Privacy Policy
Koeru · Last updated: May 2026 · Effective date: May 2026
1. Who we are
Koeru is an interactive coaching platform that turns books into personalised coaching experiences. Koeru is operated by [Your Legal Entity Name], registered in the Netherlands.
Contact:
Email: privacy@koeru.ai
Address: [Your Address], Amsterdam, Netherlands
For data protection matters: privacy@koeru.ai
2. What this policy covers
This policy explains:
- What personal data we collect
- Why we collect it
- How we use it
- Who we share it with
- How long we keep it
- Your rights under GDPR
- How to contact us
This policy applies to all users of Koeru's web and mobile applications.
3. Data we collect
3.1 Account data
When you create an account:
- Name
- Email address
- Profile photo (optional)
- Authentication provider (Google or GitHub)
Legal basis: Contract performance (Article 6(1)(b) GDPR)
3.2 Coaching profile
When you use Koeru's coaching features, we build a profile to personalise your experience. This includes:
- Your professional context (what you're working on, your role)
- Goals you've shared in sessions
- Insights and breakthroughs from your conversations
- Commitments you've made during sessions
- Behavioural patterns observed across multiple sessions (with your consent)
- What coaching approach works best for you (with your consent)
This data is generated by an AI system that synthesises your conversation transcripts at the end of each session. You can view, edit or delete this profile at any time.
Legal basis: Explicit consent (Article 6(1)(a) GDPR)
Special category data: Some coaching profile data may constitute psychological profiling under Article 9 GDPR. We obtain explicit, specific consent for this processing.
3.3 Session data
Your conversations with book coaches are stored as:
- Full message transcripts
- Session titles (auto-generated)
- Session timestamps
Legal basis: Contract performance (Article 6(1)(b) GDPR)
3.4 Commitment data
Actions you commit to during sessions:
- Commitment text
- Date created
- Date completed (if applicable)
- Status
Legal basis: Contract performance (Article 6(1)(b) GDPR)
3.5 Usage data
Standard technical data collected automatically:
- Browser type and version
- Device type and operating system
- Pages visited and features used
- Session duration
- IP address (anonymised after 30 days)
Legal basis: Legitimate interests (Article 6(1)(f) GDPR)
3.6 Payment data
If you subscribe to Koeru:
- We use Stripe for payment processing
- We do not store card numbers or payment details
- We store subscription status and billing history
Legal basis: Contract performance (Article 6(1)(b) GDPR)
4. What we never collect
- Medical or health information
- Financial account details
- Information about third parties mentioned in sessions
- Location data beyond country level
- Browsing history outside of Koeru
5. How we use your data
| Purpose | Data used | Legal basis |
|---|---|---|
| Providing the coaching service | Account data, session data | Contract |
| Personalising coaching responses | Coaching profile | Consent |
| Following up on commitments | Commitment data | Contract |
| Improving the platform | Anonymised usage data | Legitimate interests |
| Sending service emails | Email address | Contract |
| Sending optional newsletters | Email address | Consent |
| Author analytics (aggregate) | Anonymised session patterns | Legitimate interests |
| Legal compliance | As required | Legal obligation |
6. Author analytics
Authors whose books appear on Koeru receive aggregate, anonymised insights about how readers engage with their content.
What authors see:
- Most discussed chapters and themes (aggregate)
- Most common reader questions (aggregate)
- Commitment completion rates by category
- What content resonated most (aggregate)
What authors never see:
- Individual user profiles or data
- Individual session content
- Any personally identifiable information
- Patterns from fewer than 20 readers
Your control: You can opt out of contributing to author analytics at any time in Settings → Privacy and data.
7. AI processing
Koeru uses artificial intelligence in two ways:
7.1 Book coaching agents
Your messages are sent to Anthropic's Claude AI to generate coaching responses. Anthropic processes this data as a data processor under our Data Processing Agreement.
Anthropic's privacy policy: anthropic.com/privacy
7.2 Memory synthesis
At the end of each session, your conversation transcript is processed by Claude to update your coaching profile. This is automated processing.
Your right to object: You can disable coaching profile generation in Settings → Privacy and data. You can also view, edit or delete your profile at any time.
8. Data sharing
We share your data only in these circumstances:
| Recipient | Data shared | Purpose |
|---|---|---|
| Anthropic | Session messages | AI coaching responses |
| Supabase | All stored data | Database hosting (EU) |
| Stripe | Email, subscription status | Payment processing |
| Authors | Aggregate anonymised insights only | Analytics |
We never:
- Sell your personal data
- Share your data for advertising purposes
- Share individual session content with authors
- Transfer data outside the EU without adequate safeguards
9. Data storage and security
Location: All data is stored on Supabase servers in the EU (Frankfurt, Germany). Data is never transferred outside the European Economic Area without appropriate safeguards.
Security measures:
- Encryption in transit (TLS 1.3)
- Encryption at rest (AES-256)
- Row Level Security — you can only access your own data
- Regular security audits
- Access controls and audit logs
Breach notification: In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of it.
10. Data retention
| Data type | Retention period |
|---|---|
| Account data | Until account deletion |
| Session transcripts | Until account deletion |
| Coaching profile | Until account deletion or manual deletion |
| Commitment data | Until account deletion |
| Usage data | 12 months |
| IP addresses | 30 days (then anonymised) |
| Payment records | 7 years (legal requirement) |
| Backups | 90 days after deletion |
When you delete your account, all personal data is permanently deleted within 30 days, except payment records which we retain for 7 years as required by Dutch tax law.
11. Your rights under GDPR
As a user in the European Union, you have the following rights:
Right to access (Article 15)
You can request a copy of all personal data we hold about you. You can also view your coaching profile and session history directly in the app.
Right to rectification (Article 16)
You can correct inaccurate data. Your coaching profile can be edited directly in Settings → Privacy and data.
Right to erasure (Article 17)
You can delete your coaching profile, individual sessions, or your entire account. Full account deletion removes all personal data within 30 days.
Right to restriction (Article 18)
You can ask us to restrict processing of your data while a dispute is resolved.
Right to data portability (Article 20)
You can export all your data (sessions, profile, commitments) as a JSON file from Settings → Privacy and data → Export your journey.
Right to object (Article 21)
You can object to processing based on legitimate interests, including author analytics.
Rights related to automated decision-making (Article 22)
Your coaching profile is generated by automated AI processing. You have the right to request human review of this processing, object to it, or disable it entirely.
How to exercise your rights
- In-app: Settings → Privacy and data
- By email: privacy@koeru.ai
- Response time: Within 30 days
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
- Website: autoriteitpersoonsgegevens.nl
- Phone: +31 88 1805 250
12. Cookies
| Cookie | Purpose | Duration |
|---|---|---|
| session | Authentication | Session |
| preferences | UI preferences | 1 year |
| analytics | Anonymous usage (with consent) | 1 year |
We do not use advertising or tracking cookies.
You can manage cookie preferences in your browser settings or in our cookie consent banner.
13. Children
Koeru is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact privacy@koeru.ai and we will delete it promptly.
14. Changes to this policy
We will notify you by email and in-app notification at least 30 days before any material changes to this policy take effect. The “last updated” date at the top of this policy will always reflect the most recent version.
Continued use of Koeru after changes take effect constitutes acceptance of the updated policy.
15. Contact
For any privacy questions, data requests or concerns:
Email: privacy@koeru.ai
Response time: Within 30 days
Postal address:
[Your Legal Entity Name]
[Address]
Amsterdam, Netherlands
Dutch Data Protection Authority:
autoriteitpersoonsgegevens.nl