Last Modified: 22 August 2023
Thank you for your interest in Kombai, Inc. ("Kombai," "we," "our," or "us"). Kombai provides its users and customers (collectively, “Customers”) access to its generative models that can interpret UI designs and generate high-quality UI designs from them. This Privacy Notice explains how information about you that directly identifies you or that makes you identifiable ("personal information") is collected, used, and disclosed by Kombai in connection with our website at Kombai.com (the "Site") and our application and services offered in connection with the Site (collectively with the Site, the "Services").
This Privacy Policy does not apply to any processing by third-party websites, services, or applications, even if they are accessible through our Services. It does apply to data received by Kombai from such third parties. Please note that this Privacy Notice does not cover or apply to our processing of information about our employees or contractors.
The personal information we collect depends on how you interact with our Services.
When we use the term “personal information” in this Privacy Policy, we mean all information that can be used to identify a natural person, either alone or when combined with other information.
Account Information. When you create a Kombai account, we may collect the personal information you provide, such as your name, email address, personal website, and profile picture. If you enable any phone-based two-factor authentication, we collect a phone number, and you agree to receive text messages from Kombai to enable two-factor authentication when you log in. Message and data rates may apply.
Payment Information. Where we sell products and services through the Services, we may use third-party applications and/or payment processors to process your payments. These third-party applications will collect information from you to process a payment on behalf of Kombai, including your name, email address, mailing address, payment card information, and other billing information. Kombai does not receive or store your payment information, but it may receive and store information associated with your payment information (e.g., the fact that you have paid, the last four digits of your credit card information, and your country of origin).
Communication Information. We may collect personal information from you, such as email address, phone number, mailing address, and marketing preferences, when you request information about the Services, register for our newsletter, or otherwise communicate with us.
Candidate Information. We may post job openings and opportunities on the Services. If you reply to one of these postings or otherwise provide us with your candidacy information, we will collect and process the information you provide.
Service Use Information. We collect the information you provide to the Services for the purpose of providing the Services to you, which may include personal information such as information about your interactions with other users and any content you create or upload when using the Services.
Support and Customer Service Information (including Training and Quality Assurance). We collect the information you provide to our representatives if you email, chat, call, or otherwise interact with Kombai’s sales, customer service, or support personnel. In addition, we may record telephone calls or video conferences between you and our representatives for training or quality assurance purposes.
Surveys, Events, Marketing Program, and Co-Promotional Activities Information. In connection with applying to, interacting with, and participating in any surveys, events, marketing, or partnership programs offered by Kombai and its partners, we may collect and process the information you provide to us, such as name, email address, mailing address, and any information specific to the program, to assess your suitability for participation and administer the program.
Automatic Data Collection. We may collect certain information automatically when you use the Services. This information may include your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile advertising, and other unique identifiers, details about your browser, operating system, or device, location information (inferred from your IP address), internet service provider, pages that you visit before, during and after using the Services, information about the links you click, and information about how you interact with and use the Services.
We may also collect information about your operating system and coding preferences in connection with providing the Services to you.
Cookies, Pixel Tags/Web Beacons, and Analytics Information. We, as well as third parties that may provide content, advertising, or other functionality on or in connection with the Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Services. Technologies are essentially small data files placed on your device that allow us and our partners to record certain information whenever you visit or interact with our Services.
Analytics. We may use Google Analytics and other service providers to collect and process analytics information on our Services. For more information about how Google uses data, please visit www.google.com/policies/privacy/partners/. You can opt out of Google Analytics’ collection and processing of data generated by your use of our website by going to http://tools.google.com/dlpage/gaoptout.
Kombai Customers. If you use our Services on behalf of, or in collaboration with, an organization (e.g., your employer), that organization may provide us with information about you so that we can provision your account.
Third-Party Services and Organizations. We may obtain information about you from other sources, including third-party services and organizations. If you choose to enable third-party services, e.g., Figma, Kombai may access and exchange Service Use Information, Account Information, and Technical Information with the third party on your behalf, in accordance with any permissions granted by you (including your Authorized User(s)).
In this section, we describe all the ways we use your personal data and the legal bases we rely on to do so.
In certain situations, we require your data to pursue our legitimate interests in a way that is reasonable for you to expect as part of running our business and which does not materially affect your rights and freedoms. We have identified below what our legitimate interests are.
When we process your information based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before it is withdrawn. To exercise your rights, see the Contact Us section of this Privacy Policy.
We use the personal information that you provide to us, that we collect (automatically), and that we receive from third parties for a variety of business purposes, including:
1. Providing and managing the Services or information requested, such as:
This includes: the processing of all categories of information except for Candidate Information.
