- Compliance: Following security best practices and applicable regulations
However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
6. Your Privacy Rights
6.1 Access and Correction
You have the right to:
- Access your personal information
- Correct inaccurate data
- Update your account information
6.2 Data Portability
You can request a copy of your data in a structured, machine-readable format.
6.3 Deletion
You can request deletion of your account and associated data, subject to legal retention requirements.
6.4 Opt-Out Rights
You can opt out of:
- Marketing emails (via unsubscribe links)
- Non-essential data collection (may limit Service functionality)
6.5 Exercising Your Rights
To exercise these rights, contact us at [email protected]. We will respond within 30 days.
7. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for international transfers.
8. Children's Privacy
Korvat is not intended for users under 18 years of age. We do not knowingly collect information from children. If we discover we have collected information from a child, we will delete it promptly.
9. California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to opt-out of the sale of personal information (we do not sell data)
- Right to deletion
- Right to non-discrimination for exercising privacy rights
10. European Privacy Rights (GDPR)
European Economic Area residents have rights under the General Data Protection Regulation:
- Right to access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
Legal Basis for Processing:
- Performance of contract (providing the Service)
- Legitimate interests (improving the Service, security)
- Consent (where explicitly provided)
- Legal obligations
11. Cookies and Tracking
The Korvat desktop application does not use cookies. Our website may use cookies for:
- Authentication and session management
- Analytics to understand usage patterns
- Preferences and settings
You can control cookies through your browser settings.
12. Third-Party Links
Korvat may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review their privacy policies.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically. We will notify you of material changes via:
- Email notification
- In-app notification
- Website announcement
Continued use after changes constitutes acceptance of the updated policy.
14. Data Protection Officer
For privacy-related inquiries, you can contact our Data Protection Officer at:
Email: [email protected]
15. Contact Us
If you have questions or concerns about this Privacy Policy, please contact us:
Email: