MMakora Home

Legal

Privacy Policy

Last updated June 23, 2026

This Privacy Policy explains what information Makora(“we”, “us”) collects, how we use it, who we share it with, and the choices you have. It reflects the technologies the application actually uses. By using the Service you agree to this policy.

1. Information we collect

  • Account information — your email address and password credentials (passwords are handled and stored by our authentication provider, Supabase, not by us in plain text), and an optional display name.
  • Content you submit — the ideas, prompts, project details, generated analyses, and builds associated with your account.
  • Usage & account data — actions you take, credits consumed, subscription tier and status, and timestamps.
  • Payment information — when you subscribe, your payment details are collected and processed by Stripe. We receive limited billing metadata (such as subscription status and the plan purchased); we do not store your full card number.
  • Technical/operational data — standard request information (such as IP address and request metadata) processed by our hosting provider, Vercel, to deliver and secure the Service, including rate-limiting.

2. How we use your information

  • To provide, operate, maintain, and improve the Service.
  • To process your idea analyses, improvements, and builds.
  • To manage your account, subscription, and credit balance.
  • To secure the Service, enforce limits, prevent abuse, and comply with law.
  • To communicate with you about your account, security, and the Service.

3. AI processing

When you request an analysis, idea improvement, or build, the content you submit is sent to our AI provider, Anthropic (the Claude API), to generate a response. All AI requests are made server-side; our AI provider keys are never exposed to your browser. If no AI provider is configured, the Service falls back to a local, deterministic engine and your content is not sent to a third-party model. We do not sell your content, and we do not use it for third-party advertising.

4. Service providers (subprocessors)

We rely on the following providers to run the Service:

  • Supabase — authentication and Postgres database (stores your account, projects, and usage data).
  • Anthropic — AI model provider that processes prompts to generate analyses and builds.
  • Stripe — payment processing for subscriptions.
  • Vercel — application hosting and content delivery.

These providers process data on our behalf under their own terms and security commitments. We are not currently running a third-party analytics or advertising tracker.

5. Cookies

We use essential cookies set by our authentication provider to keep you signed in and to operate the Service. These are necessary for the Service to function; we do not use advertising or cross-site tracking cookies.

6. Data storage & security

Your account data and projects are stored in a Postgres database with row-level security, so that each account can access only its own records. Sensitive operations run server-side, and privileged keys are never exposed to the browser. We use reasonable technical and organizational measures to protect your data, but no system can be guaranteed completely secure.

7. Data sharing

We do not sell your personal information. We share data only with the subprocessors listed above to operate the Service, and where required by law or to protect our rights, users, or the Service.

8. Data retention

We retain your information for as long as your account is active or as needed to provide the Service and meet legal obligations. You may request deletion of your account and associated data as described below. (Specific retention periods should be confirmed by the operator.)

9. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can update your profile from your account settings, or contact us to exercise these rights.

10. International transfers

Our providers may process data in countries other than yours. Where required, such transfers are carried out under appropriate safeguards.

11. Children

The Service is not directed to children under 13 (or the age of digital consent in your jurisdiction), and we do not knowingly collect their personal data.

12. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above.

13. Contact

Questions or requests about your privacy? Contact us at eavila5680@gmail.com.