Legal
Privacy Policy
Last updated: June 02, 2026
Table of contents
- 1. Introduction
- 2. Information We Collect
- 3. Information We Do Not Intentionally Collect
- 4. How We Use Information
- 5. AI Processing
- 6. Third-Party Service Providers and Tooling
- 7. Hosting and International Transfers
- 8. Analytics and Crash Logs
- 9. Emails and Communications
- 10. Payments and Subscriptions
- 11. Public Podcasts and Shared URLs
- 12. Cookies and Website
- 13. Legal Bases for Processing
- 14. Data Retention
- 15. Your Privacy Rights
- 16. Account and Content Deletion
- 17. Children's Privacy
- 18. Security
- 19. Automated Decision-Making
- 20. Do Not Track
- 21. Changes to This Privacy Policy
- 22. Contact Us
1. Introduction
Katavo is operated by Isuru Ranaweera. For purposes of this Privacy Policy, "Katavo," "we," "us," and "our" refer to Isuru Ranaweera operating the Katavo service.
This Privacy Policy explains how we collect, use, store, disclose, and protect personal information when you use the Katavo mobile application, website, and related services collectively, the "Services."
Katavo allows users to perform AI-assisted pocket research, generate research outputs, create AI-generated podcasts, and publish or share generated podcasts.
By using the Services, you acknowledge that your personal information will be handled as described in this Privacy Policy.
If you do not agree with this Privacy Policy, please do not use the Services.
You can contact us at:
2. Information We Collect
We collect information that you provide directly, information generated through your use of the Services, and information received from third-party services.
Account Information
When you create or use an account, we may collect:
- email address;
- display name;
- authentication information managed through Supabase Auth;
- sign-in method, such as email/password, Google, or Apple.
If you sign in using Google or Apple, we may receive your email address and display name from the relevant authentication provider.
Usage and Product Information
We may collect information about how you use the Services, including:
- usage analytics;
- app interactions;
- feature usage;
- session activity;
- technical events;
- error events;
- crash logs;
- approximate diagnostic information;
- research history;
- podcast generation history;
- questions, queries, prompts, and research topics;
- generated research outputs;
- generated podcasts;
- shared podcast URLs.
Payment and Subscription Information
We may collect and process payment-related information, including:
- subscription status;
- entitlement status;
- plan type;
- purchase history;
- credit usage;
- renewal status;
- cancellation status;
- app-store transaction metadata.
Payments and subscriptions are processed through RevenueCat, Apple App Store, and Google Play Store. We do not directly collect or store full payment card numbers.
Public Content
If you publish or share a podcast through Katavo, information associated with that podcast may become public, including:
- podcast title;
- podcast description;
- podcast audio;
- podcast URL;
- generated content included in the podcast;
- any information you choose to include in or publish with the podcast.
Public podcasts may be accessible to anyone, may be indexed by search engines, and may be copied, shared, cached, archived, embedded, downloaded, or redistributed by third parties.
3. Information We Do Not Intentionally Collect
We do not intentionally collect sensitive personal information unless you choose to include it in your prompts, research questions, generated content, account communications, or published podcasts.
You should not submit or publish sensitive personal information unless you are comfortable with the risks associated with processing or public disclosure.
Sensitive information may include information about health, finances, government identification, precise location, passwords, private communications, children, biometric data, racial or ethnic origin, political opinions, religious beliefs, trade union membership, sexual orientation, or other highly sensitive topics.
4. How We Use Information
We use the information we collect to:
- provide, operate, and maintain the Services;
- create and manage user accounts;
- authenticate users;
- generate research outputs;
- generate podcasts;
- publish and share podcasts when requested by users;
- manage subscriptions, plans, entitlements, credits, and payments;
- provide customer support;
- respond to user requests;
- send transactional emails;
- monitor app performance;
- detect, investigate, and fix bugs, crashes, errors, and technical issues;
- analyze product usage;
- improve user experience;
- prevent fraud, abuse, misuse, security incidents, and violations of our Terms;
- enforce our Terms and policies;
- comply with legal obligations;
- protect the rights, safety, and property of Katavo, users, and others.
Katavo may use Inputs, Outputs, prompts, research sessions, generated podcasts, usage data, feedback, and related information to operate, maintain, secure, evaluate, improve, and develop the Services.
Katavo does not train its own machine-learning models on user content.
5. AI Processing
Katavo uses third-party AI, search, retrieval, and infrastructure providers to provide the Services.
When you use Katavo, your prompts, questions, queries, research topics, generated content, podcast content, and related information may be sent to third-party providers so that the Services can generate research outputs, search results, podcast scripts, audio, summaries, or related content.
