Skip to content
Komora

Privacy Policy

Last updated:

Your trust is our main asset. We build Komora on the principle of ‘Privacy by Design’. This policy explains how we handle your inventory data.

1. Information We Collect

1.1. Personal Information

  • Account Data: We collect your email address via sign-in to create your account and synchronize data across devices.
  • User Content: We store the inventory data you create: item names, descriptions, categories, photos, and expiration dates.
  • IMPORTANT: We DO NOT intentionally collect and strictly PROHIBIT users from uploading sensitive personal documents (passports, bank cards, SSNs, etc.). Komora is designed for property inventory, not for the storage of sensitive PII.

1.2. Automated Data

  • Camera & Photos: We require access to your device’s camera strictly to enable the “AI Capture” feature.
  • Usage Data: We collect anonymous data about app performance (e.g., crash logs) to improve stability.

2. Artificial Intelligence (AI) Usage

Komora uses Google Gemini Vision technology to analyze images and generate item descriptions.

  • Data Collected & Sent: We collect images of your items and optional text descriptions, which are securely transmitted to Google’s servers for AI analysis.
  • Purpose & Usage: This data is used strictly for identifying the item and generating a title and description to save you time.
  • Privacy & Third-Party Protection: We do not use your personal photos or inventory data to train public AI models. Google processes data as a sub-processor in accordance with the Google Cloud Data Processing Addendum (DPA) and their Service Specific Terms. Images processed by Gemini are transient and are neither used for model training nor retained beyond the immediate API request.

3. Data Storage & Security

Your data is stored on secure servers (PostgreSQL) using industry-standard encryption. We use trusted cloud providers to host our services.

Security Notice: Our infrastructure is optimized for rapid inventory data access via CDN. It is NOT a specialized cryptographic vault for storing government-issued IDs or sensitive financial information. By uploading such data against our Terms of Service, you assume all risks associated with the security of such data types.

4. Third-Party Services

We may use the following trusted third-party services:

  • RevenueCat & Stripe: To process payments and manage subscriptions. We do not store your credit card details.
  • Google Cloud / Firebase: For infrastructure, hosting, and AI processing.
  • Sentry: For error tracking and performance monitoring.

5. Your Rights

You have full control over your data. You have the right to:

  • Request an export of your data.
  • Delete your account and all associated data directly within the app settings.

6. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: support@maxfromzero.com

7. GDPR Compliance & Privacy Information

7.1. Lawful Basis for Processing (Art. 6)

We process your personal data under the following lawful bases:

  • Consent: For optional features like AI analysis and marketing communications.
  • Contractual Necessity: To provide the core inventory management service you registered for.
  • Legitimate Interest: To ensure app security, prevent fraud, and improve performance (e.g., error tracking).

7.2. Data Retention Period

We retain your active data as long as your account exists. If you delete your account, your profile and associated data are purged immediately from our active databases. Soft-deleted items (e.g., moved to trash) are permanently deleted after 30 days. Backups are cleared within 30 days of account deletion.

7.3. Cross-Border Data Transfers

As our servers and third-party processors (such as Google Cloud, RevenueCat, and Sentry) are primarily located in the United States, your data may be transferred outside the European Economic Area (EEA). We ensure these transfers are protected by standard contractual clauses or equivalent legal safeguards.

7.4. Automated Decision Making (Art. 22)

We use AI (Google Gemini Vision) to automatically identify items from photos and generate descriptions. This constitutes automated processing, but it has no legal or significant effect on you.

7.5. Your GDPR Rights & Right to Lodge a Complaint

In addition to the rights listed in Section 5, you have the right to restrict processing, object to processing, and lodge a complaint with a supervisory authority in your country of residence if you believe your data privacy rights have been violated.

7.6. Data Protection Officer (DPO)

Given the scale and nature of our data processing, we are not legally required to appoint a DPO. However, privacy inquiries can be directed to our support email.