1. Who we are

KoraKit (“we”, “us”, “our”) is an online platform providing business startup tools for entrepreneurs in the United Kingdom. If you have any questions about this policy, please contact us at info@korakit.com.

2. What data we collect

We may collect and process the following personal data:

Account information: Name, email address and password (hashed) when you register.

Business preferences: Company name, niche, location and brand colours you provide during onboarding.

Usage data: Pages visited, features used, IP address, browser type and device information collected via cookies and analytics.

Communications: Any messages you send us via email or in-app contact forms.

Marketing preferences: Whether you have opted in to receive marketing communications.

3. Legal basis for processing

We process your personal data on the following legal grounds under UK GDPR:

Contract: Processing necessary to deliver our services to you (Article 6(1)(b)).

Consent: Where you have opted in to marketing communications (Article 6(1)(a)). You may withdraw consent at any time.

Legitimate interests: To improve our platform, prevent fraud and ensure security (Article 6(1)(f)).

Legal obligation: Where we are required by law to retain or disclose data (Article 6(1)(c)).

4. How we use your data

To create and manage your account.

To provide, personalise and improve our services.

To send transactional emails (e.g. email verification, password resets).

To send marketing communications where you have opted in.

To monitor and analyse usage to improve the platform.

To detect, prevent and address security issues.

5. Data sharing

We do not sell your personal data. We may share data with trusted third-party service providers who assist in operating our platform (e.g. hosting, email delivery, analytics). All third parties are bound by data processing agreements.

6. Data retention

We retain your personal data for as long as your account is active or as needed to provide our services. If you delete your account, we will remove your personal data within 30 days, unless we are legally required to retain it.

7. Your rights

Under UK GDPR, you have the right to:

Access your personal data.

Rectify inaccurate or incomplete data.

Erase your personal data (“right to be forgotten”).

Restrict or object to processing.

Data portability — receive your data in a structured, machine-readable format.

Withdraw consent at any time where processing is based on consent.

To exercise these rights, email us at info@korakit.com.

8. Cookies

We use cookies and similar technologies for authentication, analytics and to remember your preferences. For full details, see our Cookie Policy.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption of passwords, secure HTTPS connections and regular security reviews.

10. International transfers

Your data may be processed outside the UK where our service providers are located. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

11. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or by posting a notice on our platform. The “last updated” date above indicates when this policy was last revised.

12. Contact & complaints

If you have questions or complaints about how we handle your data, please contact us at info@korakit.com.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection.