Privacy Policy
Last updated: April 23, 2026
Effective date: April 23, 2026
This Privacy Policy explains how Korka (“we”, “our”, “the app”) handles information when you use the Korka iOS application and related services at korka.app. The Korka service is provided “AS IS”.
We built Korka with privacy as a default. We do not sell your data. We do not run ads. We do not track you across other apps. We do not send marketing emails. Your saved places are yours.
1. Who we are
Korka is operated by Astrid as a sole proprietor based in Sweden. For all matters relating to this Privacy Policy, including data access requests, corrections, deletions, or questions, you can reach us at:
Email: hello@korka.app
We are the data controller for personal information processed through Korka.
2. Age requirement
Korka is intended for users aged 16 and over. We do not knowingly collect information from anyone under 16. If you are under 16, please do not use Korka or provide any information to us. If we learn that we have collected information from a person under 16, we will delete it.
3. Information we collect
3.1 Information you provide directly
Account information. When you create an account, we collect your email address (if you sign up with email) or the identifier provided by Apple (if you use Sign in with Apple). Sign in with Apple lets you use a private relay email if you prefer.
Content you save. When you share a social media post with Korka, or paste a URL into the app, we receive the URL of that post. We then process the public content of the post (see Section 4) to identify the venue and save a reference to that venue on your personal map. The saved reference includes the venue’s name, address, city, coordinates, and a link back to the original post. You can delete any saved venue at any time from within the app.
Collections and notes. If you organize venues into collections, we store the collection name and the venues it contains. If you add status markers (“To try” / “Been”) or ratings to venues you’ve visited, we store those.
Shared codes. If you share a collection or city with another Korka user via a 6-digit code, we store the code and the association between the code and the content being shared, so the recipient can redeem it.
3.2 Information collected automatically
Usage data. When you use the app, we collect anonymous analytics events (for example: “spot saved”, “map viewed”, “paywall shown”). These events help us understand which features are used and where users drop off. Events are associated with an anonymous user ID, not your email.
Crash data. If the app crashes or encounters an error, technical information about the device state at that moment is sent to our error reporting service. This does not include your saved content.
Device information. Standard information about your device (model, operating system version, app version) is collected for compatibility and debugging.
3.3 Location information
Korka can use your approximate location (with your permission) to:
- Automatically show the nearest city on the map when you open the app
- Display venues near you
We do not track your location in the background. We do not store your location history. Location is only used in real time to improve the app experience on the current screen. You can revoke location permission at any time in your iOS Settings.
4. How we use your information
We use the information described above to:
- Operate the app. Identify venues from the posts you share, save them to your personal map, sync them across your devices, and serve them back to you in search, map, and list views.
- Provide AI-assisted features. The AI Trip Planner orders your selected venues into a walking route. AI community notes summarize public venue reviews. Venue identification processes the public content of posts you chose to share.
- Process payments. If you purchase the one-time premium unlock, we use Apple’s In-App Purchase system through our payment platform to verify and activate your purchase.
- Improve the app. We analyze anonymous usage patterns to understand which features work and which don’t.
- Fix problems. We use crash and error data to identify and resolve bugs.
- Communicate with you. We may send you transactional emails related to your account (for example, purchase confirmation, account deletion confirmation). We do not send marketing emails.
We do not use your data for advertising. We do not sell your data to anyone.
5. Third-party services we use
Korka relies on a set of third-party service providers to function. Each receives only the data needed for its specific role. We describe each category below; where we name a specific provider, it is because they are a visible part of the user experience.
| Category | Purpose | What data it receives |
|---|---|---|
| Apple (Sign in with Apple, App Store) | Authentication and payment processing | Apple ID identifier, purchase receipts |
| Cloud database and hosting | Stores your account, saved venues, collections, and ratings | Account identifier, saved content, preferences |
| AI processing partner | Identifies venues from the public content of posts you share; generates trip-planning suggestions and community-note summaries | The public content of the post (no personal data about you is sent) |
| Content retrieval partner | Retrieves the public content of the posts you share | The URL of the post you chose to share |
| Google Places API | Enriches venue data (address, photos, rating, opening hours) | The venue name and city being looked up |
| Google Maps SDK | Renders the map inside the app | Standard map tile requests (Google receives IP address and approximate location for tile rendering, per Google's own policies) |
| Payment platform | Manages the one-time premium unlock | Your anonymous user ID and Apple purchase receipt |
| Anonymous product analytics | Helps us understand which features are used | Anonymous event names and properties, anonymous user ID (no email, no name, no device identifier for advertising) |
| Crash and error reporting | Helps us identify and fix bugs | Technical error information, device state at crash time (no saved content) |
We do not share your data with any third party outside these service providers. None of these providers are authorized to use your data for purposes beyond providing their service to Korka. If you need the identity of a specific provider for a regulatory request (for example, a data subject access request under GDPR), email hello@korka.app and we will provide it.
