Privacy Policy

Last updated: February 25, 2025

1. Who we are

koomastudio ("we", "us", "our") is a LinkedIn content tool that helps users save, organise, and remix LinkedIn posts into original content. Our website is located at www.koomastudio.com.

2. What data we collect

  • Account information — your name and email address, provided when you sign in via LinkedIn, Google, or Discord (via OAuth), or via a magic-link email.
  • LinkedIn post content — text, author name, and post URL of posts you explicitly choose to save using the web app or Chrome extension.
  • API keys — if you use Bring Your Own Key (BYOK), your API key is encrypted at rest using AES-256-GCM and never exposed in plaintext outside of the remix generation request.
  • Extension token — a hashed authentication token stored locally in your browser via chrome.storage.local to authenticate the Chrome extension.
  • LinkedIn Voice context — optional background information you provide about yourself to personalise AI-generated content.
  • Billing information — if you subscribe to Pro, payment is handled entirely by Stripe. We store your Stripe customer ID and subscription status. We never see or store your card details.

3. How we use your data

  • To provide the core functionality of the app — saving posts, generating remixes, and managing your library.
  • To authenticate you and keep your account secure.
  • To process subscription payments via Stripe.
  • To personalise AI-generated content using your LinkedIn Voice context, if provided.
  • To understand how the app is used and improve it, using aggregated, anonymous analytics data (see Google Analytics below).

We do not sell your data to third parties. We do not use your data for advertising. We do not use your data for any purpose unrelated to operating koomastudio.

4. Chrome extension

The koomastudio Chrome extension injects a save button into LinkedIn pages. It only reads post content (text, author name, post URL) when you explicitly click the save button — it does not passively monitor your browsing activity, collect web history, or log keystrokes.

Your extension token is stored locally in your browser using chrome.storage.local. It is sent to our servers only to authenticate save requests.

5. Data storage and security

Your data is stored in a PostgreSQL database hosted on Supabase. API keys are encrypted at rest. We use HTTPS for all data in transit. Access to your data is restricted to authenticated requests only.

6. Third-party services

  • Stripe — payment processing. Subject to Stripe's privacy policy.
  • OpenAI — AI remix generation for Pro subscribers. Post content is sent to OpenAI's API to generate remixes. Subject to OpenAI's privacy policy.
  • Anthropic — AI remix generation for BYOK users using an Anthropic key. Subject to Anthropic's privacy policy.
  • Supabase — database hosting. Subject to Supabase's privacy policy.
  • Google Analytics (GA4) — we use Google Analytics to collect anonymous, aggregated data about how the app is used (e.g. page views, feature usage). This data does not include your post content, API keys, or any personally identifiable information beyond what Google collects by default (IP address, browser type). Subject to Google's privacy policy. You can opt out using the Google Analytics opt-out browser add-on.

7. Your rights

You can delete your account and all associated data at any time by contacting us. You can revoke extension tokens at any time from the Settings page.

8. Contact

If you have questions about this policy or your data, contact us at notify@koomastudio.com.