Privacy Policy

Last updated: February 22, 2026

1. Information We Collect

We collect and process the following categories of information:

Account Information. When you create an account, we collect:

  • Email address (required) — used for authentication and account identification
  • Full name (optional) — used for display within the application
  • Avatar URL (optional) — used for profile display
  • Preferred country code — used to determine your billing currency
  • Preferred currency code — used for pricing display

Account authentication is handled by Supabase. When you sign up, your account is created in Supabase's authentication system and synced to our application database.

Content You Create. We store all content you create within KriRam, including:

  • SOPs (titles, purposes, categories, frequencies, statuses)
  • SOP steps (instructions, checklist items, expected outputs)
  • SOP versions (immutable snapshots created when you publish)
  • Tags for categorization
  • Execution records (start times, completion times, step-by-step progress, notes)
  • Workspace names and membership information

Billing Information. When you subscribe to a paid plan, your payment information (credit card number, billing address) is collected and processed directly by Stripe. KriRam does not store your full payment card details. We store your Stripe customer ID and subscription details for managing your subscription.

AI Feature Usage Metadata. When you use the AI Text-to-SOP feature, we log:

  • Your user ID and workspace ID
  • The AI provider used (currently OpenAI)
  • Input and output text lengths (character count)
  • Estimated processing cost
  • Timestamp of the request

We do not permanently store the full text of your AI input or the generated output in our audit logs.

Browser Storage. The Supabase authentication library uses browser cookies to manage your authenticated session. Our workspace selection feature uses browser localStorage to remember your last active workspace.

2. How We Use Your Information

We use your information for the following purposes:

  • To provide the Service. Your email and name are used to identify your account. Your SOPs, steps, and execution data are stored to deliver core product functionality.
  • To process payments. Your Stripe customer ID and subscription details are used to manage billing, process payments, and enforce plan limits.
  • To provide AI features. When you use AI Text-to-SOP, your input text is sent to OpenAI for processing. Usage metadata is logged for cost tracking and abuse prevention.
  • To enforce plan limits. Your plan tier and subscription status determine which features you can access and how many SOPs you can create.
  • To communicate with you. We may use your email address to send important account notifications, such as subscription confirmations or payment receipts (via Stripe). We do not currently send marketing emails.

We process your personal data under the following legal bases: contract performance (to provide the services you signed up for), legitimate interest (to improve service quality and prevent abuse), and consent (for AI features that send your text to third-party providers).

3. Third-Party Services

KriRam relies on the following third-party services to operate. Each service has its own privacy policy:

Supabase

  • Purpose: User authentication and session management
  • Data shared: Email address, authentication tokens

Stripe

  • Purpose: Payment processing, subscription management, billing portal
  • Data shared: Email address, payment details you provide at checkout, subscription information
  • Stripe handles all payment card processing. KriRam does not store or have access to your full card number.

OpenAI

  • Purpose: AI Text-to-SOP feature
  • Data shared: The text you provide when using the AI feature
  • We recommend reviewing OpenAI's data usage policies if you have concerns about how your input text may be used.

Google Cloud Platform

  • Purpose: Hosting the KriRam API
  • Data shared: All application data passes through Google Cloud infrastructure

We do not sell your personal data to any third party. We do not share your data with third parties for advertising purposes.

4. Data Storage and Security

Your application data is stored in a PostgreSQL database hosted by Supabase. Database connections use SSL encryption.

The KriRam API runs on Google Cloud Run, which provides automatic encryption of data in transit via HTTPS.

Authentication is handled by Supabase using industry-standard JWT tokens. The application uses role-based access control with four levels (Owner, Admin, Editor, Viewer) to restrict access within workspaces.

All payment processing is handled by Stripe, which is PCI DSS Level 1 compliant. KriRam does not process or store payment card numbers.

While we implement reasonable security measures, no method of electronic storage or transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

5. Data Retention

Active accounts. We retain your data for as long as your account remains active and you continue to use the Service.

SOP deletion. When you delete a SOP, it is permanently removed from our database along with all associated steps, tags, versions, and execution records. This deletion is irreversible.

Member removal. When a member is removed from a workspace, their membership record is deleted. SOPs and executions created by that member remain in the workspace.

Subscription cancellation. When you cancel your subscription, your data is retained and your workspace reverts to Free plan limits at the end of the billing period. Your content is not deleted upon cancellation.

Account deletion. KriRam does not currently offer self-service account deletion. If you wish to have your account data removed, please contact us at support@light2glow.com. Upon receiving a valid deletion request, we will delete your account data within 30 days.

AI request logs. AI usage metadata (input/output lengths, costs, timestamps) is retained for billing reconciliation and abuse prevention.

6. Your Rights

Access your data. You can access all your SOPs, executions, and workspace data through the KriRam application at any time.

Correct your data. You can edit your SOPs, steps, and workspace settings through the application.

Delete your content. You can delete individual SOPs through the application. Deleting a SOP permanently removes all associated data.

Cancel your subscription. You can cancel your paid subscription at any time through the Stripe billing portal.

Request account deletion. To request deletion of your entire account, contact us at support@light2glow.com.

Current limitations. KriRam does not currently offer:

  • Bulk data export or download
  • Self-service account deletion
  • Automated data portability

We are working to add these capabilities in future releases.

California residents. Under CCPA, you have the right to know what data we collect, request deletion, and opt out of data sales. We do not sell personal data. To exercise your rights, email support@light2glow.com.

EU residents. You may have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority.

7. Children's Privacy

KriRam is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and you believe your child has provided us with personal information, please contact us at support@light2glow.com and we will take steps to delete that information.

8. Cookies and Tracking

Authentication cookies. KriRam uses cookies set by the Supabase authentication library to manage your authenticated session. These are functional cookies required for the Service to operate.

Local storage. KriRam uses browser localStorage to remember your most recently active workspace. This is a functional preference that improves your experience.

Analytics. KriRam uses Google Analytics 4 to collect anonymized usage data such as page views, traffic sources, and general user demographics. This helps us understand how our service is used and improve it. Google Analytics uses cookies to distinguish unique users. We also use PostHog for product analytics within the application to understand feature usage and improve the user experience. We do not use advertising cookies or track your activity across other websites.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes, we will update the "Last Updated" date at the top of this page.

For material changes that significantly affect how we collect or use your personal information, we will make reasonable efforts to notify you through the email associated with your account.

10. Contact Information

If you have questions or concerns about this Privacy Policy or how your data is handled, please contact us:

  • General support and privacy inquiries: support@light2glow.com
  • Sales inquiries: sales@light2glow.com