Privacy Policy

Last updated: March 29, 2026

1. Introduction

Kuraite ("we", "our", "us") is operated by Suprajanan, a registered business based in Jaipur, Rajasthan, India. We provide the Kuraite platform at kuraite.co.in. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information. By using our service, you agree to this policy.

2. Data We Collect

We collect the following categories of information:

  • Account Information: Name, email address, and password (hashed) when you create an account.
  • Brand Information: Business niche, brand colors, fonts, voice style, and content pillars you provide during onboarding.
  • Generated Content: Captions, hashtags, strategy documents, calendar plans, and reel scripts created through the platform.
  • Instagram Data (via Facebook OAuth): When you connect your Instagram account, we access your Instagram Business Account profile (username, name, biography, follower count, media count, profile picture) through the Facebook Graph API.
  • Competitor Analysis Data: When you enter competitor Instagram handles during strategy creation, we use the Instagram Business Discovery API to fetch publicly available data about those accounts, including follower count, media count, biography, and recent post engagement metrics (likes, comments, captions, timestamps, media types). This data is only available for public Business and Creator accounts.
  • Usage Data: Basic analytics about how you use the platform (pages visited, features used) to improve the service.

3. How We Use Your Data

We use your data for the following purposes:

  • Content Generation: Your brand information, voice samples, and strategy data are sent to OpenAI (gpt-4o-mini) to generate personalized content. We do not store data on OpenAI's servers beyond the API call.
  • Competitor Analysis: Competitor Instagram data is fetched in real-time via the Instagram Business Discovery API and used to generate competitive analysis and content strategy recommendations. This data is processed temporarily and not permanently stored.
  • Service Improvement: Usage analytics help us understand which features are most valuable and where to improve the platform.
  • Account Management: Email is used for authentication, password resets, and important service notifications.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Instagram & Facebook Integration

When you connect your Instagram account via Facebook Login, we request the following permissions:

  • instagram_basic: Allows us to read your Instagram Business Account profile and use the Business Discovery endpoint to fetch public data about competitor accounts you specify.
  • pages_read_engagement: Required to access the Facebook Page linked to your Instagram Business Account, which is necessary for the API authentication flow.
  • pages_show_list: Required to retrieve the list of Facebook Pages you manage, so we can identify which Page is linked to your Instagram Business Account.

Your Facebook/Instagram access token is stored in an encrypted HTTP-only cookie in your browser. It is not stored on our servers. The token expires after 60 days, after which you will need to reconnect. You can disconnect your Instagram account at any time from the Settings page, which immediately deletes the stored token.

5. Data Storage & Retention

  • Account data (name, email, brand settings) is stored in our PostgreSQL database hosted on Neon (cloud PostgreSQL) and retained for the duration of your account.
  • Generated content (captions, strategies, calendars) is stored in the database and retained until you delete it or close your account.
  • Competitor analysis data is fetched in real-time and processed temporarily during strategy generation. It is not permanently stored in our database.
  • Instagram OAuth tokens are stored only in your browser cookie (encrypted, HTTP-only) and automatically expire after 55 days.
  • Upon account deletion, all your data is permanently removed from our database within 30 days.

6. Data Sharing

We share data only with the following service providers, solely to operate the platform:

  • OpenAI:Brand information and content prompts are sent to OpenAI's API for AI content generation. OpenAI does not use API inputs for training.
  • Meta (Facebook/Instagram): Your OAuth token is used to authenticate API requests to the Instagram Graph API and Business Discovery endpoints.
  • Vercel:Our application is hosted on Vercel's infrastructure.
  • Neon:Our PostgreSQL database is hosted on Neon's cloud infrastructure.

7. Your Rights

You have the following rights regarding your data:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Update or correct inaccurate personal data via the Settings page.
  • Deletion: Request deletion of your account and all associated data. You can also delete individual content items from the platform.
  • Disconnect: Revoke Instagram access at any time from the Settings page.
  • Data Portability: Request an export of your data in a machine-readable format.

To exercise any of these rights, contact us at the email address below or use the relevant features in the Settings page.

8. Cookies

We use the following cookies:

  • Authentication cookies: Session cookies for login state (essential, cannot be disabled).
  • Instagram credentials cookie: Encrypted HTTP-only cookie storing your Instagram OAuth token (55-day expiry).
  • CSRF protection cookie: Temporary cookie used during the OAuth flow (10-minute expiry).

We do not use third-party tracking cookies or advertising cookies.

9. Security

We implement industry-standard security measures including: HTTPS encryption for all data in transit, bcrypt password hashing, HTTP-only secure cookies, CSRF protection, rate limiting on all API endpoints, input sanitization, and Content Security Policy headers. Access tokens are never exposed to client-side JavaScript.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on the platform. Continued use of the service after changes constitutes acceptance of the updated policy. Previous versions of this policy are retained and available upon request.

11. Contact

For questions about this privacy policy, data requests, or to exercise your rights, contact us at:

Email: support@suprajanan.com