K
Kora

Legal

Privacy Policy

Last updated: February 28, 2026

Kora ("Kora", "we", "us", or "our") operates the Kora broker assistant platform, including our website, web application, API, and any associated integrations (collectively, the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights in relation to it.

By accessing or using the Service you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account and Profile Data

When you register or are invited to Kora we collect: full name, email address, phone number, company name, job title, timezone, and preferred language. For organisation accounts we also collect the organisation name, subdomain, and billing contact details.

1.2 CRM and Business Data

As you use the Service you may enter data about your clients, prospects, deals, documents, and communications ("CRM Data"). This may include names, contact details, financial information, and deal-related notes belonging to your customers. You retain ownership of all CRM Data we process it solely to deliver the Service.

1.3 Usage and Telemetry Data

We automatically collect information about how you interact with the Service, including: pages visited, features used, session duration, browser type, operating system, device type, and approximate geographic region derived from your IP address.

1.4 AI Conversation Data

When you or your customers interact with Kora's AI assistant (via the dashboard or WhatsApp), the messages exchanged are processed to generate responses and may be stored to maintain conversation context and improve the assistant's accuracy within your account. Conversation data is stored on a per-broker or per-thread basis and is not shared across unrelated accounts.

1.5 Integration Data

If you connect third-party services (e.g. Google Calendar, WhatsApp Business, email providers), we collect the OAuth tokens and any data returned from those services that is necessary to fulfil the integration's purpose.

1.6 Communications

If you contact our support team or send us feedback, we retain those messages to respond and improve the Service.

2. How We Use Your Information

  • Providing, operating, and maintaining the Service
  • Authenticating your identity and managing your account
  • Processing and responding to AI assistant conversations
  • Sending transactional emails (e.g. invitations, password resets, reminders)
  • Sending WhatsApp notifications and AI-generated responses on your behalf
  • Generating inquiry links and managing form responses
  • Diagnosing technical issues, monitoring uptime, and improving reliability
  • Analysing aggregated usage trends to improve features this analysis uses anonymised or pseudonymised data only
  • Complying with legal obligations and enforcing our Terms of Service

We do not sell, rent, or trade your personal data or CRM Data to third parties for advertising purposes.

3. Data Sharing and Disclosure

We may share your information with:

  • Sub-processors trusted service providers that help us operate the Service (database hosting, AI model providers, email delivery, vector databases, analytics). Each is bound by confidentiality obligations and processes data only on our instructions.
  • Integrations you authorise when you connect a third-party service, data necessary for that integration is shared with the relevant provider.
  • Your organisation if you are a member of a Kora organisation, your profile information and activity may be visible to organisation administrators.
  • Legal requirements if required by law, court order, or to protect the rights, property, or safety of Kora, our users, or the public.
  • Business transfers in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

4. Data Retention

We retain personal data for as long as your account is active or as needed to provide the Service. CRM Data is retained until you delete it or close your account. Conversation and memory data associated with AI threads is retained to preserve context between sessions; you may request deletion at any time.

When you close your account we will delete or anonymise your personal data within 90 days, except where we are required to retain it for legal or regulatory purposes.

5. Data Security

We use industry-standard security measures including TLS encryption in transit, encryption at rest for sensitive fields, role-based access controls, and regular security reviews. Authentication is managed via Supabase, which provides secure JWT token handling.

No method of transmission over the internet is 100% secure. While we take every reasonable precaution, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at hello@tellkora.com.

6. Cookies and Tracking

We use the following types of cookies and local storage:

  • Strictly necessary session cookies required for authentication and security (e.g. Supabase session token, CSRF protection).
  • Functional cookies that remember your preferences such as locale, theme, and onboarding state.
  • Analytics anonymised usage data to understand how the Service is used. You may opt out by contacting us.

We do not use third-party advertising cookies.

7. Your Rights

Depending on your location you may have the following rights:

  • Access request a copy of the personal data we hold about you.
  • Rectification ask us to correct inaccurate data.
  • Erasure request deletion of your personal data.
  • Restriction ask us to limit how we process your data.
  • Portability receive your data in a structured, machine-readable format.
  • Objection object to processing based on legitimate interests.
  • Withdraw consent where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at hello@tellkora.com. We will respond within 30 days.

8. International Data Transfers

Kora operates globally. Your data may be transferred to and processed in countries other than your own. Where data is transferred outside the European Economic Area we rely on standard contractual clauses or equivalent safeguards approved by relevant supervisory authorities.

9. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, for material changes, notify you by email or via an in-app notice. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please reach out:

Kora

Email: hello@tellkora.com

Last updated: February 28, 2026Read our Terms of Service →