KopiAI Privacy Policy
Last Updated: June 8, 2026
Effective Date: June 8, 2026
Applicable App: KopiAI
Applicable App Versions: All versions
Data Controller: KopiAI Developer
Privacy Contact: cdlcdl9527@gmail.com
1. Introduction and Scope
This Privacy Policy explains how KopiAI ("App") collects, uses, shares, stores, and deletes data.
This policy applies to processing through:
- The KopiAI Android app
- Our backend API gateway (Cloudflare Worker)
- Integrated third-party SDKs and service providers listed in Section 6
This policy does not apply to third-party products/services not controlled by us.
2. Data We Process
We follow data minimization and process only data needed for core features, security, abuse prevention, diagnostics, analytics, ads, and legal compliance.
2.1 Data You Create in App (Primarily Local)
- Translation history
- Vocabulary and learning records
- Generated content history
- App preferences and settings
2.2 Device and Technical Data
- App-generated pseudonymous device identifier (used for quota, anti-abuse, and security)
- App/device technical metadata (for compatibility and diagnostics)
- Network metadata at API edge (for example IP address)
- Security/rate-limit counters and operational metrics
2.3 Sensitive Permissions and Data Boundaries
Current Android permissions requested by the App:
- `CAMERA`
- `RECORD_AUDIO`
- `INTERNET`
- `ACCESS_NETWORK_STATE`
- Google Play Billing permission
- Advertising and ads measurement identifiers/attribution/topics permissions
- `WAKE_LOCK`
Important boundaries:
- Camera/microphone permissions are requested only when you actively use related features (not at app launch).
- If you deny camera/microphone permission, related feature(s) will not work, but other core text-based features remain available.
- The App does not currently request location runtime permission.
- We do not use camera/audio permission for unrelated profiling or advertising.
- Network state is used to check connectivity for online features.
- Billing permission is used only for Google Play purchase and subscription flows.
- Advertising identifiers, attribution data, and ad topics signals may be processed by Google advertising, analytics, and install-referrer services for ads, measurement, anti-fraud, campaign attribution, and ad relevance, subject to user device settings.
- Wake locks may be used by integrated SDKs or background work infrastructure to complete short operational tasks reliably; we do not use them to collect unrelated personal data.
2.4 Purchases
Google Play Billing processes payment and transaction data. We do not store full payment card details.
2.5 Ads, Analytics, and Diagnostics
Depending on app behavior/SDK behavior and your settings, data may be processed for:
- Ad serving/measurement/anti-fraud (AdMob)
- Product analytics (Firebase Analytics)
- Crash reporting/diagnostics (Firebase Crashlytics)
3. Purposes of Processing
We process data to:
- Provide translation and language-learning features
- Support network AI features through backend routing
- Enforce quota limits and anti-abuse controls
- Serve and measure ads
- Improve app quality and performance
- Detect crashes, security issues, and fraud
- Meet legal obligations
4. Backend Processing and Retention
When network features are used, requests are processed by our backend (Cloudflare Worker).
4.1 Backend Data Categories
- API request payloads required to serve requested features
- Pseudonymous device ID headers
- Edge network metadata (for example IP)
- Security, anti-abuse, and rate-limit state
4.2 Backend Purposes
- Route requests to configured model providers
- Prevent abuse/fraud/replay and enforce limits
- Operate reward challenge/claim integrity flow
- Support operations, reliability, and incident response
4.3 Typical Retention (Operational Stores)
Retention is TTL-based and limited to necessary periods, for example:
- Metrics: up to about 35 days
- Risk/abuse state: short-term TTL (configurable)
- Reward challenge state: short-lived (minutes)
Retention may be adjusted for security/operations. If law requires longer retention, legal requirements prevail.
5. Server-Side Data Deletion Requests (Google Play and Legal Compliance)
Even though the App does not provide standalone KopiAI account registration, you may request deletion of server-side data associated with your app usage (for example pseudonymous device ID records, backend risk/metrics records where linkable).
How to request deletion:
- Use the in-app local data deletion option to delete data stored on your device.
- For linkable server-side data, email: cdlcdl9527@gmail.com
- Subject: "Server Data Deletion Request"
- Include enough information for matching records (for example app-generated device ID, approximate request time window, country/region, app version).
Our process:
- We acknowledge receipt and begin verification.
- We process valid requests within 30 calendar days (or faster if required by local law).
- After completion, we send confirmation by email.
- If some data must be retained by law/security/fraud-prevention obligations, we restrict processing to those mandatory purposes only and explain the reason.
6. Third-Party Services, SDKs, and Sharing
We do not sell personal data for money.
Under Google Play policy, developers remain responsible for third-party SDK behavior inside the app. We perform due diligence and require integrated third parties to comply with applicable policies.
Third-party services used:
1. Google ML Kit
- Purpose: on-device text recognition, language identification, and translation
- Camera images and OCR frames are processed on-device by the App/ML Kit and are not uploaded by us to OCR providers.
- Policy: https://policies.google.com/privacy
2. Google AdMob
- Purpose: ad serving, ad measurement, anti-fraud
- Policy: https://policies.google.com/privacy
3. Google Play Billing / Google Play Services
- Purpose: purchase/subscription validation and Play-related services
- Policy: https://policies.google.com/privacy
4. Firebase Analytics
- Purpose: usage analytics
- Policy: https://firebase.google.com/support/privacy
5. Firebase Crashlytics
- Purpose: crash diagnostics
- Policy: https://firebase.google.com/support/privacy
6. Cloudflare
- Purpose: API gateway, edge security, and traffic handling
- Policy: https://www.cloudflare.com/privacypolicy/
7. AI model providers configured by backend
- Example providers: Google Gemini API, OpenAI API
- Purpose: generate responses for user-requested AI features
- Policies:
- Google: https://policies.google.com/privacy
- OpenAI: https://openai.com/policies/privacy-policy
We may disclose data when required by law, legal process, or to protect rights/safety/security.
7. Advertising and Sensitive Category Restrictions
For ads and ad personalization:
- We do not intentionally use sensitive categories (such as race, religion, sexual orientation, health status, or financial hardship) for personalized advertising.
- We do not intentionally use your local translation content, vocabulary records, or generated AI content as direct inputs for personalized ad targeting.
- You can control personalization via your Google Ads/device settings.
8. Sale/Share Statement
- Under Google Play policy, "sale" is prohibited and generally refers to exchange/transfer of personal and sensitive data for monetary consideration.
- Where applicable law defines sale/share more broadly (for example other valuable consideration), we apply applicable legal requirements and honor your rights under those laws.
9. User Rights and Response Time
Depending on your jurisdiction, you may have rights such as access, correction, deletion, portability, objection/restriction, and complaint.
How to exercise rights:
- Email: cdlcdl9527@gmail.com
- In-app: Settings -> Send Feedback
Response time:
- We respond to valid requests within 30 calendar days, unless a shorter legal deadline applies.
10. No Standalone KopiAI Account
The App currently does not provide standalone KopiAI account registration/login.
Therefore, app-account deletion workflows for in-app accounts do not apply. However, Section 5 explains how to request deletion of linkable server-side data.
11. Children and Age Thresholds
The App is not directed to children.
We do not knowingly collect personal data from children under 13, or under a higher minimum age where required by local law. If such data is identified, we will take steps to delete it.
12. Security Measures
We use reasonable technical and organizational safeguards, including:
- HTTPS/TLS for network transmission
- Access controls and least-privilege operations
- Anti-abuse monitoring and security controls
- Incident response procedures
No method is 100% secure, but we continuously improve safeguards.
13. Business Transfer
If a merger, acquisition, reorganization, bankruptcy, or asset transfer occurs:
- We will provide notice before material transfer of personal data (typically at least 30 days where feasible/required).
- The receiving party must protect data under terms no less protective than this policy.
- Where legally available, you may request deletion before transfer takes effect.
14. Cross-Border Processing
Data may be processed outside your country through global cloud/service providers. We apply safeguards required by applicable law.
15. Regional Compliance (Southeast Asia)
For users in Southeast Asia (including Singapore, Indonesia, Thailand, Malaysia, and Vietnam), we process data in accordance with applicable local privacy/data protection requirements, including rights handling and lawful transfer obligations.
16. Tracking Technologies
The app and integrated SDKs may use identifiers and similar technologies (for example Android advertising identifiers and SDK telemetry mechanisms) for ads, analytics, diagnostics, security, and anti-fraud.
You can manage ad personalization and reset advertising identifiers in device Google Ads settings.
17. In-App Prominent Disclosure and Consent
Where required by Google Play policy, we provide in-app prominent disclosure and obtain affirmative user action before collecting/processing personal and sensitive data outside reasonable user expectation.
18. Policy Accessibility and Language
- This policy is made available in-app (Settings -> Privacy Policy) and should also be published on a publicly accessible HTTPS URL in Play listing.
- No login should be required to view the web policy.
- If multiple language versions exist, the English version controls in case of conflict.
19. Changes to This Policy
We may update this policy when features, providers, legal requirements, or processing practices change.
For material changes, we provide prominent notice where required.
20. Contact
Privacy requests and complaints:
- Email: cdlcdl9527@gmail.com
- In-app feedback: Settings -> Send Feedback
The English version is the authoritative version. No login is required to view this page.