Privacy Policy

We collect data strictly required to provide the synchronization and productivity features of Krato:

• Account Data: Your email address and authentication details managed via Supabase Auth.
• User Content: Notes, markdown text, reminders, tags, bidirectional wiki-links, and personal logs.
• Web Clipper Metadata: Page URLs, scraped Open Graph metadata (page title, description, and preview image URLs) sent explicitly by you via the Chrome Extension.
• Integration Data: If you explicitly connect your Google Drive account, we access authentication tokens solely to manage app-specific file persistence.

• Cloud Infrastructure: Your data is hosted on secure servers managed by Supabase (PostgreSQL), utilizing Row Level Security (RLS) to strictly enforce that only you can access or read your data rows.
• Security: Data is encrypted in transit (SSL/TLS) and at rest. Backup snapshots are heavily encrypted.
• Zero Monetization: We do not sell, rent, trade, or share your data or notes with third-party advertisers or data brokers.

To deliver cross-platform functionalities, we securely share specific data with vetted infrastructure partners:

• Supabase: For identity management, authentication, and core database hosting.
• RevenueCat & Apple App Store: For processing subscription state verification, transaction validation, and entitlement management. No note content is shared with billing providers.

Krato's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We only access your Google Drive to store and sync your Krato data files; we do not scan, read, or process other personal files in your cloud storage.

We collect anonymized, aggregated event telemetry (e.g., total number of extension clips processed per week, app launch counts) to monitor server loads and improve software performance. No personal identifiable information (PII) or text contents of your notes are ever included in analytics logs.

• Data Portability: You have the right to request an export of your stored notes in standard formats (such as Markdown/JSON).
• Account Deletion: You can permanently delete your account and clear all related data directly through the in-app Settings. Upon deletion request, all your records are completely purged from active production servers within 30 days.

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the in-app notification interface.

If you have any questions or concerns regarding your data privacy, email us at support@kratonote.com. We commit to responding to your inquiries within 48 hours.