Legal

Privacy Policy

Effective: April 17, 2026

1. Introduction

This Privacy Policy describes how Kuru ("Kuru," "we," "our," or "us") collects, uses, shares, and protects personal information in connection with kuru.com and our services (the "Service"). By using the Service, you consent to the practices described here and in our Terms of Service.

2. Information We Collect

Information you provide. Name, email, shipping and billing address, phone number (if provided), vehicle information, build photos, profile content, and order history.

Payment information. Card details are collected and processed directly by our payment processors (Stripe, PayPal, Affirm). Kuru never stores full card numbers or CVV codes on our servers.

Automatically collected. IP address, device and browser type, operating system, referring URLs, pages viewed, time on site, cart activity, and similar analytics data collected via cookies and similar technologies.

From third parties. If you sign in through a third-party provider, we may receive your profile name, email, and avatar as permitted by that provider.

3. How We Use Information

We use personal information to:

  • Process orders, payments, shipping, and returns;
  • Operate, maintain, and improve the Service, including fitment matching and catalog relevance;
  • Communicate with you about orders, accounts, support, and (with consent where required) marketing;
  • Detect, prevent, and investigate fraud, abuse, and security incidents;
  • Comply with legal obligations and enforce our Terms of Service.

4. How We Share Information

Supplier & fulfillment partners. To ship your order, we share your name, address, and order contents with the supplier or warehouse responsible for fulfillment. Many of these partners operate overseas.

Service providers. We use vendors for hosting (Vercel, Neon), payments (Stripe, PayPal, Affirm), email (Resend/Postmark), analytics, error monitoring, and image hosting (Cloudinary). They may process data on our behalf under contractual confidentiality and security obligations.

Legal & safety. We may disclose information when required by law, subpoena, or court order, or when reasonably necessary to protect Kuru, our users, or the public.

Business transfers. In a merger, acquisition, financing, or sale of assets, information may be transferred as part of the transaction, subject to standard confidentiality.

We do not sell your personal information.

5. Cookies & Tracking

We use cookies, local storage, and similar technologies to keep you logged in, remember cart contents, measure performance, and analyze site usage. You can disable cookies in your browser, but parts of the Service (checkout, cart persistence) may not work correctly. We honor Do Not Track where technically feasible.

6. Data Retention

We retain personal information for as long as needed to operate the Service, satisfy legal, tax, or accounting obligations, resolve disputes, and enforce our agreements. Order records are typically retained for at least seven years for accounting and tax purposes.

7. Security

We use industry-standard technical and organizational safeguards, including TLS encryption in transit, encrypted databases, access controls, and regular security review. No system is perfectly secure; we cannot guarantee absolute security and you acknowledge that you provide information at your own risk.

8. Your Rights

Delete your account from the app: open the Kuru mobile app, go to Settings → Account → Delete account, and follow the confirmation prompts. This permanently removes your profile, your posts (builds, photos, reels, stories), your follows, likes, saves, and your messages. It cannot be undone.

Depending on your jurisdiction (including California, the EU/UK, and other regions), you may have the right to access, correct, delete, restrict, or port your personal information, and to object to certain processing. To exercise these rights, email marcagallo11@icloud.com. We will verify your identity before responding and will respond within the timeframes required by applicable law.

California residents (CCPA/CPRA): You have the right to know, delete, correct, and limit use of sensitive personal information, and to opt out of "sharing" for cross-context behavioral advertising. We do not sell personal information.

9. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact marcagallo11@icloud.com and we will delete it.

10. International Transfers

Kuru is based in the United States, and information we collect may be transferred to, processed, and stored in the U.S. or other countries where our service providers operate. These jurisdictions may have data-protection laws different from your own.

11. Third-Party Links

The Service may link to third-party websites or services. We are not responsible for their privacy practices and encourage you to review their policies before providing information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes take effect when posted on this page, and we will update the effective date above.

13. Contact

Privacy questions or requests? Email marcagallo11@icloud.com.

Terms of Service →