Komposo Logo

Privacy Policy

Last updated: November 7, 2025

This Privacy Policy describes how Komposo collects, uses, and shares information about you when you use our website komposo.ai and related services.

1. Information We Collect

1.1 Authentication Data

We use Supabase, a secure authentication and database service, to manage user accounts. When you use our Services, we collect:

  • Email address for authentication purposes
  • OTP (One-Time Password) verification status
  • Authentication timestamps
  • Session data
  • When using Google OAuth: email address and profile information from your Google account

1.2 Account Information

When you create an account through our OTP verification system or Google Sign-In:

  • Email address for sending verification codes
  • Account creation date
  • Last login information
  • Session tokens
  • Subscription status and billing information

1.3 Project and Content Data

When you use our UI design and code generation features:

  • Images you upload for UI cloning
  • Screenshots and URLs you provide
  • Project names and descriptions
  • Generated HTML, CSS, and React code
  • Design prompts and AI interactions
  • Wireframes and design iterations
  • Project sharing settings and shared project access logs

1.4 Payment Information

We use Stripe to process payments. Stripe collects and processes:

  • Payment card details (processed and stored by Stripe, not by us)
  • Billing address
  • Transaction history
  • Subscription status and renewal dates

We receive from Stripe: payment success/failure status, subscription status, and customer ID. We do not store your full credit card numbers. See Stripe's privacy policy at https://stripe.com/privacy

1.5 Usage and Analytics Data

We automatically collect certain information when you use our Services:

  • IP address and browser type
  • Device information and operating system
  • Pages visited and features used
  • Time spent on pages
  • Referral sources
  • Click and interaction patterns

2. How We Use Your Information

We use your information to:

  • Authenticate your identity and provide secure access to your account
  • Send one-time verification codes via email
  • Process your UI design and code generation requests
  • Store and retrieve your projects, designs, and generated code
  • Process payments and manage subscriptions
  • Provide customer support through our chat system
  • Send onboarding and service-related emails
  • Analyze usage patterns to improve our Services
  • Monitor and prevent fraud, abuse, or unauthorized access
  • Track referrals and affiliate relationships
  • Comply with legal obligations

3. Email Communications Specific Practices

3.1 Email Collection and Usage

  • We only send emails to users who have explicitly signed up for our service
  • Email addresses are collected solely through our authentication process
  • We do not purchase email lists or collect emails from third parties
  • All emails are strictly for account verification and service functionality
  • Verification codes are temporary and expire after a short period

3.2 Email Opt-Out Rights

  • Users can deactivate their accounts at any time
  • We send essential service-related emails necessary for verification and account security
  • Marketing emails include unsubscribe links
  • You cannot opt out of essential transactional emails (verification codes, billing)

3.3 Email Service Providers

We use Loops as our email service provider to send:

  • Verification codes and authentication emails
  • Onboarding and welcome emails
  • Product updates and announcements
  • Transactional notifications

Loops processes email addresses and message content in accordance with their privacy policy and security standards.

4. Data Storage and Processing

4.1 Data Storage

  • User data is stored securely in Supabase's infrastructure
  • All data is encrypted at rest and in transit
  • Authentication data is handled through Supabase's secure authentication system

4.2 Security Measures

We implement comprehensive security measures including:

  • Secure OTP generation and validation
  • Regular security audits
  • Access controls and monitoring
  • Session management and timeout policies

5. Information Sharing

We share your information only in limited circumstances:

  • With Supabase for authentication and data storage
  • With Stripe to process payments (they receive billing and payment information)
  • With Loops (our email service provider) to send verification codes and onboarding emails
  • With analytics providers (Google, Microsoft, TikTok) for usage analysis
  • With Crisp for customer support communications
  • With Tolt for referral tracking
  • When required by law or to protect rights and safety
  • With your explicit consent for specific purposes
  • With project collaborators when you share projects

We do not sell your personal information to third parties.

6. Your Rights and Choices

You have the right to:

  • Access your personal information
  • Request deletion of your account and all associated data
  • Opt out of non-essential communications
  • Update your email address
  • Request your data export (projects, generated code, account data)
  • Withdraw consent for optional data processing

To exercise these rights, contact us at support@mail.komposo.ai. We will respond within 30 days.

7. Data Retention

  • Authentication logs are retained for security purposes for 30 days
  • Account information is retained while your account is active
  • Projects, images, and generated code are retained while your account is active
  • Deleted account data, including all projects and content, is permanently removed within 30 days
  • Session data is automatically cleared after expiration
  • Analytics data is retained for up to 26 months (Google Analytics standard)
  • Payment records are retained as required by law (typically 7 years for tax purposes)

8. AI Training and Data Usage

We use aggregated, anonymized data to improve our AI models and service quality. This includes:

  • Usage patterns and feature interactions (anonymized)
  • Performance metrics and error rates
  • General design trends and popular patterns

We do not use your specific project code, designs, or uploaded images to train AI models without explicit consent. Your creative work remains private.

9. Children's Privacy

Our Services are not intended for children under 13. We do not knowingly collect information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

10. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through our Services.

11. Contact Us

For privacy-related questions:

  • Email: support@mail.komposo.ai
  • Website: komposo.ai

12. International Data Transfers

Your data may be processed in countries where Supabase operates. We ensure appropriate safeguards are in place for international data transfers.

13. Legal Basis for Processing

We process your data based on:

  • Contract fulfillment (providing our Services)
  • Legal obligations
  • Legitimate business interests
  • Your consent (for optional features)

14. Cookie Policy

We use essential cookies for:

  • Session management
  • Authentication status
  • Security purposes
  • Service functionality

15. Data Protection Rights

Under data protection laws, you have rights to:

  • Access your data
  • Correct your data
  • Delete your data
  • Object to processing
  • Data portability
  • Withdraw consent

16. Third-Party Services

Our Services integrate with the following third-party providers:

15.1 Core Services

  • Supabase: Authentication, database, and data storage
  • Stripe: Payment processing and subscription management
  • Loops: All email delivery including verification codes, onboarding, and marketing campaigns

15.2 Analytics and Tracking

  • Google Analytics: Website traffic and user behavior analysis
  • Google Tag Manager: Tag and tracking management
  • Microsoft Clarity: Session recording and heatmaps to improve UX
  • TikTok Pixel: Ad performance tracking and conversion measurement

These analytics tools may collect IP addresses, device information, browsing behavior, and interaction patterns. You can opt out using browser privacy settings or extensions.

15.3 Support and Communication

  • Crisp: Live chat support and customer communication
  • Tolt: Referral tracking and affiliate management

15.4 OAuth Providers

  • Google OAuth: When you sign in with Google, we receive your email address and basic profile information. Google's privacy policy applies to this data collection.

Each third-party service has its own privacy policy and data handling practices. We recommend reviewing their policies.

17. Security Measures

We maintain appropriate security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include:

17.1 Technical Safeguards

  • Encryption of data in transit and at rest
  • Secure access controls
  • Regular security updates
  • Intrusion detection systems
  • Firewalls and network security

17.2 Administrative Safeguards

  • Regular security assessments
  • Employee access controls
  • Security training and policies
  • Incident response planning
  • Regular system backups

17.3 Physical Safeguards

  • Secure data centers
  • Access restrictions
  • Environmental controls
  • Backup power systems
  • Disaster recovery procedures

18. Compliance

We comply with applicable data protection laws and regulations, including:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Other applicable privacy laws

For any questions about this Privacy Policy, please contact us at support@mail.komposo.ai