Privacy Policy

Last updated: April 2026

Koa ("we", "our", "us") is an AI-powered study platform for university students, available at koa.university. This Privacy Policy explains what information we collect, how we use it, and what choices you have.

1. What We Collect

When you use Koa, we may collect the following information:

• Account information: Your name, email address, and university affiliation, collected when you create an account.
• Course data from LMS: If you connect your Learning Management System (e.g., Canvas), we access your course list, syllabi, lecture materials, and related academic content to personalize your study experience.
• Uploaded documents: Files you upload to Koa, including PDFs, DOCX, and PPTX documents.
• Study activity: Your interactions within the platform, such as notes created, AI conversations, and study sessions, to improve the experience.

2. How We Use Your Information

We use the information we collect to:

• Provide and operate the Koa study platform.
• Personalize your study experience based on your courses and materials.
• Power AI tutoring features using your course context and study content.
• Improve and develop new features for the platform.
• Communicate with you about your account or important service updates.

3. Third-Party Services

Koa relies on the following third-party services to operate:

• Supabase: We use Supabase for user authentication, database storage, and file storage. Your account data and uploaded documents are stored on Supabase infrastructure.
• OpenAI (ChatGPT): Koa's AI features are powered by OpenAI. You provide your own OpenAI API key (Bring Your Own Subscription). Your study content is sent to OpenAI's API to generate AI responses. We do not store your API key on our servers beyond your authenticated session. Please review OpenAI's Privacy Policy for how they handle data sent to their API.

We do not sell your personal information to any third party.

4. Data Storage and Security

Your data is stored on Supabase's hosted infrastructure, which provides encryption at rest and in transit. We implement reasonable security measures to protect your information, including secure authentication flows and access controls. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

5. Your Rights

You have the right to:

• Access your data: You can view the information associated with your account within the app.
• Delete your account: You can request deletion of your account and all associated data by contacting us at support@koa.university.
• Export your data: You can request a copy of your data by contacting us.
• Disconnect LMS: You can revoke Koa's access to your LMS at any time through your account settings or your LMS provider.

6. Cookies

Koa uses cookies solely for authentication purposes, specifically to maintain your login session. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

7. Children's Privacy

Koa is designed for university students and is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will promptly delete it.

8. Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the platform or by email. Your continued use of Koa after changes are posted constitutes your acceptance of the updated policy.

9. Contact Us

If you have any questions about this Privacy Policy or your data, contact us at:

support@koa.university

Koa is based in Toronto, Ontario, Canada.