Skip to main content
KOAP

Privacy Policy

Last updated: October 9, 2025

1. Introduction

KOAP ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cooperative management platform (the "Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us:

  • Account Information: Name, email address, username, password
  • Organization Information: Organization name, type, address, member details
  • Profile Information: Phone number, role, preferences
  • Payment Information: Billing address, payment method details (processed securely by Stripe)
  • Financial Data: Bank account connections via Plaid, transaction data, financial reports
  • Communications: Messages, support tickets, feedback, and other communications with us
  • Organization Data: Bylaws, proposals, votes, meeting notes, maintenance requests, documents, and other content you upload

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

  • Usage Data: Pages viewed, features used, time spent, click patterns
  • Device Information: IP address, browser type, device type, operating system
  • Cookies: Session cookies, preference cookies, analytics cookies
  • Log Data: Access times, error logs, API requests

2.3 Information from Third Parties

We may receive information from:

  • Plaid: Bank account information, transaction data
  • Stripe: Payment processing data, subscription status
  • Authentication Providers: If you sign in using OAuth (e.g., Google)

3. How We Use Your Information

We use collected information for the following purposes:

  • Provide the Service: Manage accounts, process transactions, enable features
  • Improve the Service: Analyze usage patterns, fix bugs, develop new features
  • Communications: Send account notifications, updates, newsletters (with consent)
  • Customer Support: Respond to inquiries, troubleshoot issues
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Compliance: Meet legal obligations, enforce our Terms of Service
  • Analytics: Understand user behavior, preferences, and trends
  • Marketing: Send promotional materials (only with your consent)

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on:

  • Contract: Processing necessary to provide the Service you requested
  • Consent: You have given explicit consent for specific purposes
  • Legitimate Interests: Processing necessary for our business operations (e.g., analytics, security)
  • Legal Obligation: Processing required to comply with law

5. How We Share Your Information

5.1 Within Your Organization

Information you upload is shared with other members of your organization according to the permissions you set.

5.2 Service Providers

We share data with trusted third-party service providers:

  • Supabase: Database hosting, authentication
  • Vercel: Application hosting and delivery
  • Stripe: Payment processing
  • Plaid: Bank account connections
  • Email Service Providers: Transactional and marketing emails
  • Analytics Providers: Usage analytics

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

5.3 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Investigate fraud or security issues
  • Protect the safety of users or the public

5.4 Business Transfers

If KOAP is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

5.5 With Your Consent

We may share your information for purposes not listed above with your explicit consent.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: Data encrypted in transit (TLS) and at rest (AES-256)
  • Access Controls: Role-based access, principle of least privilege
  • Authentication: Secure password requirements, session management
  • Infrastructure: SOC 2 compliant hosting (Supabase)
  • Monitoring: Security logging, intrusion detection
  • Backups: Regular automated backups with encryption

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

7. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain security and prevent fraud

When you delete your account, we retain your data for 30 days to allow for recovery, after which it is permanently deleted. However, we may retain certain data longer if required by law or for legitimate business purposes (e.g., backups, legal holds).

8. Your Rights and Choices

8.1 Access and Portability

You have the right to access your personal data and request a copy in a portable format. You can export your data through your account settings or by contacting us.

8.2 Correction

You can update your account information and organization data at any time through the Service.

8.3 Deletion (Right to be Forgotten)

You can request deletion of your account and personal data by contacting us at privacy@koap.app. We will delete your data within 30 days, except where retention is required by law.

8.4 Restrict Processing

You can request that we limit how we use your data in certain circumstances.

8.5 Object to Processing

You have the right to object to our processing of your data for direct marketing or based on legitimate interests.

8.6 Withdraw Consent

Where we process data based on consent, you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

8.7 Opt-Out of Marketing

You can unsubscribe from marketing emails using the link in each email or by updating your preferences in account settings.

9. Cookies and Tracking Technologies

9.1 What We Use

  • Essential Cookies: Required for authentication and basic functionality
  • Analytics Cookies: Help us understand usage patterns
  • Preference Cookies: Remember your settings and choices

9.2 Your Choices

Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, disabling cookies may affect the functionality of the Service.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States.

When we transfer data from the EEA to other countries, we ensure adequate safeguards are in place through:

  • Standard Contractual Clauses approved by the EU Commission
  • Data Processing Agreements with service providers that comply with GDPR
  • Adequacy decisions where applicable

11. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to Know: Request information about data we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of sale of personal information (Note: We do not sell personal information)
  • Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at privacy@koap.app.

13. Do Not Track Signals

We do not currently respond to Do Not Track (DNT) browser signals, as there is no industry standard for compliance.

14. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending an email notification (for significant changes)
  • Displaying a notice in the Service (for significant changes)

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@koap.app

Data Protection Officer: dpo@koap.app

KOAP
Cooperative Management Platform

17. Supervisory Authority

If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

Your Privacy Matters

We are committed to protecting your privacy and being transparent about our data practices. If you have any questions or concerns, please don't hesitate to reach out.