Privacy Policy

• Account Information: Email address, username, and password for secure access to your account
• Profile Data: Avatar selection and any optional profile details you choose to share
• Health & Habit Data: Vaping frequency, nicotine levels, device types, quit goals, and progress tracking information
• Voice & AI Conversations: Kaivo is voice-first. When you talk with your coach, your microphone audio is streamed in real time to a trusted third-party AI provider to generate spoken responses, and a text transcript of the conversation is stored in your account. Conversations are encrypted in transit and at rest, and are retained for up to 30 days unless you delete them sooner. The provider processes this audio only to generate responses; we do not sell your conversations or use them to build advertising profiles.
• Support Communications: Messages and feedback sent to our support team for assistance

• Usage Data: Features used, screens viewed, actions taken, and session duration to improve your experience
• Device Information: Device model, operating system, app version, and unique device identifiers for technical support
• Performance Data: Crash reports, error logs, and app performance metrics to maintain service quality
• Analytics Data: Aggregated usage patterns and feature engagement to enhance our services
• Notifications: Kaivo schedules reminders (such as daily check-ins and milestones) locally on your device. These on-device notifications don't send your data to a third party. You can disable them at any time through your device settings or within the app.

• Precise location data - We don't track your location
• Contacts or address book - We don't access your contacts
• Photos or media - We don't access your photos unless you explicitly share them
• Voice biometrics - We process the audio of your coaching conversations to power the voice coach, but we don't create voiceprints or use fingerprints, face scans, or other biometric identifiers to identify you

• Create and maintain your account - Secure authentication and profile management
• Generate personalized quit plans - Based on your habits and goals for maximum effectiveness
• Provide AI-powered voice coaching - Real-time spoken conversations and guidance powered by a third-party AI provider
• Track your progress and health improvements - Monitor your journey and celebrate milestones

• Analyze usage patterns - To enhance features and improve user experience
• Debug technical issues - To improve app performance and stability
• Develop new tools and content - To provide more effective quit support
• Conduct research on quitting patterns - Using anonymized data to help more people succeed

• Send important account and security updates - Keep you informed about your account and security
• Provide progress milestones and encouragement - Celebrate your achievements (if you've enabled notifications)
• Respond to support requests - Help you with any questions or issues you encounter
• Send promotional updates - Share new features and content (only with your explicit consent)

We process your data based on:

• Consent: For optional features like marketing emails and push notifications that you can disable anytime
• Contract: To provide the core services you've requested, like account creation, progress tracking, and AI chat support
• Legitimate Interests: For security, fraud prevention, service improvement, and app functionality that benefits all users
• Legal Obligation: When required by law, such as responding to valid legal requests or court orders

We integrate with the following trusted third-party services to provide our app functionality:

• Supabase (Database & Authentication): Stores your account information and app data securely. Privacy policy: https://supabase.com/privacy
• Apple App Store & Google Play (Billing): Subscriptions are purchased and processed through the App Store or Google Play. We never see or store your full payment details. Apple's privacy policy: https://www.apple.com/legal/privacy/; Google's: https://policies.google.com/privacy
• AI Voice Provider: A trusted third-party AI provider powers the real-time voice coach; your conversation audio and transcripts are processed solely to generate responses. We may change providers over time and require each to meet our security and privacy standards.
• Google Play Services: If you downloaded our app from Google Play, Google may collect certain device and usage information as described in their privacy policy at https://policies.google.com/privacy. We do not control Google's data collection practices.

These services operate under their own privacy policies and security standards. We carefully select partners who meet our high standards for data protection and user privacy.

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Controls: Role-based access with multi-factor authentication
• Regular Testing: Security audits and penetration testing
• Secure Infrastructure: SOC 2 compliant hosting providers

• Limited access on need-to-know basis
• Employee confidentiality agreements
• Regular security training
• Incident response procedures

• Access: Request a copy of your personal data
• Correction: Update inaccurate information
• Deletion: Delete your account and associated data
• Portability: Export your data in machine-readable format
• Opt-Out: Disable non-essential data collection

• Right to know what personal information we collect
• Right to delete personal information
• Right to opt-out of data "sales" (we don't sell data)
• Right to non-discrimination for exercising rights

• Right to object to processing
• Right to restrict processing
• Right to lodge complaints with supervisory authorities
• Right to withdraw consent

• Through app settings
• Email: privacy@kaivo.app
• We'll respond within 30 days

• Account and usage data: Retained while your account is active and for up to 12 months after deletion
• AI chat conversations: Automatically deleted after 30 days
• Analytics data: Anonymized and retained for up to 24 months for service improvement
• You can request immediate deletion of all your data by contacting us at privacy@kaivo.app
• Backups: May persist up to 90 days in secure backups
• Legal Holds: Extended retention if required by law

The following data types are collected and shared:

• Personal identifiers (email address, username) - shared with Supabase for authentication
• Health and fitness data (vaping tracking, progress metrics) - stored securely, not shared with third parties
• App activity (features used, preferences) - used internally for service improvement
• Voice & conversation data (microphone audio, transcripts) - processed by a third-party AI provider to power the voice coach
• Subscription and purchase history - processed by the Apple App Store or Google Play

All data is encrypted in transit and at rest. No data is sold to third parties.