Privacy Policy

We collect information you provide directly to us when you create an account, use our services, or communicate with us. This includes:

Account data: Your name, email address, password (hashed, never stored in plaintext), and company name when you register.

CRM data: All data you enter into Kuro — contacts, companies, leads, deals, notes, tasks, and activities. This data belongs entirely to you.

Usage data: Information about how you interact with Kuro, including pages visited, features used, session duration, and actions taken. This helps us improve the product.

Device data: IP address, browser type, operating system, and device identifiers for security and performance monitoring.

Communications: If you contact our support team, we retain those communications to provide better assistance.

We use the information we collect to:

- Provide, maintain, and improve Kuro's features and services - Process your account registration and authenticate your identity - Send transactional emails — account confirmation, password resets, billing receipts - Send product updates and new feature announcements (you can opt out at any time) - Detect, prevent, and investigate security incidents or fraudulent activity - Comply with legal obligations and enforce our Terms of Service - Conduct aggregate, anonymized analytics to understand product usage patterns

We do not sell your personal data to third parties. We do not use your CRM data (your contacts, deals, leads, etc.) for any purpose other than providing the Kuro service to you.

We share your data only in these limited circumstances:

Service providers: We work with trusted third-party service providers to operate Kuro — including cloud infrastructure (Neon, Vercel), email delivery (Resend), and payment processing. These providers access only the data they need to perform their specific function and are bound by data processing agreements.

Legal requirements: We may disclose your data when required by law, court order, or government authority, or when we believe disclosure is necessary to protect rights, property, or safety.

Business transfers: If Kuro is acquired, merged, or sold, your data may be transferred as part of that transaction. We will notify you in advance.

With your consent: We may share your data in other ways if you explicitly consent.

We never sell, rent, or trade your personal data to advertisers or data brokers.

Kuro uses cookies and similar tracking technologies to:

- Maintain your login session across browser tabs and page refreshes - Remember your preferences (theme, sidebar state, accent color) - Analyze aggregate usage patterns to improve the product

We use the following types of cookies:

Essential cookies: Required for Kuro to function. Cannot be disabled. Preference cookies: Remember your settings. Can be cleared by clearing browser cookies. Analytics cookies: Aggregate, anonymized usage data. You can opt out via your account settings.

We do not use advertising cookies or share data with advertising networks.

We retain your data for as long as your account is active or as needed to provide you with our services.

If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal compliance (e.g., billing records, which we retain for 7 years as required by law).

CRM data (your contacts, deals, etc.) is deleted within 30 days of account deletion. We recommend exporting your data via CSV export before deleting your account.

Anonymized aggregate usage data may be retained indefinitely.

Depending on your location, you may have the following rights regarding your personal data:

Right to access: Request a copy of all personal data we hold about you. Right to rectification: Correct inaccurate or incomplete data. Right to erasure: Request deletion of your personal data (the "right to be forgotten"). Right to portability: Receive your data in a structured, machine-readable format. Right to object: Object to our processing of your data for certain purposes. Right to restrict processing: Request that we limit how we use your data. CCPA opt-out: California residents have the right to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at admin@intelura.com. We will respond within 30 days.

We take data security seriously. Technical measures we use include:

- AES-256 encryption for all data at rest - TLS 1.3 for all data in transit - Bcrypt hashing for all passwords (never stored in plaintext) - Role-based access controls throughout the application - Annual SOC 2 Type II audits - Regular penetration testing by independent firms - Incident response plan with 72-hour notification policy

No security system is perfect. In the event of a data breach that affects your personal data, we will notify you promptly as required by applicable law.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email and display a notice within the Kuro application at least 14 days before the changes take effect.

Your continued use of Kuro after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

The date this policy was last updated is shown at the top of this page.

For privacy-related questions, data subject requests, or to report a concern, contact us at:

Email: admin@intelura.com Response time: We respond to all privacy requests within 30 days.

For security vulnerabilities specifically, please use the same email and mark your subject line "Security Disclosure."