Privacy Policy

1. Information We Collect

We collect the following categories of information:

Account Information

When you create an account, we collect your name, email address, and authentication credentials managed through our authentication provider (Clerk). We may also collect your profile picture if provided.

Payment Data

When you subscribe to a paid plan, payment information (including credit card numbers, billing address, and related details) is collected and processed directly by Stripe, Inc. We do not store your full payment card details on our servers. We retain your Stripe customer ID, subscription status, and billing cycle information.

Files & User Content

We store the files you upload to the Service on Cloudflare R2 infrastructure. We collect file metadata including file names, sizes, upload timestamps, and folder structure.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, upload and download activity, storage utilization, and session duration.

Device & Browser Information

We collect device type, operating system, browser type and version, IP address, general geographic location (derived from IP address), and referring URL. This information is collected automatically through server logs and analytics tools.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Service
• To process transactions and manage your subscription
• To send transactional communications (account verification, billing receipts, subscription changes, security alerts)
• To monitor and analyze usage patterns to improve the Service
• To detect, prevent, and address fraud, abuse, and security issues
• To enforce our Terms of Service and other policies
• To respond to your inquiries and provide customer support
• To comply with legal obligations and respond to lawful requests from public authorities

3. Legal Basis for Processing

We process your personal information on the following legal bases:

• Contract Performance. Processing necessary to fulfill our contractual obligations to you (providing the Service, processing payments)
• Legitimate Interests. Processing necessary for our legitimate business interests (fraud prevention, service improvement, analytics)
• Consent. Where you have given explicit consent to specific processing activities
• Legal Obligation. Processing necessary to comply with applicable laws and regulations

4. Data Sharing & Third Parties

We share your information with the following third-party service providers who assist in operating our Service:

• Clerk — Authentication and user identity management
• Stripe, Inc. — Payment processing and subscription billing
• Cloudflare (R2) — File storage infrastructure
• Supabase — Database hosting and management
• Vercel — Application hosting and serverless infrastructure

We may also disclose your information:

• To comply with any court order, law, or legal process, including responding to any government or regulatory request
• To enforce our Terms of Service and other agreements
• If we believe disclosure is necessary to protect the rights, property, or safety of Krevo, our users, or others
• In connection with a merger, acquisition, restructuring, or sale of assets, in which case your information may be transferred as a business asset

We do not sell your personal information to third parties.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data is retained for the duration of your account plus 30 days after deletion
• Files are retained according to your subscription plan's retention period, and deleted within 30 days of account termination
• Billing data is retained for a minimum of 7 years to comply with tax and accounting obligations
• Usage logs are retained for up to 24 months for analytics and security purposes

6. Data Security

We implement reasonable and appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS/SSL), secure authentication protocols, and access controls on our infrastructure. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security. You acknowledge and accept this inherent risk.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Right to Access. You may request a copy of the personal information we hold about you
• Right to Correction. You may request correction of inaccurate or incomplete personal information
• Right to Deletion. You may request deletion of your personal information, subject to certain legal exceptions
• Right to Portability. You may request your data in a structured, commonly used, machine-readable format
• Right to Object. You may object to certain processing activities based on legitimate interests

To exercise any of these rights, please contact us at privacy@krevo.io. We will respond to your request within 30 days. We may require verification of your identity before processing your request.

8. Children's Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are under 13, please do not use the Service or provide any information to us. If we learn that we have collected personal information from a child under 13 without parental consent, we will delete that information promptly. If you believe that a child under 13 has provided us with personal information, please contact us at privacy@krevo.io.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where our service providers operate. We take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

10. Cookies & Tracking

We use cookies and similar tracking technologies to operate and improve the Service. Specifically:

• Essential Cookies. Required for authentication, session management, and security. These cannot be disabled.
• Functional Cookies. Used to remember your preferences and settings (e.g., theme, layout preferences)
• Analytics Cookies. Used to understand how users interact with the Service, which helps us improve functionality and performance

You can control cookies through your browser settings. Disabling essential cookies may impair your ability to use the Service.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information is being collected, used, shared, or sold
• The right to delete personal information held by us
• The right to opt-out of the sale of personal information (note: we do not sell personal information)
• The right to non-discrimination for exercising your CCPA rights

To exercise your California privacy rights, please contact us at privacy@krevo.io or submit a request through your account settings. We will verify your identity before processing your request and respond within 45 days.

12. Texas Privacy Rights

If you are a Texas resident, the Texas Data Privacy and Security Act (TDPSA) provides you with additional rights regarding your personal data, including the right to access, correct, delete, and obtain a portable copy of your personal data, as well as the right to opt out of certain processing activities. Krevo is based in Austin, Texas and complies with applicable Texas privacy laws. To exercise your rights under Texas law, please contact us at privacy@krevo.io. We will respond within the timeframe required by applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will post the updated policy on this page and update the “Last Updated” date. We may, but are not obligated to, notify you of material changes via email or an in-app notification. Your continued use of the Service after the posting of changes constitutes your acceptance of such changes. We encourage you to review this Privacy Policy periodically.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: