Privacy Policy

KozaCore AI ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. By using the Service, you agree to the practices described here.

From Discord OAuth: When you log in, we receive your Discord user ID, username, and avatar hash. We do not receive your Discord password, email address, or access to your messages.

Character data: Names, personality descriptions, system prompts, and configuration you enter for your AI characters.

Bot tokens: Your Discord bot tokens are stored encrypted at rest using AES-256-GCM. They are only decrypted in memory at runtime to operate your characters.

API keys (BYOK): If you provide third-party API keys (Groq, Google, Anthropic, OpenAI), they are stored encrypted using AES-256-GCM and are only used to make requests on your behalf.

Conversation data: AI character conversations are stored temporarily to provide memory context (up to 10 messages on Free, up to 50 on Premium). This data is associated with your Discord user ID.

Usage data: We log aggregate API request counts, message volumes, and error events for operational monitoring. We do not log the content of AI conversations for analytics purposes.

Payment data: Payments are processed by PayPal. We store your PayPal subscription ID and billing dates but do not store credit card or payment method details.

Support tickets: If you contact us via the in-app Support Chat, your messages are stored and associated with your account.

• To operate and provide the Service, including running your AI characters on Discord.
• To manage your account, subscription, and billing.
• To respond to support requests.
• To monitor and improve Service performance and reliability.
• To enforce our Terms of Service and prevent abuse.
• To send transactional communications (e.g., subscription confirmations). We do not send marketing emails.

We do not sell your personal data. We may share data with:

• AI inference providers (Groq, Google, Anthropic, OpenAI): Message content is sent to these providers to generate AI responses. Each provider has their own privacy policy.
• PayPal: Billing and subscription processing.
• Discord: Bot tokens are used to authenticate with Discord's API.
• Infrastructure providers: Our hosting and database providers may have access to data as part of providing their services.
• Legal requirements: We may disclose data if required by law or to protect the rights, property, or safety of KozaCore, our users, or others.

• Account data is retained for as long as your account is active.
• Conversation memory data is capped at your plan's memory limit and older messages are automatically pruned.
• If you delete your account or a character, associated data is deleted from our databases within 30 days.
• Support ticket history may be retained for up to 12 months for quality and safety purposes.
• Encrypted credentials (bot tokens, API keys) are deleted immediately when you remove them.

We take reasonable technical and organizational measures to protect your data, including:

• AES-256-GCM encryption for all sensitive credentials at rest.
• HTTPS/TLS for all data in transit.
• Access controls limiting who can access production systems.
• Session tokens with expiration and secure cookie attributes.

No system is completely secure. In the event of a data breach affecting your information, we will notify affected users as required by applicable law.

Depending on your location, you may have rights including:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your account and associated data.
• Portability: Request your data in a machine-readable format.
• Objection: Object to certain processing of your data.

To exercise any of these rights, contact us via the Support Chat in your dashboard or our Discord server.

We use a single secure, HTTP-only session cookie (kc_ai_session) to maintain your login state. We do not use tracking cookies, advertising cookies, or third-party analytics scripts.

The Service is not directed to children under 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify users of material changes via a notice on the dashboard. The date at the top of this page reflects the most recent update.

For privacy-related requests or questions, contact us via the Support Chat in your dashboard, or join our Discord server.