Katavo may use Inputs, Outputs, prompts, research sessions, generated podcasts, usage data, feedback, and related information to operate, maintain, secure, evaluate, improve, and develop the Services.
Katavo does not train its own machine-learning models on user content.
Third-party AI providers may process your information according to their own terms, privacy policies, security practices, and data-handling procedures.
AI-generated content may be inaccurate, incomplete, fabricated, outdated, misleading, or incorrectly attributed. Sources, citations, references, quotations, and factual statements generated by the Services may also be inaccurate, incomplete, fabricated, outdated, or incorrectly attributed.
You are responsible for reviewing and verifying generated content before relying on it, publishing it, sharing it, or using it for any purpose.
6. Third-Party Service Providers and Tooling
Katavo relies on third-party providers to operate, improve, secure, maintain, and provide the Services. Depending on your use of Katavo, your information may be processed by one or more of the following providers:
- Supabase — authentication, database, storage, and backend services;
- Railway — application hosting and infrastructure;
- PostHog — analytics and product usage analytics;
- Resend — transactional email delivery;
- RevenueCat — subscription and entitlement management;
- Apple App Store — payments, subscriptions, and app distribution;
- Google Play Store — payments, subscriptions, and app distribution;
- OpenAI — AI generation and processing;
- Anthropic — AI generation and processing;
- Google Gemini — AI generation and processing;
- Tavily — search and retrieval services;
- Exa — search and retrieval services.
We may add, remove, or replace service providers from time to time as needed to operate, improve, secure, maintain, and develop the Services.
These providers may process information according to their own privacy policies, security practices, and applicable laws.
7. Hosting and International Transfers
Katavo uses Supabase and Railway for hosting, infrastructure, backend services, and data processing.
Katavo's own primary service infrastructure is intended to be hosted in the Netherlands. However, third-party providers, including AI providers, analytics providers, payment providers, app stores, and infrastructure providers, may process information in other countries.
If you access or use the Services from outside the Netherlands, you acknowledge that your information may be transferred to, stored in, or processed in the Netherlands and other jurisdictions where our service providers operate.
Where required by applicable law, we rely on appropriate legal mechanisms to support international data transfers.
8. Analytics and Crash Logs
We use PostHog to understand how users interact with the Services and to improve the product.
Analytics data may include information such as feature usage, app interactions, session events, device or technical information, and product usage patterns.
We may also collect crash logs, error logs, and diagnostic information to detect, investigate, and fix technical issues.
Analytics data, crash logs, diagnostic logs, error logs, and security logs may be retained for up to one year, unless a longer retention period is required for security, fraud prevention, legal compliance, dispute resolution, enforcement of our Terms, or protection of the Services.
9. Emails and Communications
We may use your email address to send:
- account-related messages;
- login or authentication messages;
- subscription or payment-related messages;
- security notices;
- service updates;
- support responses;
- important administrative messages;
- legal notices.
We use Resend to deliver transactional emails.
We only send marketing communications where permitted by applicable law or where you have consented. You can opt out at any time.
Even if you opt out of marketing communications, we may still send non-marketing messages related to your account, security, transactions, subscriptions, legal notices, or use of the Services.
10. Payments and Subscriptions
Katavo uses RevenueCat to manage subscriptions, entitlements, plans, and payment status.
Payments may be processed through the Apple App Store or Google Play Store. Those providers may collect and process payment information according to their own terms and privacy policies.
Katavo does not directly collect or store full credit card numbers or full payment card details.
We may receive information about your subscription status, plan, entitlements, purchase history, renewal status, cancellation status, and app-store transaction metadata.
11. Public Podcasts and Shared URLs
Katavo may allow you to publish and share generated podcasts.
If you publish or share a podcast, that podcast and related information may become public. Public podcasts may be accessible to anyone, indexed by search engines, shared by third parties, cached, archived, embedded, downloaded, or redistributed outside Katavo.
You are responsible for any information you choose to include in public podcasts or shared podcast URLs.
Do not include private, confidential, sensitive, or personal information in public podcasts unless you are comfortable with that information being publicly accessible.
If you want a public podcast removed from Katavo-controlled systems, you may email:
Please include the relevant URL or identifier and the reason for removal.
Removal from Katavo-controlled systems does not guarantee removal from search engines, third-party caches, archives, downloads, embeds, external websites, or copies made by others.
12. Cookies and Website
Katavo's website is public and does not provide user login.
We do not currently use website analytics or marketing cookies on the public website.
The Katavo mobile application may use technologies necessary to operate the Services, authenticate users, manage sessions, provide app functionality, detect errors, and maintain security.
If we introduce cookies, website analytics, tracking technologies, or marketing technologies in the future, we may update this Privacy Policy or provide additional notice where required.
