Privacy Policy

Effective Date: [01.01.2025]

Your privacy is important to us. This Privacy Policy explains how Tim Karlowitz ("we," "us," or "our") collects, uses, processes, and protects your personal information when you use the Kairos application and related services ("Service"). By using our Service, you consent to the practices described in this policy.

1. INFORMATION WE COLLECT

1.1 Account Information

When you create an account, we collect:

  • Email addresses (through Google Sign-In or Apple Sign-In)
  • Profile pictures (from OAuth providers)
  • User IDs (internal Django IDs)
  • Registration metadata (date, completion status)
  • Account status (Active, Suspended, Deletion Requested)
  • Marketing consent (explicit opt-in with timestamp)

1.2 Journal and Content Data

Your personal content includes:

  • Text content of journal entries
  • Mood selections (Super, Good, Okay, Bad, Terrible)
  • Creation and modification timestamps
  • Template-based entries (structured prompts and responses)
  • Audio recordings (voice notes for journals)
  • Images and photos attached to journals
  • Handwritten notes and their text extraction
  • File metadata (names, sizes, upload timestamps)

1.3 Goal and Analytics Data

We collect information about your goals and app usage:

  • Goal titles, descriptions, and progress percentages
  • Completion status and version history
  • Life area categorization
  • Journal creation frequency and app usage patterns
  • Feature engagement metrics and streak calculations
  • Mood trend analysis

1.4 Canvas and Visual Content

For visual journal boards:

  • Canvas boards (public/private designation)
  • Image, text, and sticker elements with positioning data
  • Styling and layout information
  • Sharing settings and access permissions

1.5 Technical and Location Data

We automatically collect:

  • IP addresses (stored in Profile model)
  • Country codes (ISO format)
  • Timezone information (user-configurable)
  • Device information (via Expo Device API)
  • GeoIP data (via Django GeoIP2)
  • OAuth tokens (Google, Apple) and JWT tokens
  • Session data (secure storage)
  • Expo push tokens for notifications

1.6 Payment and Subscription Data

Through RevenueCat integration:

  • Subscription status and events (purchases, renewals, cancellations)
  • Pro feature access control
  • Payment processing data (handled by App Store/Google Play)
  • Webhook data for subscription updates

2. HOW WE USE YOUR INFORMATION

2.1 Service Provision

We use your information to:

  • Provide and maintain the Kairos journaling and personal development features
  • Process and store your journal entries, goals, and media content
  • Authenticate your account and manage user sessions
  • Enable cross-device synchronization of your data
  • Process subscription payments and manage Pro features

2.2 AI Processing and Insights

We process your content using artificial intelligence to provide:

  • Sentiment analysis scores for your journal entries
  • AI-generated summaries and insights
  • Key topics extraction from your content
  • Goal analysis and personalized suggestions
  • Audio transcription (via OpenAI Whisper) with confidence scores
  • Text extraction from handwritten content (via Azure Document Intelligence)

2.3 Communication and Support

We use your information to:

  • Send push notifications (journal reminders, goal alerts, streak notifications)
  • Provide customer support and respond to your inquiries
  • Send transactional emails related to your account
  • Send marketing communications (only with explicit consent)
  • Track feedback email interactions

2.4 Analytics and Improvement

We analyze usage patterns to:

  • Improve app performance and user experience
  • Understand feature engagement and usage trends
  • Calculate streaks and provide mood trend analysis
  • Develop new features and functionality
  • Monitor app security and prevent abuse

3. LEGAL BASIS FOR PROCESSING (GDPR)

3.1 Consent

We process certain data based on your explicit consent, including marketing communications (with timestamped consent records) and optional location-based features.

3.2 Contractual Necessity

Processing is necessary to perform our contract with you under the Terms of Service, including providing journaling features, AI insights, and account management.

3.3 Legitimate Interests

We have legitimate interests in improving our Service, ensuring security, preventing fraud, and conducting analytics to enhance user experience.

3.4 Legal Obligations

We may process data to comply with legal obligations, such as responding to lawful requests from authorities or enforcing our Terms of Service.

