Privacy Policy

Last updated: 24 October 2025

Operator: An individual trading as “Koral” (sole trader)
General contact: support@koral.style
Privacy contact: privacy@koral.style
Service address for legal notices: [to be provided; until then contact support@koral.style]

This Privacy Policy explains how Koral (“Koral”, “we”, “us”) collects, uses, and shares personal data when you use our website/app and related services (the Service). Koral is a UK-based controller and processes personal data in accordance with UK-GDPR and the Data Protection Act 2018. Read this with our Terms of Service.

• Account Data: email, password hash, age band/parental consent status (where applicable), preferences, subscription status; name if provided.
• Search Inputs: images and text you submit (may include faces), captions, and metadata (device/browser, timestamps).
• Usage & Technical Data: IP address, device identifiers, app version, pages viewed, clicks, crash logs, cookies/SDK data.
• Payment & Subscription Data: billing details, plan, transaction IDs (processed via our payment processor; we do not store full card numbers).
• Communications: support messages, feedback, abuse reports.
• Derived Data: de-identified or aggregated analytics and model signals (e.g., quality metrics, match rates).

• Provide the Service (Contract): accounts, processing searches, generating suggestions, security/availability.
• Improve the Service & R&D (Legitimate Interests; Consent where required): use de-identified/aggregated data from searches/usage to improve accuracy/performance and to train/fine-tune models (internally or via vendors).
• Payments (Contract): manage subscriptions, renewals, taxes, receipts.
• Communications (Legitimate Interests/Contract): service emails, alerts, support.
• Analytics/Personalisation (Legitimate Interests/Consent): understand usage; improve UX; personalise features (if enabled).
• Legal/Compliance (Legal Obligation/Legitimate Interests): fraud prevention, abuse handling, record-keeping, enforcing Terms.

Where we rely on consent (e.g., certain cookies, parental consent, marketing), you may withdraw consent at any time.

• Not for children under 13.
• Ages 13–15: only with verifiable parental/guardian consent (we may request limited data to verify).
• Ages 16+: permitted.

If we learn we processed data contrary to these rules, we will delete it.

We use third-party providers to deliver the Service, including AI inference vendors, hosting, storage/backups, logging/monitoring, analytics, payments, email delivery, and support tools. These providers act as our processors and may only process data under our instructions and with appropriate safeguards. We share only what is necessary; where possible we apply de-identification and minimisation.

Some processors may be outside the UK/EEA. Where transfers occur, we implement lawful transfer tools (e.g., UK IDTA, UK Addendum to EU SCCs, adequacy decisions) and apply additional safeguards where appropriate.

• Account Data: for the life of your account and up to 6 years after closure (queries, tax/audit, disputes).
• Search Inputs: for as long as needed to provide the Service; on deletion request, removed from active systems within a reasonable time; backups/logs purge on rolling schedules.
• Transactions: retained per legal obligations.
• Aggregated/De-identified Data: may be retained indefinitely.

You can access, rectify, erase, restrict, object (including to processing based on legitimate interests), port your data, and withdraw consent. You also have rights around automated decision-making where applicable. To exercise rights, email privacy@koral.style. You can complain to the ICO if you are unhappy with our response.

We use reasonable technical and organisational measures (encryption in transit, access controls, least-privilege, monitoring, backups). No method is 100% secure.

We use:

• Strictly necessary cookies (login, session, fraud prevention).
• Analytics/performance cookies (with consent in UK/EEA).
• Preference cookies (e.g., theme).

Non-essential cookies load only after consent in the UK/EEA. You can manage cookies in your browser and, where available, via our consent banner. Rejecting non-essential cookies may affect features.

You can request deletion of searches and/or account via settings or support@koral.style. We delete from active systems within a reasonable period and from backups/logs on scheduled cycles. We may retain certain data where required by law or for legitimate interests (e.g., fraud prevention).

We may update this Privacy Policy. If changes are material, we’ll notify you (e.g., email or in-app) and indicate the effective date. Continued use after the effective date constitutes acceptance.

Privacy requests: privacy@koral.style
General support: support@koral.style
Legal notices: legal@koral.style