Privacy Policy

Last updated: 22 April 2026

This policy explains how Koalr Ltd (“we”, “us”, “our”) handles personal data when you visit koalr.ai or join our waitlist. We keep data collection to the minimum needed to run this site.

1. Who we are

Koalr Ltd is the operator of koalr.ai and the data controller for personal data collected through this site. For any privacy question, reach us at privacy@koalr.ai or by post:

Koalr Ltd
PO Box 4321
London WC1N 3AX
United Kingdom

2. What we collect and why

We collect two things, and only two things:

  • Email address — when you submit the waitlist form, so we can email you at launch. We also store a short source tag (e.g. which page or campaign referred you) and the timestamp of your signup.
  • IP address — used transiently to rate-limit the waitlist endpoint (5 requests per minute per IP) and prevent abuse. It is processed by our hosting and rate-limit providers and is not stored in our database alongside your email.

We do not run analytics. We do not set marketing or advertising cookies. We do not use tracking pixels. We do not sell your data.

3. Legal basis (UK GDPR)

  • Waitlist email — your consent (Article 6(1)(a) UK GDPR), given when you submit the form. You can withdraw it at any time (see §6).
  • Rate-limiting IP — our legitimate interests (Article 6(1)(f)) in keeping the site available and preventing automated abuse.

4. Who we share data with

Your data is handled by a small number of processors who operate under written data processing terms. We use the following categories of processor:

  • Database hosting provider — stores your waitlist email, source tag, and signup timestamp.
  • Rate-limiting provider — processes your IP address transiently to count requests and prevent abuse.
  • Site hosting provider — processes standard request logs (including IP and user agent) for operational purposes.

Our waitlist database is hosted in the European Union. Some processors may process data in the United States or other jurisdictions. UK-to-EU transfers rely on the UK-EU adequacy decision; transfers to the United States and other third countries rely on the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or equivalent safeguards. We can provide the current list of named sub-processors on request to privacy@koalr.ai.

We will also disclose data if required by law, court order, or to protect the rights, property, or safety of Koalr or others.

5. How long we keep data

  • Waitlist emails — until launch, plus 12 months, or until you ask us to delete them, whichever is sooner.
  • Rate-limit IP counters — short-lived; rolling windows of minutes, with aggregate counters retained by our rate-limiting provider for operational reporting.
  • Server logs — retained by our site hosting provider for up to 30 days under their standard retention policy.

6. Your rights

Under UK GDPR you have the right to:

  • access a copy of your data;
  • correct data that is wrong;
  • have your data erased (“right to be forgotten”);
  • object to or restrict processing;
  • have your data provided in a portable format;
  • withdraw consent at any time (without affecting earlier processing).

To exercise any of these, email privacy@koalr.ai from the address you signed up with. We aim to respond within 30 days.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK’s data protection regulator, at ico.org.uk.

7. Cookies

We use one strictly necessary cookie to remember your cookie preference. Under the Privacy and Electronic Communications Regulations (PECR), strictly necessary cookies do not require prior consent. We also use localStorage to remember your theme preference. We do not use any analytics or advertising cookies.

8. Security

Traffic to and from the site is encrypted with TLS. Emails are stored in a managed database accessed only from our server using a restricted service credential. Standard security headers (including HSTS, Content Security Policy, X-Frame-Options, Referrer-Policy and Permissions-Policy) are applied on every page. No system is perfectly secure, but we take reasonable steps to protect your data and will notify you promptly if a breach affects you.

9. Children

Koalr is a business-to-business product and is not directed at children. We do not knowingly collect data from anyone under 13. If you believe a child has submitted their email, contact us and we will delete it.

10. Changes

We may update this policy as the product evolves. Material changes will be announced on this page with a new “last updated” date. If you have joined the waitlist, we will email you before any change that materially affects how we use your data.

11. Contact

Questions, requests, or complaints: privacy@koalr.ai.

Koalr

See how your brand shows up in AI search.

© 2026 Koalr Ltd. All rights reserved.

Privacy