Privacy Policy

• Account Information: Email address, username, and password for secure access to your account
• Profile Data: Avatar selection and any optional profile details you choose to share
• Health & Habit Data: Vaping frequency, nicotine levels, device types, quit goals, and progress tracking information
• Community Content: Posts, replies, and reactions you share in community features
• AI Chat Conversations: When you use our AI chat feature, your messages are processed by Google's Gemini API to provide personalized responses and support. Chat conversations are encrypted in transit and at rest. Your conversation data is not used to train AI models and is automatically deleted after 30 days. Google's privacy policy for Gemini is available at https://ai.google.dev/gemini-api/terms.
• Support Communications: Messages and feedback sent to our support team for assistance

• Usage Data: Features used, screens viewed, actions taken, and session duration to improve your experience
• Device Information: Device model, operating system, app version, and unique device identifiers for technical support
• Performance Data: Crash reports, error logs, and app performance metrics to maintain service quality
• Analytics Data: Aggregated usage patterns and feature engagement to enhance our services
• Push Notification Data: We use OneSignal to deliver push notifications about your progress, reminders, and app updates. This service collects your device's push token, notification preferences, and basic device information (operating system, app version). You can disable push notifications at any time through your device settings or within the app. OneSignal's privacy policy is available at https://onesignal.com/privacy_policy.

• Precise location data - We don't track your location
• Contacts or address book - We don't access your contacts
• Photos or media - We don't access your photos unless you explicitly share them
• Biometric data - We don't collect fingerprints, face scans, or other biometric information

• Create and maintain your account - Secure authentication and profile management
• Generate personalized quit plans - Based on your habits and goals for maximum effectiveness
• Provide AI-powered support - Using Google's Gemini API for personalized conversations and guidance
• Track your progress and health improvements - Monitor your journey and celebrate milestones
• Enable community features and connections - Connect with others on similar quit journeys

• Analyze usage patterns - To enhance features and improve user experience
• Debug technical issues - To improve app performance and stability
• Develop new tools and content - To provide more effective quit support
• Conduct research on quitting patterns - Using anonymized data to help more people succeed

• Send important account and security updates - Keep you informed about your account and security
• Provide progress milestones and encouragement - Celebrate your achievements (if you've enabled notifications)
• Respond to support requests - Help you with any questions or issues you encounter
• Send promotional updates - Share new features and content (only with your explicit consent)

We process your data based on:

• Consent: For optional features like marketing emails and push notifications that you can disable anytime
• Contract: To provide the core services you've requested, like account creation, progress tracking, and AI chat support
• Legitimate Interests: For security, fraud prevention, service improvement, and app functionality that benefits all users
• Legal Obligation: When required by law, such as responding to valid legal requests or court orders

We integrate with the following trusted third-party services to provide our app functionality:

• Supabase (Database & Authentication): Stores your account information and app data securely. Privacy policy: https://supabase.com/privacy
• RevenueCat (Subscription Management): Processes subscription payments and manages premium features. Privacy policy: https://www.revenuecat.com/privacy
• OneSignal (Push Notifications): Delivers helpful reminders and updates to your device. Privacy policy: https://onesignal.com/privacy_policy
• Google Gemini API (AI Chat): Powers our AI support chat feature with personalized responses. Privacy policy: https://ai.google.dev/gemini-api/terms
• Google Play Services: If you downloaded our app from Google Play, Google may collect certain device and usage information as described in their privacy policy at https://policies.google.com/privacy. We do not control Google's data collection practices.

These services operate under their own privacy policies and security standards. We carefully select partners who meet our high standards for data protection and user privacy.

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Controls: Role-based access with multi-factor authentication
• Regular Testing: Security audits and penetration testing
• Secure Infrastructure: SOC 2 compliant hosting providers

• Limited access on need-to-know basis
• Employee confidentiality agreements
• Regular security training
• Incident response procedures

• Access: Request a copy of your personal data
• Correction: Update inaccurate information
• Deletion: Delete your account and associated data
• Portability: Export your data in machine-readable format
• Opt-Out: Disable non-essential data collection

• Right to know what personal information we collect
• Right to delete personal information
• Right to opt-out of data "sales" (we don't sell data)
• Right to non-discrimination for exercising rights

• Right to object to processing
• Right to restrict processing
• Right to lodge complaints with supervisory authorities
• Right to withdraw consent

• Through app settings
• Email: privacy@kaivo.app
• We'll respond within 30 days

• Account and usage data: Retained while your account is active and for up to 12 months after deletion
• AI chat conversations: Automatically deleted after 30 days
• Analytics data: Anonymized and retained for up to 24 months for service improvement
• You can request immediate deletion of all your data by contacting us at privacy@kaivo.app
• Backups: May persist up to 90 days in secure backups
• Legal Holds: Extended retention if required by law

The following data types are collected and shared:

• Personal identifiers (email address, username) - shared with Supabase for authentication
• Health and fitness data (vaping tracking, progress metrics) - stored securely, not shared with third parties
• App activity (features used, preferences) - used internally for service improvement
• Device identifiers (for push notifications) - shared with OneSignal
• Subscription and purchase history - shared with RevenueCat for payment processing

All data is encrypted in transit and at rest. No data is sold to third parties.