Privacy Policy

KuyTools ("we", "us") operates the KuyTools Chrome Extension. This policy explains what data we collect, how we use it, and your rights regarding that data.

The extension collects and processes the following data:

• Platform Authentication Token — Captured from your active AI music platform session to enable batch song creation. Stored locally in your browser's extension storage. Never transmitted to our servers.
• License Key — Your activation code is verified against our server (kuytools.com) to validate your subscription. We store the license key, activation date, and device identifier (a random hash, not your actual device info).
• Extension Settings — Your preferences (genre, mood, language, LLM provider selection) are stored locally in Chrome's storage API. These never leave your browser.

When you use the AI-powered lyrics and style generation features, your prompts are sent to the LLM provider you selected:

• Google Gemini (generativelanguage.googleapis.com)
• Grok (xAI) (api.x.ai)

You provide your own API key for these services. We do not store, transmit, or have access to your API keys — they are stored locally in your browser only. Each provider has its own privacy policy.

The extension communicates with our server (kuytools.com) for:

• License validation and activation status checks
• Version checking for updates
• Genre/artist search and embedding queries

We do not collect browsing history, personal information, or any data beyond what is listed above.

• Local storage: Platform auth tokens, API keys, extension settings, and generated content are stored in Chrome's local extension storage on your device.
• Server storage: Only license keys, activation records, and anonymous device identifiers are stored on our server.

We do not sell, trade, or share your personal data with any third parties. Data is only transmitted to:

• kuytools.com (our server) for license validation
• Your selected LLM provider for AI generation (using your own API key)
• Supported AI music platforms for song creation (using your own account)

The extension requires the following Chrome permissions:

• activeTab, tabs, scripting — To interact with supported AI music platforms for batch song creation
• storage — To save your settings and preferences locally
• downloads — To download generated songs
• sidePanel — To display the extension UI as a side panel
• alarms — For scheduled batch processing
• webRequest — To capture platform authentication tokens from your active session

Local data is deleted when you uninstall the extension or clear Chrome's extension data. Server-side license records are retained for subscription management. To request deletion of your server-side data, contact us at the email below.

For service quality, cost monitoring, and Kids-content compliance, we log metadata for AI generation requests routed through our server (kuytools.com proxy mode):

• What we log: Model used, input/output token counts, latency, error reasons, retry counts, timestamp.
• For Kids content only: The generated response text is scanned for forbidden words (post-generation) and stored to verify compliance. This applies only when systemPrompt indicates Kids subgenre (Lullaby, Nursery, etc.).
• What we DO NOT log: The raw prompt content for non-Kids requests, your account email or full identity (only an internal account_id reference).
• Retention: 90 days for raw rows, then aggregated into daily summaries (no per-request detail) retained 24 months for cost analysis.
• When you bring your own API key (BYOK mode): Requests go directly to the LLM provider — we receive nothing. No observability logging applies.

We are building an opt-in feedback loop where lyrics you rate positively (👍) may be added to a shared reference corpus to improve generation quality for other users. This feature is not yet active — when launched, the following terms apply:

• Opt-IN by default: Disabled until you explicitly enable in Extension Settings → Privacy → "Contribute lyrics to improve KuyTools".
• What is shared: Individual lyric lines (verse/chorus segments) you rated 👍, plus genre and section tags.
• What is NOT shared: Your email, account ID, full song context, original prompt, generation timestamp, or any identifier linking the lyric back to you.
• Purpose limitation: Used only as few-shot retrieval examples during AI generation for other users. NOT used to train any third-party model (Gemini, OpenAI, Cohere, etc.).
• Right to deletion: "Delete my contributions" button in Account Settings will purge your contributed lyrics from the corpus within 24 hours.
• Third-party processing: Corpus is stored in Cloudflare Vectorize (encrypted, US/EU/Asia-Pacific edge locations). Embeddings generated via Cloudflare Workers AI (BGE-small) and Google Gemini (text-embedding-004).

You have the following rights regarding your data:

• Access: Request a copy of all data we hold about you in machine-readable format (JSON). Delivered within 30 days of request.
• Deletion: Request account closure and data deletion. Email account, license records, and observability rows are purged within 30 days. Some payment-related records are retained for accounting/tax compliance per Indonesian regulations.
• Portability: Export your data (account info, license history, generation log summaries) in JSON format.
• Correction: Update incorrect personal information via your account page or by emailing us.
• Objection: Opt out of analytics, observability logging (BYOK mode), or future corpus contribution at any time.

To exercise any of these rights, email admin@kuytools.com with subject "Data Rights Request". Response within 30 days.

We implement industry-standard security measures including HMAC integrity verification, CSRF protection, rate limiting, encrypted communications (HTTPS) for all server interactions, server-side secret peppering for IP hashing, and admin session token hashing at rest.

We may update this policy from time to time. Material changes (new data collection, expanded sharing, or changed retention) will be communicated via email to active users at least 14 days before the change takes effect. Minor revisions (clarifications, security improvements) are posted on this page with an updated revision date.

For questions about this privacy policy or to request data deletion, contact us at:

• Email: admin@kuytools.com

Full business identity (registered name, NIB, physical address) is on file with our payment processors and the Indonesian government per UMK regulations. Email is the canonical channel for all data-rights requests.

Effective: 2026-05-01 (v3) — added LLM observability, forward-looking corpus contribution terms, and explicit data rights.
Previous version: 2026-04-15 (v2).