Privacy Policy
Last Updated: December 2, 2025
Introduction
Welcome to Kurato. We are committed to protecting your privacy and being transparent about how we collect, use, and share your personal information.
This Privacy Policy explains:
- What information we collect
- How we use your information
- How we share your information with third parties (including AI services)
- Your rights and choices
- How we protect your information
By using Kurato, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Authentication data: Email address, name, and profile picture (from Google or Apple sign-in)
- User ID: A unique identifier for your account
- Account type: Authentication method used (Google, Apple, or Anonymous)
1.2 Content You Create
We store content you voluntarily provide, including:
- Web links: URLs you save to the app
- Projects: Project names, descriptions, and purposes you create
- Comments: Comments you post on shared projects
- Extracted data: Data extracted from web pages by AI
- Uploaded images: Screenshots or images saved from web pages
1.3 Usage Information
We automatically collect certain information about your use of the app:
- Extraction counts: Number of AI extractions performed (for rate limiting and fair use monitoring)
- Usage patterns: Extraction frequency and timing (to detect abuse and ensure fair use)
- Subscription status: Whether you're a Free or Pro user
- Error logs: Technical logs for debugging (no personal information)
Fair Use Monitoring: Pro subscriptions include "up to 500 extractions per day" subject to fair use. We monitor usage patterns to detect automated scraping, bulk processing, or commercial abuse. Violations may result in subscription cancellation or account deletion.
1.4 Device Information
We collect basic device information:
- Operating system version
- App version
- Device type (iPhone, iPad, Mac)
2. Third-Party AI Processing (Google Gemini)
⚠️ Important Notice: Kurato uses Google Gemini AI to analyze web pages and extract structured data. This means certain data is sent to Google's servers for AI processing.
2.1 When AI Processing Occurs
AI processing happens when you:
- Add a link to a Project (not Inbox)
- Manually trigger re-extraction on an existing link
You must give explicit consent before your first AI extraction. You'll see a consent dialog explaining what data is being sent to Google.
2.2 Data Sent to Google Gemini
When you use AI extraction, the following data is sent to Google's servers:
| Data Type |
Example |
Why We Send It |
| Web page content (HTML) |
Text, images, metadata from the URL you saved |
For AI to analyze and extract structured data |
| Your project name |
"Tech Products" or "Recipes" |
Helps AI understand what data to extract |
| Your project purpose |
"Track laptop specifications" or "Save recipes to try" |
Provides context for intelligent extraction |
| The URL |
https://example.com/product/123 |
Reference for the AI's analysis |
2.3 Google's Privacy Policy
Data sent to Google Gemini is processed according to Google's Privacy Policy. We do not control how Google processes this data.
Key points from Google's policy:
- Google may use API requests to improve their AI models
- Data may be stored temporarily for processing
- Google has security measures to protect data in transit and at rest
2.4 How to Opt Out of AI Processing
You can avoid AI processing by:
- Using the Inbox: Links saved to Inbox are NOT processed by AI
- Declining consent: When the consent dialog appears, tap "Cancel"
- Not triggering re-extraction: Avoid tapping "Process now" on rate-limited links
Note: If you opt out, you can still use Kurato to save and organize links, but structured data extraction will not be available.
2.5 Data Retention by Google
According to Google's Gemini API terms, prompts and responses sent to the paid API tier are not used to improve Google's products and are not retained beyond the time required to provide the service. For free-tier usage, Google may use prompts to improve services unless you opt out. We use the paid Gemini API for paying subscribers to maximize privacy. For complete details, see Google's Gemini API Terms of Service and the Google Cloud Data Processing Addendum (DPA), which governs how Google processes data on our behalf for paying customers.
2.6 Sub-processors
We use the following sub-processors to provide the Kurato service:
- Google LLC — Firebase (Firestore, Auth, Storage, Cloud Functions) and Gemini API. Subject to Google Cloud DPA.
- RevenueCat, Inc. — Subscription management. Subject to RevenueCat DPA.
- Apple Inc. — App Store distribution and in-app purchase processing. Subject to Apple's policies.
3. How We Use Your Information
3.1 To Provide the Service
- Store and sync your links and projects across devices
- Enable real-time collaboration on shared projects
- Extract structured data from web pages using AI
- Track usage limits (10 AI extractions/month on Free; 150/day on Pro; 20 web enrichments/month on Pro)
3.2 To Improve the Service
- Analyze usage patterns to identify bugs and improve features
- Monitor extraction success rates to improve scraping
- Collect crash reports to fix stability issues
3.3 To Communicate with You
- Send important service updates (e.g., policy changes)
- Respond to support requests
- Notify you of new features (you can opt out)
3.4 For Moderation and Safety
- Review reported content for policy violations
- Block users who violate our Terms of Service
- Prevent abuse and fraud
4. How We Share Your Information
4.1 With Other Users (Shared Projects Only)
When you share a project with other users, they can see:
- Your display name and profile picture
- All links in the shared project
- Comments you post on links in that project
- When you joined the project
Private projects and Inbox links are never visible to other users.
