Privacy Policy

Last updated: April 21, 2026

1. Who we are

koomastudio ("we", "us", "our") is a LinkedIn content system that helps users plan, draft, format, schedule, publish, and organize LinkedIn content in their own voice. Our website is located at www.koomastudio.com.

2. What data we collect

  • Account information — your name and email address, provided when you sign in via LinkedIn, Google, or Discord (via OAuth), or via a magic-link email.
  • Content and saved materials — post drafts, saved posts, author names, post URLs, media URNs, and other content you explicitly create, save, upload, schedule, or publish using the web app or Chrome extension.
  • API keys — if you use Bring Your Own Key (BYOK), your API key is encrypted at rest using AES-256-GCM and never exposed in plaintext outside of the remix generation request.
  • Extension token — a hashed authentication token stored locally in your browser via chrome.storage.local to authenticate the Chrome extension.
  • LinkedIn Voice context — optional background information you provide about yourself, plus signals derived from posts you save or publish, to personalize future draft generation.
  • Billing information — if you subscribe to Pro, payment is handled entirely by Stripe. We store your Stripe customer ID, subscription status, and related billing state. We never see or store your card details.

3. How we use your data

  • To provide the core functionality of the app, including planning, drafting, saving, remixing, scheduling, publishing, and managing your content library.
  • To authenticate you and keep your account secure.
  • To process subscription payments via Stripe.
  • To personalize AI-generated content using your LinkedIn Voice context, saved posts, and published-post history, if provided or available in your account.
  • To understand how the app is used and improve it, using aggregated, anonymous analytics data (see Google Analytics below).

We do not sell your data to third parties. We do not use your data for advertising. We do not use your data for any purpose unrelated to operating koomastudio.

4. Chrome extension

The koomastudio Chrome extension injects a save button into LinkedIn pages. It only reads post content such as text, author name, and post URL when you explicitly click the save button. It does not passively monitor your browsing activity, collect web history, or log keystrokes.

Your extension token is stored locally in your browser using chrome.storage.local. It is sent to our servers only to authenticate save requests.

5. Data storage and security

Your data is stored in a PostgreSQL database hosted on Supabase. API keys are encrypted at rest. We use HTTPS for all data in transit. Access to your data is restricted to authenticated requests only.

6. Third-party services

  • Stripe— payment processing. Subject to Stripe's privacy policy.
  • OpenAI— AI drafting, remix generation, and related content processing for Pro subscribers. Relevant content is sent to OpenAI's API to generate outputs. Subject to OpenAI's privacy policy.
  • Anthropic— AI drafting and remix generation for BYOK users using an Anthropic key. Subject to Anthropic's privacy policy.
  • Supabase— database hosting and related storage infrastructure. Subject to Supabase's privacy policy.
  • Google Analytics (GA4) — we use Google Analytics to collect anonymous, aggregated data about how the app is used (e.g. page views, feature usage). This data does not include your post content, API keys, or any personally identifiable information beyond what Google collects by default (IP address, browser type). Subject to Google's privacy policy. You can opt out using the Google Analytics opt-out browser add-on.

7. Your rights

You can request deletion of your account and associated data by contacting us. You can also revoke extension tokens at any time from the Settings page.

8. Contact

If you have questions about this policy or your data, contact us at notify@koomastudio.com.