Privacy Policy

Effective: February 10, 2026

Last Updated: February 10, 2026

Kunya ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, applications, and services (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you register, we collect your name, email address, and password (stored securely using industry-standard hashing).
  • Profile Information: Optional details like display name, avatar, and preferences you choose to provide.
  • Payment Information: If you subscribe to a paid plan, payment details are processed by our payment provider (Stripe). We do not store your full credit card number on our servers.
  • Content: Text, images, code, and other content you create or submit through the Service, including chat conversations with AI models.
  • Communications: Messages you send to our support team or feedback you provide.

1.2 Information Collected Automatically

  • Device & Browser Data: Browser type and version, operating system, device type, screen resolution, and language settings.
  • Usage Data: Pages visited, features used, timestamps, click patterns, and how you interact with the Service.
  • Log Data: Server logs that may include your IP address, request timestamps, referring URLs, and error information.
  • Cookies and Similar Technologies: See Section 4 for details on how we use cookies.
  • Location Data (IP-Based Geolocation): We use your IP address to determine your approximate geographic location (country, region, and city level).
    • Display content in your preferred language
    • Show prices in your local currency
    • Ensure compliance with regional regulations
    • Optimize performance by routing to the nearest server
    Important: We resolve your IP address to a location and then discard the IP. We do not store raw IP addresses for geolocation purposes beyond what is necessary for security logging (see Section 1.3).

1.3 Security & Audit Logs

For security purposes, we maintain audit logs that may temporarily include IP addresses. These logs are used to detect unauthorized access, prevent fraud, and comply with legal obligations. Security logs are retained for a limited period and are not used for marketing or profiling purposes.

2. How We Use Your Information

We use your information for the following purposes:

  • Providing the Service: To operate, maintain, and improve the Service, including processing your AI requests and delivering results.
  • Personalization: To tailor the Service to your preferences, including language, currency, and content recommendations based on your location and usage patterns.
  • Authentication & Security: To verify your identity, protect your account, detect fraud, and maintain the security of the Service.
  • Communication: To send you account-related notifications, security alerts, and (with your consent) promotional communications.
  • Analytics & Improvement: To understand how the Service is used and to develop new features and improve existing ones.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.
  • Billing: To process payments, manage subscriptions, and handle billing-related inquiries.

3. Legal Basis for Processing

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following:

  • Contract Performance: Processing necessary to provide the Service you signed up for (account management, AI processing, etc.).
  • Consent: Where you have given explicit consent, such as for marketing emails or optional cookies.
  • Legitimate Interest: Processing necessary for our legitimate interests, such as improving the Service, preventing fraud, IP-based geolocation for personalization, and basic analytics — where these interests are not overridden by your rights.
  • Legal Obligation: Processing necessary to comply with legal requirements (tax records, regulatory compliance, etc.).

4. Cookies & Tracking Technologies

We use cookies and similar technologies to operate and improve the Service. When you first visit our site, you will be presented with a cookie consent banner that allows you to choose which types of cookies to accept.

4.1 Essential Cookies

These cookies are strictly necessary for the Service to function. They include authentication tokens, security cookies, and session management. These cannot be disabled.

4.2 Analytics Cookies

With your consent, we use analytics cookies to understand how visitors interact with the Service. This helps us identify issues, measure performance, and improve the user experience. Analytics data is aggregated and does not identify individual users.

4.3 Marketing Cookies

With your consent, marketing cookies may be used to deliver relevant advertisements and measure the effectiveness of ad campaigns. These cookies may be set by third-party advertising partners.

4.4 Preference Cookies

With your consent, preference cookies remember your settings such as language, theme, region, and other personalization choices to provide a more tailored experience.

4.5 Managing Your Preferences

You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site, which will re-display the consent banner. You can also manage cookies through your browser settings.

5. IP-Based Geolocation

We use your IP address to determine your approximate geographic location. This is a common practice used by most websites and is done for the following purposes:

  • Language & Localization: Automatically displaying the Service in your preferred language and locale.
  • Currency: Showing prices in your local currency.
  • Compliance: Ensuring we display the correct legal notices and consent mechanisms for your jurisdiction.
  • Performance: Routing your requests to the nearest data center for faster response times.

What we store: Only the derived location data (country, region, city) — not your raw IP address. Location data is stored in your browser's local storage and is not transmitted to our servers for storage.

Your rights: You can override the automatically detected location at any time by manually selecting your preferred language and currency in your account settings. Under GDPR, you have the right to object to this processing (see Section 7).

6. Data Sharing & Third Parties

We do not sell your personal information. We may share data with:

  • AI Model Providers: Your prompts and content are sent to third-party AI providers (such as OpenAI, Anthropic, Google) to generate responses. These providers process data according to their own privacy policies and data processing agreements.
  • Payment Processors: Stripe processes your payment information according to their privacy policy.
  • Infrastructure Providers: Hosting providers, CDN services, and other infrastructure partners that help us deliver the Service.
  • Analytics Services: With your consent, aggregated and anonymized usage data may be shared with analytics providers.
  • Legal Requirements: We may disclose information if required by law, court order, or governmental authority.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention requirements.
  • Data Portability: Request your data in a structured, commonly used, machine-readable format.
  • Restriction: Request that we limit the processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests, including IP-based geolocation and profiling.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, you can use the tools in your Account Settings (data export, account deletion) or contact us at the address below.

GDPR-specific: If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

California residents (CCPA/CPRA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

8. Data Retention

We retain your data according to the following guidelines:

  • Account Data: Retained while your account is active, and for up to 30 days after deletion to allow recovery.
  • Content (Conversations, Files): Retained while your account is active. Deleted upon account deletion.
  • Security Logs: Retained for up to 90 days, then automatically purged.
  • Payment Records: Retained as required by tax and financial regulations (typically 7 years).
  • Anonymized Analytics: May be retained indefinitely as it cannot be linked back to individual users.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Secure password hashing (Argon2)
  • JWT-based authentication with short-lived access tokens
  • Rate limiting and brute-force protection
  • Regular security audits and updates
  • Multi-factor authentication (MFA) support
  • Principle of least privilege for internal access

While we strive to protect your data, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please contact us immediately.

10. International Data Transfers

Your data may be processed in countries other than your own. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.

AI model providers may process data in different jurisdictions. We select partners that maintain adequate data protection standards and enter into appropriate data processing agreements.

11. Children's Privacy

The Service is not directed at children under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify you via email or an in-app notification for significant changes
  • Re-display the cookie consent banner if cookie practices change

We encourage you to review this page periodically. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy, want to exercise your data rights, or have concerns about how we handle your data, please contact us:

For GDPR-related inquiries or to file a complaint, you may also contact your local data protection authority.