4.2 With Service Providers
We use third-party services to operate Kurato:
- Firebase (Google): Database, authentication, cloud functions, file storage
- Google Gemini AI: AI-powered data extraction (see Section 2)
- RevenueCat: Subscription management (processes payments through Apple)
These providers only have access to the minimum data necessary to perform their functions.
4.3 For Legal Reasons
We may disclose your information if required by law or in response to:
- Valid legal requests (subpoenas, court orders)
- Protecting our rights or property
- Investigating fraud or security issues
- Protecting user safety
4.4 Business Transfers
If we are acquired or merge with another company, your information may be transferred as part of that transaction. You will be notified of any such change.
4.5 With Your Consent
We may share your information for other purposes with your explicit consent.
5. User-Generated Content Moderation
5.1 Reporting System
Users can report inappropriate content (comments, project names, etc.) through the in-app reporting feature.
5.2 Moderation Process
When content is reported:
- Reports are stored in our database for admin review
- Admins can view the reported content and reporter information
- We may remove content or suspend accounts that violate our Terms of Service
- Users are notified if action is taken on their content
5.3 Automated Filtering
Currently, we do not use automated content filtering. All moderation is performed manually by administrators.
5.4 Blocking Users
You can block other users to prevent seeing their comments. Blocking is local to your account and does not affect the blocked user's access to shared projects.
6. Data Storage and Security
6.1 Where We Store Data
Your data is stored in:
- Firebase Cloud Firestore: Links, projects, comments, user profiles (US data centers)
- Firebase Storage: Uploaded images and screenshots (US data centers)
- Your device (local cache): For offline access and performance
6.2 Security Measures
We implement industry-standard security practices:
- Encryption in transit: All data sent over the internet is encrypted using HTTPS/TLS
- Encryption at rest: Firebase encrypts all data stored in their databases
- Access controls: Role-based permissions ensure users can only access their own data or shared projects they're members of
- Authentication: Secure OAuth 2.0 authentication through Google and Apple
- Security rules: Firebase security rules prevent unauthorized access to data
6.3 Data Retention
We retain your data for as long as your account is active. When you delete your account:
- Your account and all associated data are permanently deleted within 30 days
- Comments on shared projects are anonymized (username changed to "Deleted User")
- We may retain limited data for legal or security purposes (e.g., fraud prevention)
7. Your Privacy Rights
7.1 Access Your Data
You can view all your data within the app (projects, links, comments).
7.2 Export Your Data
You can export your data by:
- Using the in-app share feature to export individual links or projects
- Contacting us at support@rawplusdry.com for a full data export
7.3 Delete Your Data
You can delete your data in several ways:
- Individual items: Delete specific links, projects, or comments in the app
- Entire account: Use "Delete Account" in Settings to permanently delete all data
Account Deletion Process:
- Go to Settings → Delete Account
- Confirm deletion (this cannot be undone)
- All your data is permanently deleted within 30 days
- Shared projects you own are deleted; projects you're a member of remain active
7.4 Opt Out of AI Processing
See Section 2.4 for how to avoid AI processing of your data.
7.5 Correct Your Data
You can edit your data at any time through the app (project names, link data, etc.).
7.6 Withdraw Consent
You can withdraw consent for AI processing by:
- Only using Inbox for new links
- Not triggering re-extraction on existing links
- Deleting your account
Note: We cannot delete data already processed by Google Gemini, as it's subject to Google's data retention policies.
8. Children's Privacy
Kurato is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
If you believe a child under 13 has provided us with personal information, please contact us at support@rawplusdry.com and we will delete that information.
9. International Data Transfers
Kurato is operated in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States.
By using Kurato, you consent to the transfer of your information to the United States and other countries where our service providers operate.
10. Cookies and Tracking
Kurato is a native mobile app and does not use cookies. However:
- We use Firebase Analytics for basic usage statistics (can be disabled in Settings)
- RevenueCat tracks subscription status
- Web pages you view through the in-app browser may set their own cookies
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes:
- We'll update the "Last Updated" date at the top
- For material changes, we'll notify you through the app or by email
- You may be required to accept the new policy to continue using the app
Your continued use of Kurato after changes constitutes acceptance of the updated Privacy Policy.
13. Regional Privacy Rights
13.1 California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed (we do not sell your data)
- Right to delete your personal information
- Right to opt out of the sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising your rights
13.2 European Union Residents (GDPR)
If you are in the European Union, you have rights under the General Data Protection Regulation:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
To exercise these rights, contact us at support@rawplusdry.com.
Summary: Key Points
- ✅ We collect account info, links you save, and usage data
- ⚠️ Links added to Projects are sent to Google Gemini AI (you must consent first)
- ✅ Links in Inbox are NOT processed by AI
- ✅ We use Firebase for storage and RevenueCat for subscriptions
- ✅ Shared projects are visible to members; private projects are not
- ✅ You can delete your account and all data anytime
- ✅ We do not sell your personal information
- ✅ Contact support@rawplusdry.com with questions
© 2026 RAW PLUS DRY LLC. All rights reserved. Kurato is a trademark of RAW PLUS DRY LLC.