Privacy Policy

We collect the following information when you use Kirasame Sora: • Email address — collected at sign-up via Clerk for authentication and to send purchase receipts. • Cloud billing CSV file — uploaded by you to generate your audit report. This file is processed in memory to produce your report and is not stored permanently. • Payment information — handled entirely by Stripe. We receive only a transaction reference ID; we never see or store your card number, CVV, or expiry date. • Audit reports — the generated audit report (findings, summary, score) is stored in our database if you purchase a Specialist Report, so you can access it again. • Usage data — we collect anonymous page view counts and audit usage counts to understand how the product is used.

We use your information to: • Provide and operate the Kirasame Sora cloud cost audit service. • Send purchase receipts and account-related emails. • Store and display your saved audit reports (Specialist Report plan only). • Enforce fair usage limits (1 free audit per month per account). • Improve the product through anonymous usage analytics. We do not sell, rent, or share your personal information with third parties for marketing purposes.

We use the following trusted third-party services: • Stripe — payment processing. Stripe's privacy policy: https://stripe.com/privacy • Clerk — user authentication. Clerk's privacy policy: https://clerk.com/privacy • Neon (PostgreSQL) — encrypted database hosting. • Vercel — application hosting and CDN. • Anthropic Claude API — AI analysis of your billing data. Your CSV data is sent to Anthropic's API to generate findings. Anthropic's privacy policy: https://www.anthropic.com/privacy Each provider processes data according to their own privacy policies and applicable data protection laws.

• Snapshot audit reports: not stored permanently. Report data exists only for the duration of your session. • Auditor audit reports: not stored permanently. Report data exists only for the duration of your session. • Full audit reports: stored in our database for a minimum of 3 years from purchase date. • Account data: retained while your account is active. You may request deletion at any time by contacting us.

You have the right to: • Access the personal data we hold about you. • Request correction of inaccurate data. • Request deletion of your account and associated data. • Export your audit reports (PDF export available in-app). To exercise any of these rights, contact us at support@kirasame.com.

We use minimal cookies required for authentication (managed by Clerk) and session state. We do not use tracking cookies or third-party advertising cookies.

All data is transmitted over TLS-encrypted connections (HTTPS). Our database is encrypted at rest. Access to production systems is restricted to authorised personnel only. See our Security page for full details.

If you have questions about this Privacy Policy, contact us at: support@kirasame.com