KoreKloud/Legal

Effective Date: April 1, 2026

English

KoreKloud Privacy Policy

1. Scope

This Privacy Policy explains how KoreKloud handles information when you use our web or mobile Services, create or manage accounts, upload files, participate in courses, or use AI-assisted features such as OCR, question generation, explanations, and visual generation.

2. Information We Collect

We may collect the following categories of information:

Account and profile information

This may include your name, email address, role, locale, sign-in method, linked sign-in providers, organization relationship, family relationship, and other account settings you choose to provide.

Authentication, session, and security information

This may include session identifiers, login events, device or browser information, user agent strings, IP address, approximate geolocation derived from IP, audit logs, and records of policy acceptance.

Billing and subscription information

If you use paid features, we may collect or receive plan, subscription, credit-usage, transaction, and billing-related information needed to provide those features and manage payment workflows.

Notification and device information

If you enable notifications or use supported web or mobile features, we may collect push notification tokens, device identifiers, platform information, notification-permission status, and related settings needed to register devices, deliver notifications, and manage notification preferences.

Content and activity information

This includes files you upload, course and activity data, OCR results, prompts, generated questions, generated explanations, generated visuals, submissions, results, progress data, learning analytics, notification settings, and related metadata.

Usage, diagnostics, and support information

This may include feature usage data, app or browser diagnostics, crash and error reports, performance data, and the content of messages you send to us for support or legal inquiries.

3. How We Use Information

We use information to:

  • create and manage accounts, including managed accounts such as family member and organization-linked accounts;
  • authenticate users, maintain sessions, verify sign-in activity, and keep the Services secure;
  • operate courses, activities, uploads, notifications, and web/mobile product experiences;
  • register devices for notifications, store notification preferences, and deliver service-related or user-enabled notifications;
  • process uploads through validation, malware scanning, OCR, AI generation, storage, and related workflows;
  • provide subscriptions, credits, quotas, billing, and purchase-related support;
  • generate learner, family, instructor, and organization analytics and insights;
  • troubleshoot issues, monitor service health, and improve product reliability and usability; and
  • enforce our Terms and policies, investigate misuse, and maintain audit and consent records.

4. AI Processing and Uploaded Materials

When you use upload or AI features, KoreKloud may send relevant content and metadata to KoreKloud systems and third-party service providers used for cloud storage, security scanning, OCR, and model processing so we can provide the requested feature.

This can include uploaded documents, prompts, OCR requests, question-generation inputs, explanation-generation inputs, visual-generation requests, and related technical metadata needed to run the workflow, store results, or investigate failures.

Generated outputs and related workflow records may be stored with your account, courses, activities, or other service records so that the features continue to function.

5. How We Share Information

We may share information:

  • with service providers that support hosting, storage, email, authentication, payments, diagnostics, security, notification delivery, and AI processing on our behalf;
  • with family managers, organization administrators, instructors, learners, or other authorized participants when the account or content is part of a managed or shared environment;
  • when a course creator or other authorized participant shares a join code, invite link, or QR code, with the people who use that access path to the extent needed to show limited course metadata and process enrollment requests;
  • with payment providers when you purchase paid features or top-ups; and
  • when required by law, legal process, or a good-faith need to protect the rights, safety, or integrity of KoreKloud, our users, or third parties.

Third-party services that integrate with or support KoreKloud may have their own terms and privacy practices.

6. Cookies, Local Storage, and Similar Technologies

Our web experience may use cookies and similar technologies to authenticate sessions, remember preferences, maintain security, and keep the Services working properly.

Our web and mobile applications may also use local, secure, or device storage for similar operational purposes. If you disable required storage features, parts of the Services may not function correctly.

7. Retention

We retain information for as long as reasonably necessary to:

  • provide the Services and support active accounts;
  • manage subscriptions, credits, billing, and transaction records;
  • preserve security, audit, abuse-prevention, and policy-consent records;
  • investigate incidents, resolve disputes, and enforce our Terms and policies; and
  • comply with legal obligations.

