Privacy Policy

Kogira is an AI-powered IT strategy platform for CIOs and technology leaders. It is operated by Best Digital Strategies Pty Ltd (ABN 89 643 846 502), an Australian company.

The marketing website is at kogira.com and the application is at app.kogira.com.

If you have questions about this policy or how we handle your data, contact us at privacy@bestdigitalstrategies.com.au.

We collect only what is necessary to provide the service.

Account information. When you sign up, we collect your name, email address, and company name.

Authentication credentials. Passwords are hashed and never stored in plaintext. You may also authenticate using a passkey (WebAuthn) or enable multi-factor authentication via an authenticator app (TOTP) or SMS.

Documents you upload. If you upload strategy documents, IT assessments, or other files, we store these to provide the AI strategy features you have requested.

AI-generated outputs. Strategy documents, assessments, and other outputs produced by the platform on your behalf are stored in your account.

Billing information. Payment details are collected and processed directly by Stripe. We do not store your credit card number or full payment card data.

Usage and security events. We log platform events (such as authentication attempts and API calls) using hashed identifiers, not raw IP addresses or personally identifiable information. These logs are used for security monitoring, abuse prevention, and debugging.

We use the information we collect to:

• Provide, operate, and improve the Kogira platform
• Authenticate you and maintain the security of your account
• Process your uploaded documents through AI analysis to generate strategy outputs
• Send transactional emails (account confirmations, password resets, billing receipts)
• Respond to your support requests
• Detect and prevent fraud, abuse, and security incidents
• Meet our legal and compliance obligations

We do not use your information for advertising. We do not sell, rent, or trade your personal information to any third party, for any purpose, ever.

Kogira uses AI models to process documents and generate strategy outputs. The platform's architecture is designed so that AI providers can be swapped at the workflow level for different tasks. Enterprise clients with on-premise requirements can connect their own models or bring their own model (BYO model).

All AI processing happens server-side. Your documents are never sent to the AI provider directly from your browser. The AI provider receives only the content you have explicitly submitted for processing — it never receives your IP address, session token, or any other identity information.

Kogira operates under a zero-day data retention policy with its AI providers. This means your content is not retained by any AI provider beyond the window of a single response, and it is not used to train AI models.

Your data is stored in Australia by default. Our database and file storage infrastructure is hosted in the Sydney region. Enterprise clients may request data residency in any supported AWS region to meet jurisdictional or regulatory requirements.

Data at rest is encrypted using AES-256. All data in transit is encrypted using TLS 1.3. There is no unencrypted storage or transmission at any layer of the platform.

Every database table enforces Row-Level Security (RLS) policies. Your data is isolated from other organisations at the database layer — not just in application logic.

Despite these measures, no system can guarantee absolute security. If you believe your account has been compromised, contact us immediately at privacy@bestdigitalstrategies.com.au.

We use a small number of third-party infrastructure providers to operate the platform. Each is subject to a data processing agreement and is chosen for its security posture.

We do not use any advertising networks, data brokers, or social media tracking integrations.

Kogira uses only authentication session cookies. These are set by Supabase Auth when you log in and are required for the platform to function.

We do not use advertising cookies, third-party tracking cookies, or analytics cookies. We do not run Google Analytics, Mixpanel, or any similar analytics service on this site.

You can disable cookies in your browser settings, but doing so will prevent you from logging in to the application.

Under Australian privacy law and as a matter of good practice, you have the following rights in relation to the personal information we hold about you.

• Access. You can request a copy of the personal information we hold about you.
• Correction. You can ask us to correct inaccurate or incomplete information.
• Deletion. You can request that we delete your account and associated data. We will fulfil deletion requests within 30 days, subject to any legal obligations to retain certain records.
• Data portability. You can request an export of the data associated with your account in a machine-readable format.
• Objection. You can object to processing of your personal information in certain circumstances.

To exercise any of these rights, email us at privacy@bestdigitalstrategies.com.au. We will respond within a reasonable timeframe and no later than 30 days.

We retain your account data and uploaded documents for as long as your account is active. If you cancel your subscription, your data is retained for 90 days to allow for reactivation, after which it is deleted.

You can request earlier deletion at any time by contacting privacy@bestdigitalstrategies.com.au.

We may retain certain records (such as billing history) for longer periods where required by Australian law.

We may update this policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you by email.

Continued use of Kogira after a policy update constitutes acceptance of the revised policy. We encourage you to review this page periodically.