6. Legal basis for processing (GDPR)
If you are in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:
- Performance of a contract. When you create an account and use Korka, we process the data needed to provide the service you signed up for.
- Legitimate interests. We use anonymous analytics and crash reports to operate and improve the app. You have the right to object to this processing.
- Consent. If you grant location permission, we use location based on your consent. You can withdraw consent at any time in iOS Settings.
- Legal obligations. We may process data to comply with legal obligations (for example, responding to a lawful subpoena).
7. Data retention
We keep your data for as long as your account exists. If you delete your account from within the app, we permanently delete:
- Your account record
- All saved venues, collections, and ratings
- Any shared codes you created
Anonymous analytics events and crash reports may be retained in aggregate form after account deletion, but they cannot be tied back to you because they were never tied to your identity in the first place.
Backup systems may retain residual copies of data for up to 30 days after deletion as part of standard operational recovery procedures. After 30 days, the data is fully gone.
8. Your rights
8.1 Everyone
You can:
- Access your data by viewing it inside the app
- Correct your data by editing or replacing it in the app
- Delete your account and all associated data from the Settings screen inside the app
8.2 If you are in the EEA, UK, or Switzerland (GDPR rights)
In addition to the above, you have the right to:
- Request a copy of your personal data in a portable format
- Restrict how we process your data
- Object to processing based on legitimate interests
- Request the identity of specific service providers that have processed your data
- Lodge a complaint with a supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY): imy.se
To exercise any of these rights, email hello@korka.app. We will respond within 30 days.
8.3 If you are in California (CCPA / CPRA)
California residents have the right to know what personal information we collect, to delete it, and to not be discriminated against for exercising these rights. We do not sell personal information. To exercise your rights, email hello@korka.app.
9. International data transfers
Korka is operated from Sweden, but the third-party services we rely on may process data in other countries, including the United States. When personal data is transferred outside the EEA, we rely on the safeguards that each service provider has in place, such as Standard Contractual Clauses approved by the European Commission.
10. Security
We take reasonable technical and organizational measures to protect your data:
- All data is transmitted over encrypted connections (HTTPS / TLS)
- Third-party API keys are stored server-side, not in the app bundle
- Access to our backend is restricted and logged
- We use Row Level Security in our database to ensure users can only access their own data
No system is perfectly secure. If we become aware of a security breach that affects your personal data, we will notify you without undue delay, as required by law.
11. Children’s privacy
As stated in Section 2, Korka is not intended for anyone under 16. We do not knowingly collect information from anyone under 16.
If you are a parent or guardian and you believe your child has provided information to us, please contact us at hello@korka.app and we will delete the information promptly.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will change the “Last updated” date at the top and, for significant changes, notify you inside the app or by email.
Your continued use of Korka after an update means you accept the revised policy.
13. Your consent and opt-out
By downloading, installing, and using Korka, you consent to the processing of your information as described in this Privacy Policy, including any future amendments we publish here.
You can withdraw your consent or stop the processing of your data in several ways:
- Stop using the app. Uninstalling Korka from your device halts any further automatic collection of data from your device. Standard iOS uninstall processes apply (press and hold the app icon, then tap Remove App).
- Delete your account. From the Settings screen inside the app, you can permanently delete your account and all associated data. See Section 7 for what this removes and Section 8 for your rights.
- Revoke specific permissions. You can revoke location permission at any time in iOS Settings → Privacy → Location Services → Korka. The app will continue to function without location access, with reduced automatic city detection.
- Ask us to do it for you. Email hello@korka.app and we will action your request within 30 days.
Uninstalling the app does not automatically delete your account data from our servers. To delete your account data, use the Delete Account flow inside the app or email us.
14. Contact
For any question about this Privacy Policy, or to exercise any of your rights:
Email: hello@korka.app