← Back to Home

Privacy Policy

This document was last updated on March 27, 2026.

Kopra Labs ("Kopra", "we", "us", or "our") operates the Kopra platform, including the web application, REST API, JavaScript SDK, and embeddable field editor. This Privacy Policy explains what information we collect, how we use it, and what rights you have regarding your data.

Information We Collect

We collect the following categories of information:

  • Account information. When you create an account, we collect your name, email address, and password. If you sign up through a third-party provider, we receive your name and email from that provider.
  • Field group configurations. The field groups, global fields, and tenant fields you create and manage through our platform.
  • Field values. The data your end users enter through field editors, stored as JSON values associated with specific entities, tenants, and field groups.
  • API usage data. Request logs including timestamps, endpoints accessed, response codes, and API key identifiers. This data is used for rate limiting, usage tracking, and billing.
  • Audit logs. Records of actions performed on your account, including what was created, updated, or deleted, and when.
  • Payment information. When you subscribe to a paid plan, payment details are collected and processed by our payment provider (Stripe). We do not store your full credit card number on our servers.

How We Store Your Data

All data is stored on European cloud infrastructure. We use secure connections (TLS) for all data in transit between your browser or application and our servers.

Multi-Tenant Data Isolation

Kopra is a multi-tenant platform. Every piece of data you create is associated with your unique client identifier. Your field groups, field values, API keys, webhooks, and audit logs are strictly isolated from other customers. No customer can access another customer's data through any API endpoint, SDK method, or embed token.

How We Use Your Information

  • To provide, maintain, and improve the Kopra platform.
  • To process your field configurations and serve field values through our API, SDK, and embeddable editor.
  • To track usage against your plan limits and generate billing.
  • To send you important service updates, security notices, and support messages.
  • To dispatch webhook events to endpoints you have configured.
  • To detect and prevent abuse, fraud, or violations of our terms.

We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or your customers' field data to third parties. We do not use your field values to train machine learning models. We do not share your data with advertisers.

Cookies

We use minimal cookies. Our application uses a session cookie to keep you logged in. This cookie is essential for the service to function and cannot be disabled while using the application. We do not use third-party advertising cookies. We use PostHog for product analytics (pageviews, feature usage) and Crisp for live chat support. Both services may set their own cookies. You can manage cookie preferences through your browser settings.

Third-Party Services

We use the following third-party services to operate our platform:

  • Stripe for payment processing. Stripe receives your payment details directly and is subject to their own privacy policy.
  • Email provider for transactional emails such as password resets, account verification, and service notifications. Your email address is shared with our email provider solely for delivery purposes.
  • Cloud hosting provider for infrastructure. All data is stored in secured, encrypted environments.

Data Retention and Deletion

We retain your data for as long as your account is active. When you delete a resource (such as a field group or field value), it is soft-deleted and excluded from all API responses and queries immediately. Soft-deleted data is permanently purged within 90 days.

If you close your account, all of your data, including field groups, field values, API keys, webhooks, and audit logs, will be permanently deleted within 30 days. You may request an export of your data before account closure.

Your Rights (GDPR and Similar Regulations)

If you are located in the European Economic Area, the United Kingdom, or any jurisdiction with similar data protection laws, you have the following rights:

  • Right to access. You can request a copy of all personal data we hold about you.
  • Right to rectification. You can ask us to correct inaccurate data.
  • Right to deletion. You can ask us to delete your account and all associated data.
  • Right to data portability. You can request your data in a machine-readable format (JSON or CSV).
  • Right to restrict processing. You can ask us to limit how we use your data.
  • Right to object. You can object to processing of your data for specific purposes.

To exercise any of these rights, contact us at privacy@kopra.dev. We will respond within 30 days.

Children's Privacy

Kopra is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by placing a notice on our website at least 30 days before the changes take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at privacy@kopra.dev.

Kopra Labs

← Back to Home