Privacy Policy
Last updated: 2026-06-17
This is the privacy policy for kura (kuracms.com). It explains what personal information we collect, why we collect it, who we share it with, and what you can do about it.
kura is a content editor for AI-built websites. Two kinds of people use it: the account owner (the developer or builder who signs up and pays) and the editors they invite to update a site's content. This policy covers both.
A note on your site's content: the content you and your editors put into kura (text, prices, photos, and so on) is your data. We store and serve it on your behalf, we don't use it for anything other than running your project, and you can export all of it as JSON at any time.
What we collect
- Account information - your email address. If you sign in with Google, Microsoft, or GitHub, the name and avatar image that provider shares with us.
- Editor information - for each editor you invite, their email address, and their name and avatar if they sign in with a social provider.
- Your project content - the content types, fields, entries, and uploaded images you create. This is the content your website reads. It lives in a database dedicated to your project, separate from every other customer.
- Subscription status - if you have a paid subscription, a record of the subscription and billing period. We don't see or store your payment card details; those are held by Stripe.
- Usage information - per-project counters (such as API request volume) so we can run the service and understand load.
- Technical information - standard server logs (IP address, browser type, timestamps) generated when you or your editors use the admin or when a frontend calls the API. We use these to keep the service secure and to debug problems.
- Anonymous usage analytics - we use Umami, a privacy-friendly, cookieless analytics tool that we self-host on our own infrastructure, to understand how visitors use the site. It records aggregate page views, referring sites, approximate (country-level) location, and a few interaction events such as opening a demo. It sets no cookies, collects no personally identifiable information, and does no cross-site tracking. Because we self-host it, this data is not sold or sent to any advertising network.
Why we collect it
To provide your account and your editors' accounts; to store and serve your project content through the admin and the API; to process your subscription; to keep the service secure; and to understand usage so we can run and improve it.
We don't sell your information, don't use it for advertising, and don't share it with marketing partners.
Who we share it with
We use a small set of other companies to run kura. None of them get your data for their own marketing.
- Cloudflare - hosts the service and stores your data: the application runs on Cloudflare Workers, your project content sits in Cloudflare D1 databases, uploaded images in Cloudflare R2 and Cloudflare Images, and a cache layer in Cloudflare KV.
- Stripe - handles paid subscriptions and payment cards. Your card details go to Stripe directly and are never stored by us.
- Resend - sends our automated emails, principally the magic links you use to sign in.
- Google, Microsoft, or GitHub - only if you choose to sign in with one of them.
- Legal authorities - when required by law.
Some of these companies operate from the United States and other countries; using kura means your information may be processed there.
How long we keep it
- Account, editor, and project content: while your project is active. If your subscription lapses, your project is paused rather than deleted, so you don't lose anything by missing a payment. You can delete your project, and the data tied to it, at any time.
- Subscription and billing records: seven years, for tax compliance.
- Technical logs: a short rolling window, then discarded.
When you delete a project, its dedicated database and uploaded media are removed. You can export everything as JSON before you go.
Your rights
You can ask us to:
- show you the information we hold about you
- correct anything that's wrong
- delete your account, your project, and the data tied to it
- stop using your data for a particular purpose
- withdraw consent you've previously given
You can also complain to a privacy regulator if you think we've got something wrong - in New Zealand that's the Office of the Privacy Commissioner.
Email support@kuracms.com to use any of these rights.
Children
kura is a tool for building and running websites and isn't aimed at children under 16. We don't knowingly collect personal information from anyone that age. If you think we have, let us know and we'll delete it.
Changes
We'll update this page if we change how we handle your information. The "Last updated" date at the top will reflect the latest version; significant changes will also be emailed to account owners.
kura is a brand of Hopper Limited (New Zealand company number 9420902). For any privacy-related question, contact support@kuracms.com.