What We Collect. Why. How To Get It Back.

Kuroji is a product of KumoKodo, LLC ("KumoKodo," "we," "us"), a Texas limited liability company. KumoKodo is the data controller for the information described in this policy. The simplest way to reach us is privacy@kuroji.ai.

We collect three categories of data:

• Account data. Email, name, organization, billing address, and the OAuth identity you sign in with (Google by default).
• Financial data. Bank transactions via Plaid; Stripe balance transactions and charges via your read-only restricted key; payroll runs from connected providers. We never collect or store bank credentials — those live with Plaid.
• Usage data. Page views, feature usage, error reports, and audit log of every action you or Kuroji take inside the app.

Financial data exists in your account so that Kuroji can answer questions about your money — runway, burn, anomalies, scenarios, journal entries. Account data exists so that we can authenticate you and bill you. Usage data exists so that we can detect bugs, measure feature adoption, and answer auditor questions about who did what and when.

We do not sell your data. We do not train models on your data. We do not share your data with advertisers. We do not allow our subprocessors to use your data for any purpose other than the service they provide to us.

You and the people you’ve invited to your organization. KumoKodo engineers can access infrastructure-level metadata for debugging, but cannot read your transactions without an explicit support ticket from you authorizing it (and that authorization is itself an event on the audit chain).

Our subprocessors:

• Vercel (hosting, in the United States)
• Neon (Postgres database, in the United States)
• Anthropic (model inference, via the Vercel AI Gateway)
• Plaid (bank-account aggregation)
• Stripe (payment processing for our subscription billing)
• Resend (transactional email)
• Google (OAuth sign-in)

For as long as your account is active, plus thirty days after you delete it. Tax-related records may be retained for up to seven years as required by US tax law, but in a separate cold-storage tier with no access path from the live application.

You can delete your account in two clicks from the Settings page. Deletion is irreversible after the thirty-day grace period.

You can:

• Export every event, journal entry, and supporting blob
• Correct anything inaccurate
• Delete your account entirely
• Object to specific processing (write to privacy@kuroji.ai)

California residents have additional rights under CCPA / CPRA; European users under GDPR. Same email address; we’ll route the request appropriately.

We use one cookie — an HTTP-only session cookie that authenticates you to the application. No analytics cookies, no advertising cookies, no third-party trackers in the marketing site or the app.

If we materially change this policy, we’ll email every active account at least thirty days before the change takes effect. Trivial edits (typo fixes, clarifications) are made in place with the updated date at the top.