Privacy Policy

This Privacy Policy describes how KOKORO ("we," "us," or "our") collects, uses, and protects information when you use our website at kokoro.cool and our mobile applications, including Orbit (collectively, the "Services"). By using our Services, you agree to the practices described in this policy.

1. Who We Are

Company Name: KOKORO Studio
Business Type: Ontario Business Corporation
Location: Toronto, Ontario, Canada
Contact: hello@kokoro.cool

This agreement is between you and KOKORO. Apple Inc. is not a party to this Privacy Policy and has no responsibility for our Services or their content.

2. Information We Collect

We collect only what is necessary to provide our Services:

Account Information

• Email address (when you register or sign up for our newsletter)
• Authentication tokens (when you sign in via email, Sign in with Apple, or Sign in with Google)
• We do not receive your Apple ID password or full name

Device Identifier

• We collect your device's Identifier for Vendor (IDFV) — a non-personal, randomly assigned identifier shared across apps from the same developer on your device
• The IDFV is used solely to track and enforce free plan usage limits at the account level
• It is linked to your account for app functionality purposes only and is not used for advertising or cross-app tracking

Astronomical & Preference Data (Orbit App)

• Ephemeris Input (Date of Birth): We collect your date of birth solely to calculate astronomical ephemeris data (planetary alignments) for our curation engine. We do not use this data to identify you
• Streaming Preferences: We store your selected streaming platforms to filter recommendations
• Curation History: We store a private log of the films recommended to you to power the "Archive" feature and prevent algorithmic repetition

Feedback Data

• Ratings or feedback you submit on recommendations and app experiences
• Optional text notes you add to feedback submissions

Usage Data

• Session timestamps and feature interactions
• Device type, operating system version, and app version (for debugging and compatibility)

Website Data

• Email address submitted via our newsletter form
• Anonymous page-view analytics (no personal identifiers collected)

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Services
• Authenticate your account and keep it secure
• Generate personalized cinematic recommendations based on ephemeris calculations within the Orbit app
• Enforce free plan usage limits using your device identifier and account record
• Improve our recommendations and app experiences using anonymized feedback you voluntarily submit
• Send you product updates and newsletters (only if you subscribe; you may unsubscribe at any time)
• Respond to your support requests
• Comply with legal obligations

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. App Permissions

Our apps request only the device permissions needed to provide their core features. You may revoke permissions at any time through your device's Settings, though doing so may prevent some features from functioning.

5. Third-Party Services

We use the following third-party services to operate our Services. Each has its own privacy policy:

• Supabase — Authentication, database hosting, and app data storage. Stores account credentials, preferences, usage records, and app data needed to provide the Services. (Privacy Policy)
• Vercel — Backend API hosting and deployment. (Privacy Policy)
• Google — Sign in with Google authentication. (Privacy Policy)
• Apple — Sign in with Apple authentication. (Privacy Policy)
• Formspree — Newsletter form submissions on our website. (Privacy Policy)
• Google Analytics — Anonymous website traffic analytics on our website. (Privacy Policy)

We do not use any advertising SDKs or tracking frameworks. We do not request access to the Advertising Identifier (IDFA).

6. Data Retention and Deletion

We retain your data only for as long as necessary to provide our Services or as required by law.

• Account data: Retained until you request deletion
• Feedback data: Retained to improve our Services; you may request deletion at any time
• Consent records: Retained for legal compliance purposes
• Newsletter: Retained until you unsubscribe

Account Deletion: You may delete your account and all associated data at any time directly within our apps (e.g., via Settings → Delete Account). This action is immediate and irreversible. All your data, including feedback records, preferences, curation history, and usage records, will be permanently erased from our systems via a cascading deletion process.

You may also request deletion by emailing hello@kokoro.cool. We will process your request within 30 days.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request that we correct inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a structured, machine-readable format
• Withdrawal of Consent: Withdraw consent for data processing at any time
• Opt-Out: Unsubscribe from marketing emails at any time

To exercise any of these rights, contact us at hello@kokoro.cool. We will respond within 30 days. We do not discriminate against users who exercise their privacy rights.

8. Data Security

We implement industry-standard security measures to protect your information, including:

• Encrypted data transmission (HTTPS/TLS) for all network requests
• Authentication tokens stored securely in your device's Keychain
• Row-Level Security (RLS) enforced at the database level — users can only access their own data
• Private, access-controlled cloud storage for app data
• Access to personal data restricted to authorized personnel only

While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

Our Services are not directed to children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verified parental consent, we will take steps to delete that information promptly.

If you believe we may have collected information from a child, please contact us at hello@kokoro.cool.

10. International Data Transfers

KOKORO is based in Canada. Our third-party service providers may process and store data in the United States and other countries. By using our Services, you consent to the transfer of your information to these countries, which may have different data protection laws than your jurisdiction.

We ensure that any international transfers are conducted under appropriate safeguards, including standard contractual clauses where required.

11. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information we collect, disclose, or sell; the right to delete your personal information; and the right to non-discrimination for exercising these rights. We do not sell personal information. To exercise your rights, contact us at hello@kokoro.cool.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For significant changes, we will notify you via email (if subscribed) or through a notice in our app. We encourage you to review this policy periodically. Your continued use of our Services after changes become effective constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

KOKORO Studio
Toronto, Ontario, Canada
hello@kokoro.cool