Kora Logo
Log inGet Started
Kora Logo

Privacy Policy

Last updated: February 15, 2026

Overview

This policy describes how Kora collects, uses, and shares data when you use our property maintenance platform and related messaging workflows.

What We Collect

We collect data you provide directly and data generated while operating maintenance workflows, including:

  • Account and organization data (name, email, password hash, role, organization linkage).
  • Property, tenant, and vendor data (addresses, unit data, contact data, service preferences).
  • Maintenance request data (contact info, issue description, status, urgency, schedule, costs, notes).
  • Attachment metadata and files (photos/documents, filename, content type, size, storage URL).
  • Communication data (SMS and inbound email content/metadata, conversation session history).
  • Operational telemetry (request IDs, route/method, queue/job metadata, error diagnostics).
  • Billing metadata (for example customer/subscription identifiers), not raw card PAN/CVV in application tables.

How We Use Data

  • Operate maintenance intake, triage, dispatch, and scheduling workflows.
  • Communicate with tenants, vendors, and property teams via SMS and email.
  • Run AI-assisted extraction/classification and workflow automation features.
  • Support reliability, incident response, abuse prevention, and auditing.
  • Support onboarding, account administration, and billing operations.

How We Share Data

We share data with service providers/processors required to operate the platform, such as messaging, AI inference, file storage, queue/cache infrastructure, email ingestion, and error monitoring.

  • Twilio (SMS delivery and inbound webhook processing).
  • OpenAI and optional Keywords AI gateway (AI processing paths when enabled).
  • Cloudflare R2-compatible object storage (or local storage in local development).
  • SendGrid and/or Mailgun inbound email pipelines.
  • Sentry-based error monitoring when enabled by environment configuration.

We do not sell personal information.

No Sharing for Marketing

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

SMS Program Disclosures

If you interact with Kora by SMS, we process sender number, recipient number, and message content needed for maintenance coordination and service operations. This includes request confirmation, scheduling, status updates, completion verification, and emergency communications.

Message frequency may vary. Message and data rates may apply. Carrier keyword flows such as STOP and HELP may be supported by your messaging provider.

You may opt out of SMS at any time by replying STOP. You may request support by replying HELP or emailing kora.propertymanagement@gmail.com.

SMS consent is explicitly captured via a digital web form. Users receive an email invitation to their Kora portal, where they must affirmatively check an unchecked SMS consent checkbox during account activation. No SMS messages are sent to users before this digital consent is collected to ensure full compliance with opt-in regulations.

Mobile information will not be shared with third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent will not be shared with third parties.

Public consent flow documentation: https://app.getkoratech.com/sms-consent

Cookies, Local Storage, and Tracking

The web app uses a server-set HttpOnly authentication cookie for session management. We do not persist the auth token in browser local storage.

We do not use third-party advertising trackers in the main web application experience.

Security and Retention

Kora uses layered operational controls, access controls, secret management, and monitored systems to protect service data. Logging paths include sensitive-field redaction rules.

Current code-backed retention defaults include:

  • Auth token/cookie lifetimes are configured to 7 days by default.
  • Conversation session cache and durable session expiry are configured to roughly 24 hours.
  • Queue metadata retention defaults: completed jobs about 24 hours, failed jobs about 7 days.
  • Inbound email payload storage is configurable and defaults to minimized storage in production guidance.

Other operational and account records may be retained for service continuity, dispute handling, and legal obligations.

Your Privacy Rights

Depending on your jurisdiction (including California), you may have rights to request access, correction, deletion, and a copy of certain personal data.

You may also request details about categories of personal information collected and disclosed for business purposes.

Children's Privacy

Kora is designed for property operations use and is not intended for children under 13.

Policy Changes

We may update this policy from time to time. We will update the date shown at the top of this page.

Contact

For privacy requests, contact: kora.propertymanagement@gmail.com

Back to home