Privacy Policy
Last updated: August 27, 2025
This Privacy Policy describes how Profit Koala, UAB (“kopa.ai”, “we”, “us”, “our”) collects, uses, stores, and shares information when you use our website, applications, and related services (the “Services”).
We are committed to protecting your privacy and handling your data in a transparent and secure manner.
1. Company Information
Data Controller: Profit Koala, UAB
Registered office: Švitrigailos g. 11a, LT-03204 Vilnius
Company code: 306649315
Email for privacy inquiries: support@kopa.ai
Data Protection Officer inquiries: privacy@kopa.ai
2. Information We Collect
We collect the following categories of data:
a) Information you provide directly
- Name, email address, billing details
- Store URL and related store information
- Communications you send to us (support tickets, feedback, etc.)
b) Information from integrations
When you connect third-party services (Shopify, Klaviyo, Google, Meta, etc.), we access only the data necessary to perform the requested tasks.- Order, product, marketing, and campaign performance data
- Output of tasks is stored only in your account’s chat/session history and not as separate permanent records
c) Automatically collected information
- IP address, browser type, device information
- Session cookies and log files
- Advertising and tracking pixels
- Usage data related to your interactions with the Services
d) Payment information
Payments are processed exclusively by Stripe. We do not collect or store your credit card details.e) Information you provide during use
While using Kopa.ai and interacting with our AI agents, you may provide information related to your business operations, customers, or personal context (for example, by entering text in chats, uploading store details, or creating automations). This information is stored in your account’s chat and activity history so that the Services can execute tasks, provide insights, and maintain context for your ongoing use.
2.1 Data Processing Overview
| Purpose | How We Use It | Personal Data Processed | Legal Basis (GDPR/CCPA) | How Long We Keep It |
| Account setup & authentication | To create and manage your account, provide login and access | Name, email, store URL, billing details | Contractual necessity | For the duration of the account + 1 year grace period |
| Service execution & personalization | To perform tasks, run automations, personalize dashboard & chat | Store data (from Shopify, Klaviyo, Google, Meta integrations), session history | Contractual necessity; Legitimate interest | For the duration of the account + 1 year grace period |
| Billing & usage tracking | To process payments and track AI credit usage | Billing details, usage logs, Stripe transaction IDs | Contractual necessity; Legal obligation | As required by law (typically 5–10 years for financial records) |
| Product improvement & AI training | To analyze usage and improve our AI models | Anonymized/aggregated session data, logs, chat requests | Legitimate interest; Consent (where required) | Retained until anonymization or account deletion |
| Communication & product updates | To send you updates, service notices, and respond to support requests | Name, email, store information | Legitimate interest; Consent (marketing emails) | Until unsubscribed or account deleted |
| Security & fraud prevention | To detect misuse, secure accounts, and maintain system integrity | IP address, browser/device info, logs | Legitimate interest; Legal obligation | For the duration of the account + 1 year grace period |
| Cookies & analytics | To maintain sessions, measure performance, and run advertising | Cookies, session tokens, pixel data | Consent (where required); Legitimate interest | Until cookies expire or user deletes them |
| Legal compliance | To comply with applicable tax, accounting, and regulatory obligations | Billing records, account data | Legal obligation | As required by law (e.g., 10 years in Lithuania for tax docs) |
| AI agent interaction | To process user commands, generate insights, and maintain chat/session history | Text, prompts, instructions, and any information you voluntarily provide during use | Contractual necessity; Legitimate interest | For the duration of the account + 1 year grace period |
3. How We Use Data
We use collected information for the following purposes:
- To operate and improve our Services
- To execute user commands and automations (e.g., generating insights, updating marketing campaigns, inventory actions)
- To personalize the product experience
- To communicate product updates and service notices
- To provide billing, usage tracking, and AI credit transparency
- To maintain security, logs, and product performance
- For compliance with legal obligations
- For AI model training and product improvement (we may use anonymized or aggregated data where possible)
4. Legal Basis for Processing (GDPR)
We process your data under the following legal grounds:
- Contractual necessity: to deliver the Services you request
- Legitimate interest: to improve our Services, ensure security, and communicate with you
- Consent: for cookies, advertising pixels, and marketing communications
- Legal obligation: where applicable under EU or US law
5. Data Sharing and Third Parties
We do not sell or rent your data.
We only share your data with third parties that process it on our behalf, such as:
- Stripe (payment processing)
- Cloud hosting providers (servers located in the US)
- Consent: for cookies, advertising pixels, and marketing communications
- Integrated platforms you authorize (Shopify, Google, Meta, Klaviyo, etc.)
These parties act as processors under our instructions and may not use your data for their own purposes.
6. International Data Transfers
We store and process data on servers located in the United States.
For users in the EU/EEA, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) to ensure compliance with GDPR.
7. User Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate information
- Deletion: Request erasure of your data
- Portability: Request export of your data in a machine-readable format
- Objection/Restriction: Object to certain processing or request restrictions
You can exercise these rights by contacting us at support@kopa.ai.
We may require verification of your identity before processing requests.
8. Cookies & Tracking
We use cookies and similar technologies to:
- Keep you logged in and maintain session security
- Analyze product performance and improve usability
- Support advertising and marketing through third-party pixels
You may manage cookie preferences via your browser settings or opt-out tools where available.
9. Children’s Privacy
Our Services are not directed to children under 13 (or under 16 in certain jurisdictions).
We do not knowingly collect personal information from children. If we become aware that a child’s data has been collected, we will delete it promptly.
10. Data Security
We implement technical and organizational measures to protect your information, including:
- Encryption in transit and at rest
- Access controls and monitoring
- Secure infrastructure hosted by leading providers
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
11. Updates to This Policy
We may update this Privacy Policy from time to time.
We may update this Privacy Policy from time to time.
12. Contact
If you have any questions about this Privacy Policy or your personal data, please contact:
📧 support@kopa.ai
📍 Profit Koala, UAB, Švitrigailos g. 11a, LT-03204 Vilnius
📧 support@kopa.ai
📍 Profit Koala, UAB, Švitrigailos g. 11a, LT-03204 Vilnius