Legal Basis: Performance of the contract with you. Necessary for our legitimate interests to recover debts due to us. Necessary for our legitimate interests to respond to and communicate with you (where we do not have a contractual relationship or legal obligation to do so). Necessary to comply with a legal obligation (including national data protection and consumer protection laws, for example, to respond to requests in relation to personal data processed about the individual)
2. Communicating with you about your account, activities on our Services, Privacy Policy, or changes in the terms of service. This includes: the processing of your Account Information, Communication Information, Service Use Information, Customer Service Information, and Marketing Program and Co-Promotional Activities Information.
Legal Basis: Performance of the contract with you. Necessary to comply with a legal obligation (including national data protection and consumer protection laws).
3. Administering and protecting our business and Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting, internal quality control, and safety and hosting of data).
This includes: the processing of your Account Information, Communication Information, Technical Information, Service Use Information, Marketing Program and Co-Promotional Activities Information, and Customer Service Information.
Legal Basis: Performance of the contract with you. Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud, and in the context of a business reorganization or group restructuring exercise). Necessary to comply with a legal obligation (including national data protection and information security laws)
4. Using data analytics to improve our website, products/Services, marketing, customer relationships, and experiences.
This includes: the processing of your Technical Information, Service Use Information, and Customer Service Information.
Legal Basis: Necessary for our legitimate interests (to define types of customers for our products and Services, to keep our Services updated and relevant, to develop our business, and to inform our marketing strategy).
5. Carrying out surveys for user research and analyzing your feedback.
This includes: the processing of your Surveys and Events Information and Account Information, Communications Information, and Use of Services Information.
Legal Basis: Necessary for our legitimate interests (to study how customers use our products/services and to develop them and grow our business).
6. Make suggestions and recommendations to you about goods or services that may be of interest to you.
This includes: the processing of your Account Information, Communications Information, Service Use Information, and Technical Information.
Legal Basis: Necessary for our legitimate interests (to develop our products/services and grow our business) (where consent is not required by marketing laws – in which case consent shall be relied upon).
7. Contacting customers and prospective customers about products, services, developments, and events we think may be of interest to you.
This includes: the processing of your Account Information and Communication Information.
Legal Basis: In certain situations, we seek consent before sending marketing materials to individuals, and in such cases, consent is our lawful basis for sending marketing to you.
Where we do not obtain consent, we rely on our legitimate interests (to develop our products/services and grow our business) as our lawful basis for sending marketing materials to you.
If you have any questions about our marketing practices or if you would like to withdraw your consent or opt out of the use of your personal information for marketing purposes, you may contact us as set out in the Contact Us section of this Privacy Policy.
8. Delivering relevant content and advertisements to you and measuring or understanding the effectiveness of the advertising we serve to you.
This includes: the processing of your Account Information, Communications Information, Service Use Information, and Technical Information.
Legal Basis: Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business, and to inform our marketing strategy). If required by marketing laws, we seek consent before serving advertisements to individuals, and in such cases, consent is our lawful basis for sending marketing to you.
9. Enforcing our agreements and complying with our legal obligations, including sharing information with law enforcement, the courts, and other authorities.
This could include any personal data we process about you.
Legal Basis: Necessary to comply with a legal obligation (including national data protection, cyber security, and surveillance laws). Necessary for our legitimate interests (to enforce our agreements, to seek professional advice, or to establish, exercise or defend a legal claim).
10. Recruiting and hiring, including considering your candidacy for employment.
This includes: the processing of Candidate Information and Communication Information.
Legal Basis: Necessary for our legitimate interests (to screen candidates and consider your suitability for a position). Entry into a contract with you.
12. De-identifying data and creating aggregated information.
This could include any personal data we process about you.
Legal Basis: Necessary for our legitimate interests (to use personal information to create de-identified and/or aggregated information, such as de-identified demographic information, de-identified location information, and information about the device from which you access our Services. De-identified and/or aggregated information is used for several purposes, including research, industry analysis, analytics, and any other legally permissible purposes.)
13. Enabling your participation in marketing and partnership programs
This includes the processing of your Communication Information and Marketing Program and Co-Promotional Activities Information.
Legal Basis: Performance of a contract with you. Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).
Consent: In certain cases.
We may share any personal information we collect with the following categories of third parties for the purposes described above and as follows:
Other Users of Kombai’s Services. When you use the Services to collaborate or interact with others, we may share certain information with your collaborators.
The Public. Content can be made publicly available by you or others collaborating on it. In such cases, any information about you included in such content is also publicly available. In addition, in connection with your posting of content on Kombai Community, we may publicly share your picture, name, user handle, and Twitter (or other social networking site) handle (to the extent you have provided us with this information).
Service Providers. We may share the personal information we collect about you with our service providers. The categories of service providers to whom we entrust personal information include service providers for: (i) the provision of the Services; (ii) the provision of information, products, and other services you have requested; (iii) marketing and advertising; (iv) payment and transaction processing; (v) customer service activities; and (vi) the provision of IT and related services, and (vii) distributing the Services through regional channel partners.
