Koolbase

Koolbase

LEGAL

Privacy Policy

How Koolbase collects, uses, and protects your information.

Last Updated: 2026-04-04

Summary: We collect only what we need to provide the Services, we do not sell your data, and you remain in control of your information at all times.

1. Introduction

Koolbase (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our web dashboard, Flutter SDK, APIs, and associated services (collectively, the “Services”).

This policy applies to two categories of people: (1) Customers — developers and organizations who create a Koolbase account and build applications using our platform; and (2) App Users — end-users of our Customers' mobile applications whose data may be stored on Koolbase infrastructure through the Koolbase SDK.

By using the Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not access or use the Services.

2. Information We Collect

a. Information You Provide (Customers)

When you register for a Koolbase account or use the Services, we collect:

email_addressUsed for account creation, authentication, and communications
full_nameUsed for account personalization and support
organization_nameUsed to identify your team and manage multi-user access
billing_infoCollected when upgrading to a paid plan (processed by our payment provider)
api_keysGenerated by us and used to authenticate your SDK and API requests

b. App User Data (via SDK)

When you integrate the Koolbase SDK into your mobile application, data belonging to your App Users may be stored on Koolbase infrastructure. This includes authentication records (email, hashed passwords, session tokens), database records you create using the Koolbase database service, and files uploaded using the Koolbase storage service. Koolbase processes this data solely on your behalf as a data processor. You, the Customer, are the data controller responsible for this data.

c. Automatically Collected Data

When you use the Services, we automatically collect:

  • Usage Data: Pages visited, features used, API calls made, and dashboard interactions
  • Device & Technical Data: ip_address, browser_type, operating system, and unique_device_identifiers
  • Log Data: Server logs including request timestamps, response times, and error reports
  • SDK Analytics: Anonymized SDK initialization counts, feature flag evaluation counts, and API response times — used to monitor platform health

3. How We Use Your Data

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Services, including the dashboard, APIs, and SDK infrastructure
  • To authenticate users, manage sessions, and enforce access control across your projects and environments
  • To process payments and manage billing for paid plan subscriptions
  • To send transactional emails including account verification, password resets, and billing notifications
  • To monitor platform health, detect abuse, and prevent fraudulent or unauthorized access
  • To improve and develop the Services using aggregated, anonymized usage data
  • To respond to support requests, questions, and feedback
  • To comply with legal obligations and enforce our Terms of Service

Important: We do not sell your personal data or your App Users' data to any third party. We do not use Customer Data for advertising purposes.

4. Data Sharing

We may share your information in limited circumstances:

Service Providers

We share data with trusted third-party providers that help us operate the Services, including cloud infrastructure providers, payment processors, and email delivery services. These providers are contractually obligated to protect your data and may only use it to perform services on our behalf.

Legal Requirements

We may disclose your information if required by law, subpoena, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Koolbase, our customers, or the public.

Business Transfers

If Koolbase is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or dashboard notice before your data is transferred and becomes subject to a different privacy policy.

With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5. Cookies & Tracking

We use cookies and similar tracking technologies to operate and improve the Services. Cookies are small data files stored on your device that help us recognize you and remember your preferences.

Essential CookiesRequired

Required for the dashboard to function. These include your session token and authentication state. You cannot opt out of these while using the Services.

Analytics Cookies

Used to understand how you interact with the dashboard so we can improve the product. These are anonymized and never tied to personally identifiable information.

Preference Cookies

Remember your dashboard settings and preferences across sessions.

You can control cookies through your browser settings. For more detail, see our Cookie Policy.

6. Data Retention

We retain your personal data only for as long as necessary to provide the Services and fulfill the purposes described in this policy, or as required by applicable law.

  • Account Data: Retained for the duration of your account. Upon account deletion, we delete your personal data within 30 days, except where retention is required by law.
  • Customer Data (App User Data): Deleted within 30 days of account termination. You may export your data at any time via the dashboard before termination.
  • Log Data: Server and access logs are retained for up to 90 days for security and debugging purposes.
  • Billing Records: Retained for up to 7 years as required for tax and financial compliance purposes.

7. Your Rights

Depending on your location, you may have certain rights regarding your personal data. We respect and honor these rights:

Access & Portability

Request a copy of the personal data we hold about you in a portable format.

Rectification

Request correction of inaccurate or incomplete personal data.

Erasure

Request deletion of your personal data, subject to legal retention requirements.

Restriction

Request that we limit how we process your data in certain circumstances.

Objection

Object to our processing of your data for legitimate interests or direct marketing.

Withdraw Consent

Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at techfinityedge@gmail.com. We will respond within 30 days.

Note for App Users: If you are an end-user of a mobile application built on Koolbase, your data rights should be exercised with the developer of that application, who is the data controller for your data.

8. Security

We implement commercially reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, or disclosure. Our security practices include:

TLS encryption for all data in transit between the SDK, APIs, and our servers
AES-256 encryption for sensitive data at rest, including secrets and API keys
bcrypt hashing for all stored passwords — plaintext passwords are never stored
JWT-based session management with short-lived access tokens
Isolated project environments — data from one project cannot access another
Regular security reviews and dependency audits

Important: No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and API keys.

9. International Transfers

Koolbase operates globally and your information may be processed and stored in countries other than your own. These countries may have different data protection laws than your jurisdiction.

When we transfer personal data across borders, we take appropriate safeguards to ensure that your data receives the same level of protection it would in your home jurisdiction. If you are located in the European Economic Area (EEA), we ensure that any international transfer of your data is subject to appropriate legal mechanisms.

10. Children's Privacy

The Koolbase platform is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at techfinityedge@gmail.com and we will delete such information promptly.

If you are a Customer building applications that may be used by children, you are responsible for complying with all applicable laws regarding children's data, including COPPA and applicable local legislation.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) or by posting a prominent notice in the dashboard at least 30 days before the changes take effect.

We encourage you to review this Privacy Policy periodically. The “Last Updated” date at the top of this page reflects the most recent revision. Your continued use of the Services after the effective date of changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a privacy-related concern, please contact us:

Email: techfinityedge@gmail.com

We aim to respond to all privacy inquiries within 5 business days.