Privacy Policy

Effective Date: January 1, 2025

Last Updated: January 1, 2025

Introduction

Welcome to Katakora ("we," "our," or "us"). We are operated by Skysill Company. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform.

By using Katakora, you agree to the collection and use of information in accordance with this policy.


1. Information We Collect

1.1 Information You Provide

  • Account Information: When you create an account, we collect your email address and password (stored securely using industry-standard encryption).
  • Payment Information: When you make purchases, payment details are processed securely by our payment provider, Paystack. We do not store your credit card or banking information on our servers.
  • Communications: Any messages you send to our support team or feedback you provide.

1.2 Information We Collect Automatically

  • Listening Activity: We track which episodes you play, your listening progress, completion status, and play history to provide personalized recommendations and resume functionality.
  • Device Information: We assign a unique device identifier (stored in a secure cookie) to manage your daily play limits and provide a seamless experience across sessions.
  • Usage Data: Information about how you interact with our platform, including pages visited, features used, and session duration.
  • Technical Data: IP address, browser type, operating system, device type, and timestamp information.

1.3 Information from Third Parties

  • Payment Providers: Transaction confirmations and payment status from Paystack.
  • Content Delivery Networks: Cloudinary processes and delivers audio files on our behalf.

2. How We Use Your Information

We use the information we collect to:

  • Provide and improve our services: Enable playback, track your progress, manage subscriptions and access passes.
  • Personalize your experience: Recommend content based on your listening history.
  • Process payments: Facilitate transactions for access passes and subscriptions.
  • Enforce usage limits: Manage tier-based daily play limits (guest, free, premium).
  • Communicate with you: Send service-related notifications, updates, and respond to your inquiries.
  • Ensure platform security: Detect and prevent fraud, abuse, and unauthorized access.
  • Comply with legal obligations: Respond to legal requests and enforce our Terms of Service.
  • Analyze and improve: Understand how users interact with our platform to enhance features and performance.

3. Data Storage and Security

3.1 Where We Store Your Data

  • Database: User account information, play history, and subscription data are stored in MongoDB.
  • Cache Layer: Session data, play limits, and resume positions are temporarily stored in Redis (Upstash) with automatic expiration.
  • Media Storage: Audio files are stored and delivered via Cloudinary with signed URLs for secure access.

3.2 How We Protect Your Data

We implement industry-standard security measures including:

  • Encrypted password storage (bcrypt or similar hashing)
  • HTTPS encryption for all data transmission
  • Secure, httpOnly cookies to prevent client-side access
  • Access controls and regular security audits
  • Signed URLs with time-limited access for audio content

However, no method of transmission over the internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.


4. Data Sharing and Disclosure

We do not sell your personal information. We may share your data only in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our platform:

  • Paystack: Payment processing
  • Cloudinary: Audio file storage and delivery
  • Hosting providers: Server infrastructure

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

4.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to:

  • Enforce our Terms of Service
  • Protect our rights, privacy, safety, or property
  • Prevent fraud or security issues

4.3 Business Transfers

If Skysill Company is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is subject to a different privacy policy.


5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Specifically:

  • Account data: Retained until you delete your account
  • Play history: Retained indefinitely unless you request deletion
  • Session data (Redis): Automatically expires within 48 hours
  • Payment records: Retained for accounting and legal compliance (typically 7 years)

You may request deletion of your data at any time by contacting us at [CONTACT EMAIL].


6. Your Rights and Choices

6.1 Access and Correction

You can access and update your account information at any time through your account settings.

6.2 Data Deletion

You may request deletion of your personal data by contacting us at [CONTACT EMAIL]. Note that we may retain certain information as required by law or for legitimate business purposes.

6.3 Opt-Out of Communications

You can opt out of promotional emails by following the unsubscribe link in any email we send. You cannot opt out of service-related communications (e.g., payment confirmations, security alerts).

6.4 Cookie Management

You can disable cookies in your browser settings, but this may limit your ability to use certain features of our platform.

6.5 Nigeria Data Protection Regulation (NDPR) Rights

If you are a resident of Nigeria, you have the right to:

  • Request access to your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to processing of your data
  • Request data portability
  • Withdraw consent at any time

To exercise these rights, contact us at [CONTACT EMAIL].


7. Children's Privacy

Our platform is available to users of all ages. However, users under the age of 18 must have parental or guardian consent to create an account and use our services.

We do not knowingly collect personal information from children under 13 without verifiable parental consent. If we discover that we have collected information from a child under 13 without proper consent, we will delete that information immediately.

Parents or guardians who believe their child has provided personal information without consent should contact us at [CONTACT EMAIL].


8. International Data Transfers

Your information may be transferred to and processed in countries other than Nigeria. We ensure that such transfers comply with applicable data protection laws and that your data receives adequate protection.


9. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.


10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by:

  • Posting the new policy on our platform
  • Updating the "Last Updated" date
  • Sending an email notification (for material changes)

Your continued use of Katakora after changes are posted constitutes your acceptance of the updated policy.


11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Skysill Company
Email: [CONTACT EMAIL]
Address: [BUSINESS ADDRESS]

For data protection inquiries specific to Nigeria NDPR compliance, contact: [CONTACT EMAIL]


12. Governing Law

This Privacy Policy is governed by the laws of the Federal Republic of Nigeria. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of Nigerian courts.


By using Katakora, you acknowledge that you have read and understood this Privacy Policy.