Your Organization and Administrator. If you access the Services on behalf of an organization (such as with your organization’s domain) or have your account paid for by another party, we will share your information with that organization or paying party at its request and give such organization certain rights over your information. Please note that your information may also be subject to your organization’s privacy policy, and we are not responsible for the privacy or security practices of our customers.
Third-Party Platforms and Services. We will share your personal information with third-party platforms and/or services if you have expressly consented or requested that we do so. Please note we do not endorse, screen or approve, and are not responsible for, the practices or conduct of such third-party services.
Advertising Partners. Through our Services, we allow third-party advertising partners to set Technologies and other tracking tools to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners use this information (and similar information collected from other websites) for the purposes of delivering targeted advertisements to you when you visit third-party services within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.” If you prefer not to share your personal information with third-party advertising partners, you may follow the instructions under the Your Choices heading below.
Disclosures to Protect Us or Others. We will access, preserve, and disclose information we have associated with you to competent law enforcement bodies, regulatory and government agencies, courts, or other third parties if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our or others’ rights, property, or safety; (iii) enforce Kombai’s policies and contracts; (iv) collect amounts owed to us; (v) prevent financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vi) if we, in good faith, believe that disclosure is otherwise necessary or advisable.
Disclosure in the Event of Merger, Sale, or Other Asset Transfer. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred in accordance with our legitimate interests in administering our business as part of such a transaction, as permitted by law and/or contract.
All information processed by us may be transferred, processed, and stored anywhere in the world, in jurisdictions that may have data protection laws that are different from the laws where you live and may be subject to access requests from governments, courts, or law enforcement in those other jurisdictions according to their laws. We endeavor to safeguard your information consistently with the requirements of applicable laws.
Where we transfer your personal information to countries and territories outside of the European Economic Area and the UK, which have been formally recognized as providing an adequate level of protection for personal information, we rely on the relevant “adequacy decisions” from the European Commission and “adequacy regulations” from the Secretary of State in the UK.
Where the transfer is not subject to an adequacy decision or regulations, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Policy.
If you have any questions or concerns related to international data transfers, please contact us using the information set forth below.
General. You have the right to opt out of certain uses of your personal information.
Email. If you receive an unwanted marketing email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future marketing emails.In lieu of such links, you may respond to the email communicating your desire to unsubscribe from the emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to our Terms of Service or this Privacy Policy).
Mobile Devices and Browsers. We may send you push notifications through our mobile application or your browsers. You may at any time opt-out from receiving these types of communications by changing the settings on your mobile device.
Cookies and Interest-Based Advertising. You have the right to decide whether to accept or reject cookies. You can also stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits.
In accordance with applicable law, you may have the right to:
If you would like to exercise any of these rights, please contact us as set forth below.
We will process such requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.
Please note that if you use our Services on behalf of an organization (e.g., your employer), that organization may be responsible for fulfilling the individual rights requests referenced above.
We store the personal information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and/or comply with applicable laws. The specific retention periods depend on the nature of the information and why it is collected and processed, and the nature of the legal requirement.
When we have no ongoing legitimate business need or legal reason to process or retain your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. You may request the deletion of your personal information at any time as noted in “Your Privacy Rights”, above, but that will require you to delete your account with us, as we need your personal data to maintain your account.
We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy.
We may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services or by sending an email to you.
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.
This Supplemental California Privacy Notice only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA provides California residents with the right to know what categories of personal information Kombai has collected about them and whether Kombai disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months. California residents can find this information above, in the respective sections of this Privacy Policy, and below:
Kombai may collect the following Categories of Personal Information:
Kombai Discloses to the following Categories of Third Parties for a Business Purpose:
Sales of Personal Information under the CCPA
As defined by the CCPA, Kombai does not sell personal information of California residents, nor do we have actual knowledge of any sale of personal information of minors under 16 years of age.
Additional Privacy Rights for California Residents
Verification. To protect your privacy, we will take steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include asking you to log in to your account or verify your email address.
If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth below. We will process such requests in accordance with applicable laws.
If you are a resident of Nevada, you have the right to opt out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise your right by contacting us as described below with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. As defined by Nevada Revised Statutes Chapter 603A, we do not currently sell Personal Information of Nevada residents.
Our services are not intended for children under the age of 13. We do not knowingly solicit or collect personal information from children under the age of 13. If we learn that any personal information has been collected inadvertently from a child under 13, we will delete the information as soon as possible. If you believe that we might have collected information from a child under 13, please contact us at privacy@Kombai.io.
If you are located in the European Economic Area, the UK or Canada, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.
We may revise this Privacy Policy from time to time at our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. The date this Privacy Policy was last updated appears at the top of this page.
If you have any questions about this Privacy Policy or our privacy practices, or if you wish to submit a request to exercise your rights as detailed in this Privacy Policy, please contact us at:
Kombai, Inc.
Email: support@Kombai.com