Retention periods vary based on the type of information and the feature involved. Deleting content or closing an account may not immediately remove every copy from backups, caches, logs, or third-party provider systems, and some records may be retained or de-identified when reasonably necessary for security, billing, audit, abuse prevention, dispute handling, or legal compliance.

Account deletion, billing, and anti-abuse retention

Where in-product account deletion is available, the current workflow requires approval through a time-limited link sent to the email address for the account being deleted or, for managed deletions, the authorized approving account. Self-service deletion is available only for certain roles. Managed accounts, including family-managed member accounts and organization-linked staff or non-owner administrator accounts, may only be deleted by the sponsoring family manager, organization owner, or other authorized administrator.

In-product account deletion is not available while certain blockers remain. These blockers currently include paid subscriptions, recorded paid subscription charges or refunds, activities the account still owns, family-managed member accounts that remain under a family owner, and organization users that remain under an organization owner. If the account being deleted is an organization owner, the organization may need to be cleared of other users first, and completing that deletion can also remove the linked organization record.

When an approved deletion request moves forward, KoreKloud may immediately disable access to the target account, revoke active sessions, and begin removing the deleted account and directly owned product data. Depending on the account's role and activity, this can include account-owned uploads, submissions, materials uploaded into other users' courses or workspaces, creator-owned course or activity content, debug artifacts, cached work product, notification tokens, and other operational records tied to that account.

Some billing and operational records linked only to the deleted account may also be deleted as part of the purge. Other records may remain outside the deleted account profile when reasonably necessary for chargeback handling, tax or accounting, fraud prevention, security, legal compliance, or operational integrity, including provider webhook payloads, deletion workflow records, and system-owned audit entries.

For free plans, if an email address associated with a free-plan subscription actually consumes free subscription credits during a billing window, we retain a small system-owned anti-abuse record using a keyed hash of a normalized email address, the applicable billing window, and limited plan, role, and transaction snapshot data needed to enforce that limit. We do not store the raw email address in that anti-abuse record. The lock record itself is deleted after the relevant billing window plus up to 7 additional days, although we may separately retain related security, abuse-prevention, or legal records where reasonably necessary.

8. Your Choices and Requests

You may be able to update certain account details, preferences, or content inside the Services.

Where supported, you may also manage some notification permissions or settings through the Services, your browser, or your device operating system.

Where available, you may delete certain content or manage sharing settings in the product. For broader requests about access, correction, account closure, or deletion, contact legal@korekloud.com or support@korekloud.com.

Where in-product account deletion is available, the current flow requires a confirmation phrase and email approval, and the approval link can expire. If blockers appear or reappear before purge begins, or if the ownership or admin context for a managed account changes, a new request may be required. Deletion of managed member accounts and organization-linked staff or non-owner administrator accounts may only be initiated by the applicable family manager, organization owner, or other authorized administrator. If your account has paid subscriptions, recorded paid subscription charges or refunds, family-managed member accounts, remaining organization users, or owned activities that must be removed first, the Services may require those issues to be resolved before in-product deletion can proceed.

Once an approved request is queued, we may deactivate the target account and revoke active sessions before purge completes. We may need to verify your identity before acting on a request, and we may retain information that is reasonably required for security, billing, audit, abuse prevention, dispute handling, or legal reasons.

If you use a managed account, some settings or rights may be controlled by the family manager, organization administrator, or other account sponsor that provides your access.

9. Children and Managed Accounts

KoreKloud supports family-managed member accounts and other managed account arrangements. If you create or manage an account for a child, dependent, student, or staff member, you are responsible for ensuring you have the authority, notices, and permissions needed to do so.

If we learn that an account or data was provided without the required authority or permission, we may restrict or disable access while we investigate and take appropriate action.

10. Security

We use administrative, technical, and organizational measures intended to protect information, including authentication controls, session management, rate limiting, logging, and monitoring.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice through the Services, by email, or by other reasonable means. The updated effective date will appear at the top of this Policy.

12. Contact

For privacy-related questions or requests, contact:

  • legal@korekloud.com
  • support@korekloud.com