4. DATA SHARING AND THIRD-PARTY SERVICES

4.1 AI and Processing Services

We share data with AI service providers:

  • OpenAI: For GPT models, audio transcription (Whisper), and AI insights
  • Google Gemini: For AI analysis and content processing
  • Azure Document Intelligence: For OCR processing and handwriting recognition

4.2 Authentication and Infrastructure

We work with platform providers:

  • Google Services: Google Sign-In (OAuth), Firebase (push notifications)
  • Apple Services: Apple Sign-In, App Store Connect
  • Expo: App hosting, push notifications, and device APIs
  • Redis and Celery: Background task processing and queuing

4.3 Payment Processing

RevenueCat: Manages subscription analytics, purchase events, and Pro feature access. Payment processing is handled directly by Apple App Store and Google Play Store.

4.4 Data Sharing Principles

We Never Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Data sharing is limited to service provision and occurs under strict contractual agreements.

4.5 Canvas Sharing

Canvas boards can be shared via direct links. While these are private by default, anyone with access to a shared link can view the content. You control the distribution of these links.

5. DATA STORAGE AND SECURITY

5.1 Storage Methods

Your data is stored using:

  • Local secure storage (Expo SecureStore) for sensitive authentication data
  • Encrypted database storage (PostgreSQL/SQLite with Django ORM)
  • File storage with UUID-based paths for media content
  • Secure token management for authentication and sessions

5.2 Security Measures

We implement multiple security layers:

  • End-to-end encryption for sensitive data transmission
  • Secure HTTPS connections for all communications
  • Regular security audits and updates
  • Access controls and authentication requirements
  • Background task processing with secure queuing (Celery/Redis)

5.3 International Data Transfers

Your data may be processed on servers located in different countries. We ensure adequate safeguards are in place for international transfers, including appropriate data protection agreements with our service providers.

6. DATA RETENTION AND DELETION

6.1 Retention Periods

We retain your data as follows:

  • Journal entries and media files: Indefinite (until user deletion)
  • Goal and analytics data: Indefinite (aggregated)
  • Session tokens: 14 days (refresh tokens)
  • Account information: Until account deletion or legal requirements

6.2 Account Deletion Process

We implement a comprehensive deletion system:

  • Soft deletion system with deletion request tracking and timestamps
  • Scheduled deletion capability for automated cleanup
  • Media file cleanup with soft delete timestamps
  • Complete data removal upon account deletion (accessible through app settings)

6.3 Data Export

You can access and export your content through the app's sharing features. We provide content export capabilities to ensure you maintain access to your journal data.

7. YOUR PRIVACY RIGHTS

7.1 GDPR Rights (EU Residents)

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Data Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for data processing at any time

7.2 Access Controls

Through the app, you can:

  • Access and modify your profile data
  • Export your content through sharing features
  • Manage notification preferences (time, frequency, types)
  • Delete your account and all associated data
  • Control marketing consent settings

7.3 Exercising Your Rights

To exercise any of these rights, contact us at support@journalwithkairos.com. We will respond to your request within 30 days (or as required by applicable law). You may also lodge a complaint with your local data protection authority if you believe your rights have been violated.

8. NOTIFICATIONS AND COMMUNICATIONS

8.1 Push Notifications

We send push notifications for:

  • Daily journal reminders (timezone-aware delivery)
  • Goal progress and milestone alerts
  • Streak maintenance notifications
  • Recap and summary notifications
  • Journal prompts and inspiration

You can manage notification preferences, including timing and frequency, through the app settings.

8.2 Email Communications

We may send emails for:

  • Account-related transactional messages
  • Customer support responses
  • Marketing communications (only with explicit consent)
  • Important service updates and policy changes

9. CHILDREN'S PRIVACY

Kairos is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16 without parental consent, we will delete that information promptly. If you believe we may have collected information from a child under 16, please contact us at support@journalwithkairos.com.

10. COOKIES AND TRACKING

10.1 Limited Tracking

Kairos uses minimal tracking technologies. We do not implement Google Analytics or third-party tracking SDKs. Our analytics are internal and focused on improving app functionality.

10.2 Essential Cookies

We may use essential cookies for authentication, session management, and basic app functionality. These are necessary for the Service to operate properly.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on our website
  • Sending you an email notification (if you have provided an email address)
  • Providing an in-app notification
  • Updating the "Effective Date" at the top of this policy

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.

12. CONTACT INFORMATION

If you have any questions about this Privacy Policy, need to exercise your privacy rights, or want to report a privacy concern, please contact us:

Email: support@journalwithkairos.com
Developer: Tim Karlowitz
Service: Kairos App (journalwithkairos.com)
Response Time: We aim to respond within 30 days

For GDPR-related inquiries, you also have the right to lodge a complaint with your local data protection authority.

Last Updated: [01.01.2025]