Privacy Policy

Effective date: 24 March 2026

Kolvera is operated by Zionic Group Pty Ltd (ABN 51 689 146 861), a company registered in Australia. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our platform at kolvera.io and any related services.

By using Kolvera, you consent to the data practices described in this policy. If you do not agree, please do not use the service.

1. Information We Collect

Account information: When you register, we collect your name, email address, and password. If you sign in via Google or another OAuth provider, we receive your name, email, and profile photo from that provider.

Billing information: Payment details (credit card number, billing address) are collected and processed securely by Stripe. We do not store your full card number on our servers.

Usage data: We collect information about how you use the platform, including pages visited, features used, campaigns created, emails sent, and calls made. This helps us improve the service.

Business data you provide: Contacts, companies, email content, call recordings, transcripts, and notes you create or import into Kolvera.

Automatically collected data: IP address, browser type, operating system, device information, and access times via server logs.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Kolvera platform
• Process transactions and send billing-related communications
• Send service-related emails (account verification, security alerts, feature updates)
• Provide customer support
• Analyse usage patterns to improve the product
• Enforce our Terms of Service and prevent abuse
• Comply with legal obligations

We do not sell your personal information to third parties.

3. Cookies and Tracking

Kolvera uses essential cookies to maintain your login session and CSRF protection. We may also use analytics services to understand aggregate usage patterns.

You can control cookie settings through your browser. Disabling essential cookies may prevent you from using the platform.

4. Third-Party Services

We integrate with the following third-party services, each governed by their own privacy policies:

• Stripe — Payment processing. Card details are handled directly by Stripe and never touch our servers.
• Google — OAuth sign-in (optional). We receive only your name, email, and profile photo.
• Twilio — Voice calling infrastructure. Call metadata and recordings are processed through Twilio's platform.
• Deepgram — Real-time call transcription. Audio is streamed to Deepgram for processing and is not stored by them beyond the session.
• Anthropic — AI-powered email generation and call analysis. Text data is sent to Anthropic's API for processing.
• Research providers — Company research. Public company information is retrieved on your behalf via third-party search APIs.

5. Data Storage and Security

Your data is stored on servers hosted by Railway (cloud infrastructure). We use industry-standard security measures including:

• HTTPS/TLS encryption for all data in transit
• Encrypted database connections
• Hashed passwords (bcrypt)
• CSRF protection on all form submissions
• Rate limiting to prevent abuse
• Multi-tenant data isolation (each account's data is separated by tenant ID)

While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure.

6. Data Retention

We retain your account data for as long as your account is active. If you cancel your subscription, your data is retained for 30 days to allow for reactivation, after which it is permanently deleted.

Call recordings and transcripts are retained for the duration of your active subscription. You may delete individual call records at any time.

Server logs (containing IP addresses and access times) are retained for up to 90 days for security and debugging purposes.

7. Your Rights

Depending on your jurisdiction (including under the Australian Privacy Act 1988), you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Export your data in a portable format
• Withdraw consent for optional data processing
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

To exercise any of these rights, contact us at privacy@kolvera.io.

8. International Data Transfers

Our servers and some third-party services may be located outside of Australia. By using Kolvera, you consent to the transfer of your data to these locations. We ensure that appropriate safeguards are in place consistent with Australian Privacy Principles.

9. Children's Privacy

Kolvera is a business-to-business platform and is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.

10. Chrome Extension — Data Collection & Privacy

This section covers the Kolvera LinkedIn Prospect Finder Chrome extension, available on the Chrome Web Store.

What data the extension collects:

When you click Save on a LinkedIn profile, the extension reads the following data from the page you are viewing:

• Full name
• Job title
• Current employer / company name
• Location (city/state as shown on LinkedIn)
• LinkedIn profile URL

No data is collected automatically. Data is only sent to Kolvera when you explicitly click the Save button.

Where data is sent:

Contact data is sent to Kolvera's servers at kolvera.io via HTTPS and stored in your Kolvera account. It is not shared with any third parties.

What data is stored locally:

Your Kolvera API token is stored in Chrome's local extension storage (chrome.storage.local) on your device only. It is never transmitted except as an authentication header to kolvera.io.

LinkedIn compliance:

This extension reads publicly visible profile data from pages you actively visit. It does not scrape LinkedIn in the background, does not use LinkedIn's API, and does not store LinkedIn credentials.

Data deletion:

To delete contact data saved via the extension, delete the contact from your Kolvera account. To remove your API token from the extension, click Disconnect in the extension settings.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a notice within the platform. Continued use of Kolvera after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or our data practices, contact us at:

Kolvera (Zionic Group Pty Ltd)
Australia
privacy@kolvera.io
hello@kolvera.io