Privacy Policy
Last updated: June 24, 2026
This Privacy Policy explains how Komora CRM ("Komora", "we", "our", or "us") collects, uses, stores, protects, and deletes personal information when schools, administrators, teachers, and students use our CRM platform at https://komora-crm.com/.
Komora does not sell personal data or Google user data. Komora uses Google user data only to provide the Google Calendar synchronization features requested by the user or the user's school.
Information We Collect
Komora may collect and process the following categories of information:
- Account information, such as name, email address, role, school affiliation, and login details.
- CRM data entered by schools, such as students, teachers, groups, lessons, payments, attendance, notes, materials, and schedules.
- Technical information, such as browser type, IP address, access logs, error logs, and security audit records.
- Support communications sent to us by email, messenger, or other support channels.
Google User Data Accessed
If a teacher connects a personal Google Calendar account, Komora requests access only to the Google Calendar data needed to synchronize CRM lessons with that teacher's calendar. Komora may access or process:
- The teacher's Google account email address, used to show which Google Calendar account is connected.
- OAuth access tokens, refresh tokens, token expiry time, and granted scopes, used by Komora's backend to keep the calendar connection working.
- Google Calendar event data for synchronized lesson events, including event ID, title/summary, start time, end time, status, and Komora private event properties used to match a Google event to a CRM lesson.
- Google Calendar incremental sync metadata, such as sync tokens and webhook/watch channel identifiers, used to detect changes in Google Calendar.
Komora currently uses the Google Calendar Events permission
(https://www.googleapis.com/auth/calendar.events) so it can create, update, read, and
delete only calendar events needed for lesson synchronization.
How We Use Google User Data
Komora uses Google user data only for these purposes:
- To create Google Calendar events for lessons scheduled in Komora CRM.
- To update Google Calendar events when a lesson is rescheduled, changed, canceled, or deleted in Komora CRM.
- To read changes made to synchronized Google Calendar events and apply supported time/date changes back to Komora CRM.
- To display the connected Google Calendar account status to the teacher or authorized school administrator.
- To maintain secure OAuth authorization, refresh expired access tokens, renew webhook watches, and troubleshoot sync errors.
Komora does not use Google user data for advertising, profiling, sale of data, or unrelated product analytics. Komora does not use Google user data to develop, improve, or train generalized artificial intelligence or machine learning models.
Data Sharing
Komora does not sell, rent, or trade Google user data. Google user data may be shared only in the limited circumstances below:
- With the connected user's school account inside Komora, so authorized staff can manage lesson scheduling and calendar synchronization.
- With infrastructure and hosting providers that help us operate Komora CRM, such as server, database, storage, monitoring, and backup providers.
- With Google APIs, as required to perform the requested Google Calendar synchronization.
- If required by law, regulation, legal process, or a valid governmental request.
Any third-party service providers are used only to operate, secure, maintain, or support Komora CRM. They are not permitted to use Google user data for their own advertising or unrelated purposes.
Data Storage and Protection
Komora stores CRM and Google Calendar connection data on protected server-side systems. Google OAuth tokens are stored server-side and are not exposed to students or teachers in the browser interface. We protect data using measures such as HTTPS in transit, authentication, role-based access controls, server access restrictions, audit logging where appropriate, and operational monitoring.
Access to school data is limited according to the user's role in Komora. Teachers can connect and manage their own Google Calendar connection, and school administrators can access only the schools they are authorized to manage.
Data Retention and Deletion
Komora retains CRM data and Google Calendar synchronization metadata only for as long as needed to provide the service, comply with legal obligations, resolve disputes, maintain security, and support the school account.
- When a teacher disconnects Google Calendar, Komora disables the connection and removes stored Google OAuth credentials and sync metadata from the active connection record.
- When a school account is terminated, Komora deletes or anonymizes school data according to the school's agreement and applicable legal requirements.
- Users may request deletion or correction of their personal data, including Google Calendar connection data, by contacting [email protected].
- After a verified deletion request, Komora deletes the relevant data unless retention is required by law, security, fraud prevention, billing, or legitimate operational needs.
Google API Limited Use Disclosure
Komora's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
User Choices
- Teachers can choose whether to connect a personal Google Calendar account.
- Teachers can disconnect Google Calendar from their Komora teacher dashboard.
- Users can contact us to request access, correction, export, or deletion of their personal data.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and may notify users through the product or other appropriate channels.
Contact Us
If you have questions about this Privacy Policy or want to request deletion of your data, contact us at [email protected].