Privacy Policy

Who we are

Kourt is a content-pipeline SaaS operated by Open Source Consulting Pty Ltd(ABN 87 138 794 920), a company registered in Queensland, Australia. Our registered office is at 1503, 13–17 Cordelia Street, South Brisbane QLD 4101. When this policy says “we,” “us,” or “Kourt,” it means that company.

Questions, requests, or complaints: email hello@kourt.ai.

What we collect

We only collect what we need to run the service:

• Account data: your email address and a hashed password (we never see your plaintext password). Handled by Supabase on our behalf.
• Workspace data: your brand profile, compliance pack, keywords, article drafts, internal link graph, and any reference documents you upload. This is the content you actively put into Kourt to get value out.
• Billing data: if you subscribe to a paid plan, Stripe handles your card details directly. We receive a Stripe customer ID, subscription status, and invoice history. We never see your full card number or CVC.
• Google Search Console data: if you choose to connect Search Console. See the dedicated section below.
• Usage telemetry: a record of what your workspace did (articles generated, CMS publishes, visibility runs) so we can meter plan limits and bill accurately.
• Technical logs: IP address, user agent, and timestamps tied to requests, retained for up to 30 days for security and debugging.

Why we collect it

• To provide the Kourt service you signed up for.
• To bill you correctly and handle subscription lifecycle events.
• To detect abuse and enforce our Terms of Service.
• To send service emails (password resets, invoice receipts, workspace invitations). We do not send marketing email without explicit opt-in.

Google Search Console data

This section describes exactly how Kourt uses Google user data we access through OAuth, in line with the Google API Services User Data Policy and its Limited Use requirements.

Scope we request: https://www.googleapis.com/auth/webmasters.readonly (read-only access to your Search Console data). We do not request any write, edit, delete, or other scope.

What we read:

• The list of verified properties on your Google account.
• Your Google account email address, so you can see which Google identity is currently connected.
• Search Analytics rows for the property you choose, specifically the query phrase and its impressions, clicks, CTR, and average position over the last 28 days.

Why we read it:to show you which search terms your site is already half-ranking for, so you can prioritise content briefs against real demand. That's the single purpose of this data inside Kourt.

What we do not do with it:

• We do not sell or rent it to anyone.
• We do not share it with advertisers or data brokers.
• We do not use it to train, fine-tune, or evaluate machine learning models, ours or any third party's.
• We do not transfer it outside of the service providers listed below, and we restrict employee access to what is strictly needed for support.

How we store it: your OAuth refresh token is encrypted at rest using AES-256-GCM before being written to our database. Search Analytics rows are stored as regular workspace data, scoped to your tenant and protected by row-level security.

How long we keep it:refresh token until you disconnect; Search Analytics rows for as long as you're an active customer (plus the 30-day grace window described below).

How to revoke: click Disconnect on the Search Console page inside Kourt to delete your refresh token and stop any further reads. You can also revoke Kourt independently from your Google account at myaccount.google.com/permissions.

AI-generated content

Kourt uses large language models from OpenAI, Anthropic, and Perplexity (routed via Vercel AI Gateway) to generate and grade article drafts. When we send your content or brand profile to these providers to generate an article:

• We use the providers' commercial APIs, which contractually exclude our traffic from being used to train their models.
• We do not retain prompts or completions longer than needed to return your result.
• Your Search Console data is never sent to any AI provider. It stays in our database and only surfaces on your keywords page.

Who we share data with

We use industry-standard service providers to run the service. Each receives only the data they need to do their job:

• Supabase: database, authentication, and file storage.
• Vercel: application hosting and CDN.
• Stripe: billing and payment processing.
• Resend: transactional email delivery.
• OpenAI, Anthropic, Perplexity (via Vercel AI Gateway): content generation, grading, and visibility checks.
• Google, DataForSEO: public search data and your own Search Console data.

We do not sell your personal information, and we do not share it with advertisers.

How we secure your data

All data in transit is encrypted with TLS. Secrets we hold for you (such as CMS connection tokens and Search Console refresh tokens) are encrypted at rest with AES-256-GCM before being written to the database. Row-level security in our database ensures that users only ever read their own workspace's data.

How long we keep your data

We keep your workspace data for as long as you have an active Kourt account. If you delete your account, we delete your workspace data within 30 days, except where we're legally required to retain it (e.g. tax records for invoices).

Your rights

Depending on where you live, you may have the right to:

• Access a copy of the personal data we hold about you.
• Correct it if it's wrong.
• Delete it (by deleting your account).
• Object to, or restrict, how we process it.
• Port your data elsewhere.
• Complain to a privacy regulator. In Australia, the Office of the Australian Information Commissioner.

Email hello@kourt.ai to exercise any of these and we'll respond within 30 days.

Cookies

We use a small number of cookies to keep you signed in and to remember which workspace you're viewing. We do not use advertising or third-party tracking cookies. We do not use Google Analytics.

Children

Kourt is a business tool and is not intended for anyone under 18. We do not knowingly collect data from children.

Changes to this policy

If we make material changes to this policy, we'll email active account holders at least 14 days before the changes take effect. Minor wording or structural changes we'll post here with an updated date at the top.

Contact

Open Source Consulting Pty Ltd
1503, 13–17 Cordelia Street
South Brisbane QLD 4101
Australia
hello@kourt.ai