← Back to home

Privacy Policy

Last updated 2026-04-15

This is a plain-English rundown of what data Kollabo collects, what we do with it, and your rights around it.

What we collect

  • Account data: your email, name, and the password hash stored by Supabase.
  • Brand profile: your business name, industry, audience, goals, voice samples, colours, logo — whatever you enter during onboarding and settings.
  • Generated content: the captions, ads, emails, images, and plans the AI creates for you.
  • Usage data: how many content plans / captions / etc. you've generated this month, so we can enforce plan limits.
  • Payment data: handled entirely by Stripe. We store your Stripe customer ID but never see your card details.

Who we share it with

Third-party services we use to run Kollabo:

  • Supabase — database + file storage (your brand profile, generated content, logo uploads)
  • Anthropic (Claude) — AI generation. Your brand profile + prompts are sent to Claude to produce output. Anthropic doesn't train on API inputs.
  • Stripe — payment processing. They see your card; we don't.
  • Resend — transactional emails (welcome, password reset, notifications).
  • Vercel — hosting + request logs.

We never sell your data. We never give it to advertisers. We only share with the above providers because they're required to run the service you're paying for.

Cookies

We use essential cookies for authentication (so you stay logged in) and session management. No tracking cookies, no third-party ad pixels.

Your rights

  • Access: ask us to export everything we have on you.
  • Correction: fix anything wrong via account settings.
  • Deletion: email hello@kollabo.online and we'll wipe your account + all generated content within 30 days.
  • Portability: we'll provide your data in JSON or CSV on request.
  • Withdraw consent: cancel any time. Data deleted per the above.

Where your data lives

Our infrastructure (Supabase, Vercel) runs on AWS regions in the US and EU. Anthropic runs in the US. If you need specific data residency (EU-only, for example), email us before signing up.

Security

All data is encrypted in transit (HTTPS) and at rest. Authentication is handled by Supabase with rate-limited login attempts. We never store plaintext passwords. Service role keys are kept server-side only.

Children

Kollabo is not for anyone under 18. If we learn a child signed up, we'll delete the account.

Changes

If we materially change this policy we'll email you at least 14 days before it takes effect.

Contact

Privacy questions → hello@kollabo.online.

This is a plain-language placeholder to get Kollabo launched. Before scaling or taking EU enterprise clients we'll replace it with a fully reviewed policy.