Korumia

Privacy Policy

Effective Date: April 1, 2026

This Privacy Policy explains how Korumia ("we," "us," or "our") collects, uses, and protects your personal information when you use our platform at https://korumia.com. By using Korumia, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address — used for authentication, account recovery, and service communications
  • Name — used for display within the platform
  • Password — stored using bcrypt hashing with 12 rounds; we never store or have access to your plaintext password

1.2 Company and Expert Data

When you use the platform, we collect:

  • Company information — company name, description, industry, and configuration details for your AI Companies
  • Expert configurations — names, roles, and system prompts for the AI expert advisors you create

1.3 Chat Messages

We store the messages you send to and receive from AI expert advisors. This includes:

  • Messages you type in chat conversations
  • AI-generated responses from your expert advisors
  • Metadata such as timestamps and which expert was addressed

1.4 Memory Data

Our memory system automatically extracts and stores relevant information from your conversations to provide better, more contextual responses over time. This includes key facts, preferences, and decisions discussed in your chats.

1.5 Uploaded Files

If you upload files through the platform, we store them securely on AWS S3. File metadata (name, size, type) is also retained.

1.6 Payment Information

When you purchase credits, payment is processed by Stripe. We store transaction records (amounts, dates, credit balances) but do not store your credit card number or full payment details. Stripe handles all sensitive payment data directly.

1.7 Technical Information

We automatically collect:

  • Session data — managed through HTTP-only secure cookies
  • IP address — used for rate limiting and security purposes
  • Basic request metadata — used for error monitoring and service reliability

We do not use third-party analytics or tracking services.

2. How We Use Your Information

We use the information we collect to:

  • Provide the service — create and manage your AI Companies, expert advisors, and chat conversations
  • Process AI responses — send your messages to AI providers to generate expert advisor responses
  • Improve response quality — use the memory system to provide more relevant, contextual AI responses over time
  • Process payments — handle credit purchases and track your balance
  • Communicate with you — send account-related emails (verification, password reset, billing notifications)
  • Ensure security — rate limiting, fraud prevention, and abuse detection
  • Maintain the service — error monitoring, debugging, and infrastructure management

We do not sell your personal information to third parties. We do not use your data for advertising.

3. AI Data Processing

A core feature of Korumia is AI-powered expert advisors. To provide this, your chat messages are processed by third-party AI providers:

ProviderPurpose
OpenRouterRoutes requests to various AI models for generating expert responses and other AI tasks
Google Vertex AIProvides AI model access for chat responses and specialized tasks
OpenAIGenerates text embeddings for the memory and search system

Important notes about AI processing:

  • Your messages are sent to these providers to generate responses. Each provider has its own data handling policies.
  • We configure AI providers to not retain your data for their own training purposes where such options are available.
  • AI-generated responses may not always be accurate. They are provided for informational and advisory purposes only.
  • The memory system processes your conversations to extract relevant context, which is stored in our database and used to improve future responses within your own company context.

4. Third-Party Services

In addition to AI providers, we use the following third-party services:

ServicePurposeData Shared
StripePayment processingEmail, transaction amounts
PostmarkTransactional email deliveryEmail address, email content
AWS S3File storageUploaded files

Each of these services has its own privacy policy governing how they handle data.

5. Cookies

We use essential cookies only:

  • Session cookie — an HTTP-only, secure cookie that maintains your authenticated session. This is strictly necessary for the platform to function and cannot be disabled.

We do not use advertising cookies, analytics cookies, or any third-party tracking cookies.

6. Data Storage and Security

  • All data is stored in PostgreSQL databases
  • Passwords are hashed using bcrypt (12 rounds)
  • Sessions use HTTP-only secure cookies with SameSite protection
  • File uploads use presigned URLs with limited expiration
  • All connections use HTTPS/TLS encryption in transit
  • Rate limiting is applied to prevent abuse of sensitive endpoints
  • AI prompt inputs are sanitized to prevent injection attacks

While we implement industry-standard security measures, no system is completely immune to risk. We encourage you to use a strong, unique password for your account.

7. Data Retention

  • Account data — retained for as long as your account is active
  • Chat messages and memory data — retained for as long as your account is active or until you delete the relevant company
  • Payment records — retained as required by applicable financial regulations
  • Uploaded files — retained until you delete them or your account is closed
  • Session data — expires automatically based on session timeout settings

When you delete your account, we delete your personal data, companies, experts, chat messages, and memory data. Some data may be retained in backups for a limited period or as required by law.

8. Your Rights

You have the right to:

  • Access your data — view the personal information we hold about you through your account settings
  • Correct your data — update your name, email, and other account information at any time
  • Delete your data — delete your account and all associated data through account settings
  • Export your data — request a copy of your data by contacting us
  • Withdraw consent — stop using the service at any time by deleting your account

If you are located in the European Economic Area (EEA), you may also have rights under the GDPR including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at [email protected].

9. Children's Privacy

Korumia is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at [email protected].

10. International Data Transfers

Your data may be processed in countries other than your own, including the United States, where our infrastructure providers and AI services operate. By using Korumia, you consent to the transfer of your information to these countries, which may have different data protection laws than your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice on the platform. Your continued use of Korumia after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at:

Email: [email protected] Website: https://korumia.com