13. Legal Bases for Processing
If you are located in the European Economic Area, United Kingdom, or another region with similar data protection laws, we process personal information based on one or more legal bases, including:
Performance of a Contract
We process information when necessary to provide the Services, manage your account, generate research outputs, generate podcasts, manage subscriptions, and provide requested features.
Consent
We may process information based on your consent, including where required for certain marketing communications or optional processing.
You may withdraw consent where applicable.
Legitimate Interests
We may process information based on our legitimate interests, including to improve, secure, maintain, evaluate, and develop the Services; prevent abuse; analyze product usage; fix bugs; respond to support requests; and protect our rights and users.
Legal Obligations
We may process information where necessary to comply with applicable laws, regulations, legal processes, tax obligations, accounting requirements, or enforceable governmental requests.
14. Data Retention
We retain personal information for as long as reasonably necessary to provide the Services, maintain accounts, operate the product, comply with legal obligations, resolve disputes, enforce our Terms, prevent abuse, maintain security, and support legitimate business purposes.
In general:
- account information is retained until your account is deleted or retention is otherwise required;
- research history is retained until deleted or until no longer needed;
- podcast generation history is retained until deleted or until no longer needed;
- generated podcasts and shared URLs are retained until deleted, unpublished, or removed, unless retention is required or permitted;
- payment and subscription records may be retained as needed for accounting, tax, legal, fraud-prevention, and app-store purposes;
- analytics data, crash logs, diagnostic logs, error logs, and security logs may be retained for up to one year.
If you request deletion, we will delete applicable information from active systems, subject to legal, security, technical, backup, fraud-prevention, accounting, dispute-resolution, or operational limitations.
Backup copies, logs, cached data, archived data, and third-party copies may persist for a limited period or according to applicable retention cycles.
15. Your Privacy Rights
Depending on where you live, you may have rights regarding your personal information. These may include the right to:
- access personal information we hold about you;
- request correction of inaccurate or incomplete personal information;
- request deletion of personal information;
- request restriction of processing;
- object to certain processing;
- request data portability;
- withdraw consent where processing is based on consent;
- lodge a complaint with a data protection authority.
To exercise privacy rights, contact us at:
We may need to verify your identity before responding to a request.
We will respond to privacy requests as required by applicable law.
If you are located in the Netherlands or the European Union, you may have the right to contact your local data protection authority. In the Netherlands, the data protection authority is the Autoriteit Persoonsgegevens.
16. Account and Content Deletion
You may request account deletion by emailing:
Unless you specifically request deletion of other content, an account deletion request applies to account information only.
If you also want research history, generated podcasts, podcast history, shared podcast URLs, or other content deleted, you must specify that in your request.
We will delete applicable information from active systems after verifying and processing your request, subject to legal, technical, security, backup, fraud-prevention, accounting, dispute-resolution, or operational limitations.
Public podcasts may remain accessible through search engines, third-party caches, archives, embeds, downloads, external websites, or copies made by others even after removal from Katavo-controlled systems.
17. Children's Privacy
The Services are intended for users who are at least 18 years old.
Users who are at least 13 years old but under 18 may use the Services only with the consent and supervision of a parent or legal guardian.
Persons under 13 years old may not use or register for the Services.
Parents or legal guardians may contact us at:
regarding a child's personal information, account, or use of the Services.
If we become aware that we have collected personal information from a person under 13 without appropriate consent, we may delete that information and terminate the account.
18. Security
We use reasonable technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, disclosure, or destruction.
However, no method of transmission over the internet, mobile networks, cloud infrastructure, or electronic storage is completely secure.
We cannot guarantee absolute security of your personal information.
You are responsible for keeping your account credentials secure and for preventing unauthorized access to your account.
19. Automated Decision-Making
Katavo uses artificial intelligence to generate research outputs and podcasts.
We do not use automated decision-making to make legal, financial, employment, credit, insurance, housing, or similarly significant decisions about you.
Generated content is produced in response to user inputs and should not be treated as verified fact, professional advice, or a decision made by Katavo about any individual.
20. Do Not Track
Some browsers or devices offer "Do Not Track" signals.
Because there is no uniform standard for recognizing or responding to such signals, we do not currently respond to "Do Not Track" signals.
21. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
When we update it, we will revise the "Last updated" date above.
If we make material changes, we may provide additional notice where required by applicable law, such as through the Services or by email.
Your continued use of the Services after an updated Privacy Policy becomes effective means that you acknowledge the updated Privacy Policy.
22. Contact Us
If you have questions, requests, complaints, or concerns about this Privacy Policy or our handling of personal information, contact us at: