Legal
Privacy Policy
Last updated: March 21, 2026
Overview
KOPY is operated by Sebastian Kluger, Gensinger Straße 23, 10315 Berlin, Germany ("we", "our", or "us"). This Privacy Policy explains what information we collect when you use the KOPY app or website at getkopy.app, how we use it, and your rights under applicable data protection law — including the EU General Data Protection Regulation (GDPR / DSGVO).
By downloading, installing, or using KOPY, you agree to the practices described in this policy.
Who is responsible for your data
Sebastian Kluger
Gensinger Straße 23, 10315 Berlin, Germany
E-Mail: contact@getkopy.app
What we collect
Account data
When you sign in with Apple or Google, we receive your name and email address from those providers. This is stored by Firebase Authentication and used solely to identify your account and sync your subscription status across devices.
Legal basis (GDPR Art. 6 (1) b): Processing is necessary for the performance of the contract (providing you access to the KOPY service).
Usage data
We collect aggregated, anonymized metrics — such as which mode was selected and whether a reply was generated — to improve the product. We do not collect which specific replies were generated or any personally identifiable usage patterns.
Legal basis (GDPR Art. 6 (1) f): Legitimate interest in understanding how the product is used to improve it.
Subscription data
Purchase and subscription status is managed by RevenueCat and Apple's App Store. We receive only a subscription status flag ("active" or "inactive") — we never see your payment card details.
Server logs
Our hosting provider (Vercel) automatically records standard server log data including IP addresses, timestamps, and HTTP request metadata. These logs are retained by Vercel for a limited period in accordance with their privacy policy.
Legal basis (GDPR Art. 6 (1) f): Legitimate interest in operating a secure and functional service.
What we do NOT collect
- The messages you copy or paste into KOPY
- The AI-generated replies you receive
- Your conversation history with any contact
- Your location, contacts, or photos
Text you paste into the keyboard is transmitted to our AI provider solely to generate a reply and is immediately discarded after the response is returned. We do not log, store, or analyze message content.
How we use your data
- To authenticate you and maintain your account
- To verify your subscription status and unlock premium features
- To send transactional emails (e.g., subscription confirmations) — we do not send marketing emails without your explicit consent
- To improve KOPY using aggregated, anonymized analytics
- To protect against fraud, abuse, and unauthorized access
Third-party services
We use the following third-party services to operate KOPY:
| Service | Purpose | Data shared |
|---|---|---|
| Firebase (Google) | Authentication | Email, name |
| OpenAI / Anthropic | AI reply generation | Message text (ephemeral, not stored) |
| RevenueCat | Subscription management | User ID, purchase status |
| Apple App Store | Payment processing | Handled entirely by Apple |
| Vercel | Hosting & API | Standard server logs (IP, timestamp) |
| Supabase | Usage tracking & account data | User ID, usage counts |
Some of these providers are located outside the EU/EEA (e.g., the United States). We rely on standard contractual clauses (SCCs) and equivalent mechanisms to ensure an adequate level of data protection for international transfers.
Each provider operates under their own privacy policy and data processing agreements. We do not sell your data to any third party.
Bring Your Own Key (BYOK)
If you use the Own Key plan, your messages are sent directly to OpenAI using your own API key. In this case, your data is subject to OpenAI's privacy policy and usage terms. We do not receive, store, or log any messages sent via your personal API key.
Data retention
Account data (email, Firebase UID) is retained for as long as your account is active. Subscription records are retained as required by applicable accounting and tax law (in Germany: 10 years per § 147 AO). If you delete your account, we delete all associated personal data within 30 days, except data we are legally required to retain. Anonymized usage metrics may be retained indefinitely in aggregated form.
Your rights (GDPR)
Under the GDPR, you have the following rights:
- Access (Art. 15): You can request a copy of the personal data we hold about you.
- Rectification (Art. 16): You can ask us to correct inaccurate data.
- Erasure (Art. 17): You can ask us to delete your personal data, subject to legal retention requirements.
- Restriction (Art. 18): You can ask us to restrict processing of your data in certain circumstances.
- Portability (Art. 20): You can request your data in a structured, machine-readable format.
- Objection (Art. 21): You can object to processing based on our legitimate interests.
To exercise any of these rights, contact us at contact@getkopy.app. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority. In Germany, the relevant authority is the Berliner Beauftragte für Datenschutz und Informationsfreiheit (datenschutz-berlin.de).
Children's privacy
KOPY is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately at contact@getkopy.app.
Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via the app or by email at least 14 days before the changes take effect. Continued use of KOPY after that date constitutes acceptance of the updated policy. The current version is always available at getkopy.app/landing/privacy.
Contact
Questions about this Privacy Policy? Email us at contact@getkopy.app.
For our full legal disclosure, see the Imprint.