Privacy Policy

1. About this policy

This Privacy Policy explains how KOMKOR Apps LLC(“we,” “us,” or “KOMKOR”) collects, uses, and shares information when you visit or use AI Law Scanner at ailawscanner.com (the “Service”).

Questions or requests: support@ailawscanner.com. Postal address: KOMKOR Apps LLC, 2108 N ST STE N, Sacramento, CA 95816.

2. Information we collect

We collect only what we need to deliver the Service. We do notcollect government IDs, biometric data, precise geolocation, your customers' or employees' personal data, or Sensitive Personal Information as defined by California's CPRA or comparable state laws.

From you, directly:

• Email address — entered on the scan form and at checkout. Used to deliver your report, send law-update alerts, and measure advertising effectiveness.
• Business profile — business name, U.S. states served, business type, employee count band, and which AI tools you indicate using. Used to generate your compliance report and documents.
• Account credentials (subscribers only) — email and authentication tokens, managed through Supabase.
• Payment data — processed by Stripe. We do not see or store your full card number.
• Support communications — anything you send to support@ailawscanner.com.

Collected automatically:

• Request logs — IP address, user agent, timestamps, requested URLs. Used for security, abuse prevention, and debugging.
• Cookies — see Section 5.

3. How we use information

• Generate and deliver your compliance report and documents
• Send service emails (scan results, document delivery, account notices) and occasional law-update alerts
• Process payments and manage subscriptions
• Measure the effectiveness of our advertising (see Sections 4 and 5)
• Detect, prevent, and respond to abuse, fraud, or security incidents
• Comply with legal obligations and enforce our terms

4. How we share information

We share information with the service providers below, who process it on our behalf under contract:

• Vercel— web hosting and content delivery
• Cloudflare— DNS, CDN, and email routing
• Supabase— database and authentication
• Stripe— payment processing. Stripe's privacy policy at stripe.com/privacy governs its processing of your payment data.
• Resend— transactional email delivery
• Anthropic— document generation via the Claude API (see Section 6)
• Google— advertising measurement, with hashed identifiers only (see below)

No sale of personal information. We do not transfer personal information to third parties in exchange for monetary consideration.

Advertising measurement (“sharing” under California law). When you complete the free scan or a purchase, we share a SHA-256 hashed version of your email with Google for advertising measurement (Google Ads enhanced conversions). The hash is one-way; Google does not receive your raw email through this mechanism. Under California's CCPA/CPRA and similar state laws, this disclosure may be considered “sharing” for cross-context behavioral advertising. You can opt out at any time — see Section 7, or via Google Ad Settings.

Legal disclosures. We may disclose information when required by law, subpoena, or to enforce our terms or investigate suspected abuse.

Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction; we will require the receiving party to honor this Policy.

5. Cookies and tracking technologies

We use a small set of cookies and similar technologies:

• Essential— Supabase authentication tokens (when you sign in) and Stripe's checkout cookies (when you purchase). These are required for the Service to function.
• Advertising— Google Ads first-party cookies (such as _gcl_aw) attribute scan and subscription conversions back to advertising clicks. Expires approximately 90 days after your most recent ad click.

You can clear or block cookies in your browser settings, opt out of personalized Google advertising via Google Ad Settings, or send a Global Privacy Control (GPC) signal in your browser (see Section 7).

6. Automated processing and AI

Your compliance report is generated by a deterministic rules-engine based on the business profile you provide; no AI model is involved in producing the report itself.

Your compliance documents(offered to paying subscribers) are generated by Anthropic's Claude API. We transmit your business profile to Anthropic solely for that purpose. Under Anthropic's commercial terms, Anthropic does not use this data to train its models.

We do not routinely review your business profile or the documents we generate for you. We may access them only as needed to respond to a support request from you or to investigate a technical issue. The Service does not make automated decisions about you in ways that produce legal or similarly significant effects on you (such as employment, credit, or insurance decisions).

7. Your privacy rights

Regardless of where you live, you may:

• Access the personal information we hold about you
• Correct information that is inaccurate
• Delete your information (subject to legal retention requirements, e.g., payment records)
• Receive a portable copy of your data in a common machine-readable format
• Opt out of marketing emails via the unsubscribe link in any marketing email we send
• Opt out of advertising measurement / “sharing” — email us, or send a Global Privacy Control (GPC) signal from your browser. We honor GPC as an opt-out of sharing for cross-context behavioral advertising and of targeted advertising where required by state law.
• Non-discrimination— we will not deny service, charge different prices, or reduce service quality because you exercise these rights.

How to exercise your rights. Email support@ailawscanner.com with the subject “Privacy Request,” or write to us at the postal address in Section 1. We respond within 45 days; we may extend that window by an additional 45 days where allowed by law and will notify you if we do.

Verification. We may verify your identity using information already on file (such as the email associated with your account) before fulfilling a request. We do not collect new sensitive information solely for verification.

Authorized agents. You may designate an authorized agent to make a request on your behalf. The agent must provide written, signed permission from you, and we may require you to verify your identity directly with us.

8. Data retention

• Active accounts and subscriptions— retained while your account is active
• Cancelled subscribers— we automatically delete account, scan, and document data within 90 days after your last paid period ends, unless you request earlier deletion
• One-time purchases— documents are retained for your future re-download until you request deletion
• Payment records— retained for at least seven years for tax, audit, and fraud-prevention purposes
• Server logs— retained only for the period provided by our hosting platform, used solely for security, abuse prevention, and debugging
• Hashed identifiers shared with Google— retained according to Google's policies

9. Security

We protect your information with industry-standard measures: TLS encryption in transit, encryption at rest provided by our database and payment partners, and strict access controls within our team.

In the event of a security incident affecting your personal information, we will notify affected users without unreasonable delay and as required by applicable state breach-notification laws.

10. International data transfers

We process and store data in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the U.S.

EEA / UK visitors. The Service is operated from the United States and is not actively marketed in the EEA or United Kingdom. We currently do not transmit enhanced conversion identifiers to Google for visitors whose IP address is in the EEA or UK. If you are an EEA or UK resident and would like to exercise any GDPR or UK GDPR rights you may have, contact us at support@ailawscanner.com.

11. Children's privacy

The Service is intended for businesses and is not directed to children. We do not knowingly collect personal information from children under 16 in California, or under 13 elsewhere in the United States. If you believe a child has provided us information, contact support@ailawscanner.com and we will delete it.

12. Changes to this policy

We may update this Policy from time to time. We will update the “Last updated” date at the top of the page. For material changes (for example, new categories of data collected or new categories of recipients), we will notify active subscribers by email at least 30 days before the change takes effect.

14. Other U.S. state rights

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Tennessee, Florida, Montana, Iowa, Indiana, Delaware, New Jersey, New Hampshire, Minnesota, Maryland, Kentucky, and Rhode Island have rights under their respective comprehensive privacy laws that closely parallel the rights described in Section 7, including the right to access, correct, delete, port, and opt out of targeted advertising or profiling. To exercise any of these rights, contact us at support@ailawscanner.com.

Colorado & Connecticut. We honor a valid Global Privacy Control (GPC) signal as an opt-out of targeted advertising and sale of personal information.