Privacy Policy

Last updated: March 17, 2026

Koa ("we", "us", "our") operates the Koa study platform at koa.university and the Koa mobile application. This policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address - used for authentication and account recovery
• Name - displayed in the app and used to personalize your experience
• University - used to customize course catalogs and study resources

Study Data

As you use Koa, we store:

• Notes - content you create in the notebook editor
• Courses and assignments - imported from your LMS or entered manually
• Study sessions - questions, answers, and mastery scores from tutoring sessions
• Flashcards - cards you create or generate with AI
• Calendar events - study schedules and academic deadlines

Usage Data

We collect anonymous usage analytics (page views, feature usage) to improve the product. We use Umami, a privacy-focused analytics tool that does not use cookies or track personal information.

Authentication Data

If you sign in with Google or Apple, we receive your name and email from the provider. We do not receive or store your Google or Apple password.

2. How We Use Your Data

• Provide the service - store your notes, track your progress, sync your calendar
• AI tutoring - your study content is sent to our AI provider to generate personalized questions, explanations, and feedback. We do not use your content to train AI models.
• Payment processing - if you subscribe to Koa Premium, payment is handled by Stripe. We do not store your credit card number.
• Communication - we may send you account-related emails (password reset, important updates). We do not send marketing emails without your consent.

3. Third-Party Services

We use the following third-party services to operate Koa:

• Supabase - database, authentication, and file storage (hosted in the US)
• Google Gemini - AI tutoring and content generation
• Stripe - payment processing for Premium subscriptions
• ElevenLabs - text-to-speech for audio study features

Each service has its own privacy policy. We only share the minimum data necessary for each service to function.

4. LMS Integration

If you connect your university LMS (Canvas, Moodle, or Brightspace), we access your courses, assignments, grades, and announcements using the API token you provide. We:

• Only read data - we never modify anything in your LMS
• Store your LMS access token encrypted at rest
• Only sync data you explicitly request

5. Data Retention

• Your account data is stored as long as your account is active
• If you delete your account, we delete all your data within 30 days
• Anonymous analytics data is retained for up to 12 months

6. Data Security

We use industry-standard security measures:

• All data transmitted over HTTPS (TLS 1.2+)
• Database access restricted by row-level security policies
• Authentication tokens stored securely, never in plain text
• Regular security audits of our codebase

7. Your Rights

You have the right to:

• Access - request a copy of all data we hold about you
• Correct - update your name, email, or other account information
• Delete - delete your account and all associated data
• Export - download your notes and study data

To exercise these rights, email us at ghasemyemad@gmail.com.

8. Children's Privacy

Koa is designed for university students (18+). We do not knowingly collect data from children under 13. If you believe a child has created an account, please contact us.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or an in-app notice. The "last updated" date at the top reflects the most recent revision.

10. Contact

Questions about this policy? Reach us at:

• Email: ghasemyemad@gmail.com
• Website: koa.university